From ae1dfb980aebd4aab8f3f43adf67f5970eee61ab Mon Sep 17 00:00:00 2001 From: Anna Khmelnitsky Date: Mon, 5 Oct 2020 14:07:48 -0700 Subject: [PATCH 1/2] Fix VRF configuration issues * Mark inter_sr_ibgp and multipath_relax as computed for sake of vrf gateways. Defer assigning defaults for these settings to NSX. * Remove default local_as_num setting, since for VRF this setting will be auto-assigned, and cause subsequent plan diff. * Clarify VRF usage and add examples in documentation. In particular, point out that explicit dependency needs to be created in VRF interface, to avoid deletion issue. --- nsxt/resource_nsxt_policy_tier0_gateway.go | 17 ++--- ...resource_nsxt_policy_tier0_gateway_test.go | 1 + .../docs/r/policy_tier0_gateway.html.markdown | 65 +++++++++++++------ ...licy_tier0_gateway_interface.html.markdown | 19 ++++++ 4 files changed, 70 insertions(+), 32 deletions(-) diff --git a/nsxt/resource_nsxt_policy_tier0_gateway.go b/nsxt/resource_nsxt_policy_tier0_gateway.go index 7409a9439..71d209201 100644 --- a/nsxt/resource_nsxt_policy_tier0_gateway.go +++ b/nsxt/resource_nsxt_policy_tier0_gateway.go @@ -37,7 +37,6 @@ var policyVRFRouteValues = []string{ var policyBGPGracefulRestartTimerDefault = 180 var policyBGPGracefulRestartStaleRouteTimerDefault = 600 -var policyBGPLocalAsNumDefault = "65000" func resourceNsxtPolicyTier0Gateway() *schema.Resource { @@ -155,20 +154,19 @@ func getPolicyBGPConfigSchema() map[string]*schema.Schema { Type: schema.TypeBool, Description: "Enable inter SR IBGP configuration", Optional: true, - Default: true, + Computed: true, }, "local_as_num": { Type: schema.TypeString, Description: "BGP AS number in ASPLAIN/ASDOT Format", Optional: true, - Default: policyBGPLocalAsNumDefault, //NOTE: empty string disables ValidateFunc: validateASPlainOrDot, }, "multipath_relax": { Type: schema.TypeBool, Description: "Flag to enable BGP multipath relax option", Optional: true, - Default: true, + Computed: true, }, "route_aggregation": { Type: schema.TypeList, @@ -603,21 +601,16 @@ func resourceNsxtPolicyTier0GatewayBGPConfigSchemaToStruct(cfg interface{}, isVr Revision: &revision, } - if !isVrf { + if isVrf { // backend complains if the below config appears on VRF gateway. // We print a warning if property differs from default - if !interSrIbgp { - log.Printf("[WARNING] BGP setting inter_sr_ibgp is not applicable for VRF gateway %s, and will be ignored", gwID) - } - if localAsNum != policyBGPLocalAsNumDefault { + if localAsNum != "" { log.Printf("[WARNING] BGP setting local_as_num is not applicable for VRF gateway %s, and will be ignored", gwID) } - if !multipathRelax { - log.Printf("[WARNING] BGP setting multipath_relax is not applicable for VRF gateway %s, and will be ignored", gwID) - } if (restartMode != model.BgpGracefulRestartConfig_MODE_HELPER_ONLY) || (restartTimer != int64(policyBGPGracefulRestartStaleRouteTimerDefault)) || (staleTimer != int64(policyBGPGracefulRestartStaleRouteTimerDefault)) { log.Printf("[WARNING] BGP graceful restart settings are not applicable for VRF gateway %s, and will be ignored", gwID) } + } else { routeStruct.InterSrIbgp = &interSrIbgp routeStruct.LocalAsNum = &localAsNum routeStruct.MultipathRelax = &multipathRelax diff --git a/nsxt/resource_nsxt_policy_tier0_gateway_test.go b/nsxt/resource_nsxt_policy_tier0_gateway_test.go index 80f41b5ca..32ba966c1 100644 --- a/nsxt/resource_nsxt_policy_tier0_gateway_test.go +++ b/nsxt/resource_nsxt_policy_tier0_gateway_test.go @@ -506,6 +506,7 @@ resource "nsxt_policy_tier0_gateway" "test" { bgp_config { local_as_num = "60000" + inter_sr_ibgp = true multipath_relax = true route_aggregation { prefix = "12.12.12.0/24" diff --git a/website/docs/r/policy_tier0_gateway.html.markdown b/website/docs/r/policy_tier0_gateway.html.markdown index b71c22363..5e0f9309b 100644 --- a/website/docs/r/policy_tier0_gateway.html.markdown +++ b/website/docs/r/policy_tier0_gateway.html.markdown @@ -7,7 +7,7 @@ description: A resource to configure a Tier-0 gateway on NSX Policy manager. # nsxt_policy_tier0_gateway -This resource provides a method for the management of a Tier-0 gateway. +This resource provides a method for the management of a Tier-0 gateway or VRF-Lite gateway. This resource is applicable to NSX Global Manager, NSX Policy Manager and VMC. @@ -38,17 +38,6 @@ resource "nsxt_policy_tier0_gateway" "tier0_gw" { } } - vrf_config { - gateway_path = data.nsxt_policy_tier0_gateway.vrf.path - route_distinguisher = "62000:10" - evpn_transit_vni = 76001 - route_target { - auto_mode = false - import_targets = ["62000:2"] - export_targets = ["62000:3", "10.2.2.0:3"] - } - } - redistribution_config { enabled = true rule { @@ -64,6 +53,42 @@ resource "nsxt_policy_tier0_gateway" "tier0_gw" { } ``` +## VRF-Lite Example Usage + +```hcl +resource "nsxt_policy_tier0_gateway" "vrf-blue" { + description = "Tier-0 VRF provisioned by Terraform" + display_name = "Tier0-vrf" + failover_mode = "PREEMPTIVE" + default_rule_logging = false + enable_firewall = true + ha_mode = "ACTIVE_STANDBY" + internal_transit_subnets = ["102.64.0.0/16"] + transit_subnets = ["101.64.0.0/16"] + edge_cluster_path = data.nsxt_policy_edge_cluster.EC.path + + bgp_config { + ecmp = true + + route_aggregation { + prefix = "12.10.10.0/24" + } + } + + vrf_config { + gateway_path = data.nsxt_policy_tier0_gateway.parent.path + route_distinguisher = "62000:10" + evpn_transit_vni = 76001 + route_target { + auto_mode = false + import_targets = ["62000:2"] + export_targets = ["62000:3", "10.2.2.0:3"] + } + } +} +``` + + ## Global manager example usage ```hcl resource "nsxt_policy_tier0_gateway" "tier0_gw" { @@ -100,7 +125,7 @@ The following arguments are supported: * `description` - (Optional) Description of the resource. * `tag` - (Optional) A list of scope + tag pairs to associate with this Tier-0 gateway. * `nsx_id` - (Optional) The NSX ID of this resource. If set, this ID will be used to create the policy resource. -* `edge_cluster_path` - (Optional) The path of the edge cluster where the Tier-0 is placed. Must be specified when `bgp_config` is enabled. This argument is not applicable for NSX Global Manager - use locale-services clause instead. +* `edge_cluster_path` - (Optional) The path of the edge cluster where the Tier-0 is placed. Must be specified when `bgp_config` is enabled. This argument is not applicable to NSX Global Manager - use locale-services clause instead. * `locale_service` - (Optional) This is required for NSX Global Manager only. Multiple locale services can be specified for multiple locations. * `edge_cluster_path` - (Required) The path of the edge cluster where the Tier-0 is placed. * `preferred_edge_paths` - (Optional) Policy paths to edge nodes. Specified edge is used as preferred edge cluster member when failover mode is set to `PREEMPTIVE`. @@ -114,16 +139,16 @@ The following arguments are supported: * `internal_transit_subnets` - (Optional) Internal transit subnets in CIDR format. At most 1 CIDR. * `transit_subnets` - (Optional) Transit subnets in CIDR format. * `dhcp_config_path` - (Optional) Policy path to DHCP server or relay configuration to use for this gateway. -* `bgp_config` - (Optional) The BGP configuration for the Tier-0 gateway. When enabled a valid `edge_cluster_path` must be set on the Tier-0 gateway. This clause is not applicable for Global Manager - use `nsxt_policy_bgp_config` resource instead. +* `bgp_config` - (Optional) The BGP configuration for the Tier-0 gateway. When enabled a valid `edge_cluster_path` must be set on the Tier-0 gateway. This clause is not applicable to Global Manager - use `nsxt_policy_bgp_config` resource instead. * `tag` - (Optional) A list of scope + tag pairs to associate with this Tier-0 gateway's BGP configuration. * `ecmp` - (Optional) A boolean flag to enable/disable ECMP. Default is `true`. * `enabled` - (Optional) A boolean flag to enable/disable BGP. Default is `true`. - * `inter_sr_ibgp` - (Optional) A boolean flag to enable/disable inter SR IBGP configuration. Default is `true`. - * `local_as_num` - (Optional) BGP AS number in ASPLAIN/ASDOT Format. Default is `65000`. - * `multipath_relax` - (Optional) A boolean flag to enable/disable multipath relax for BGP. Default is `true`. - * `graceful_restart_mode` - (Optional) Setting to control BGP graceful restart mode, one of `DISABLE`, `GR_AND_HELPER`, `HELPER_ONLY`. - * `graceful_restart_timer` - (Optional) BGP graceful restart timer. Default is `180`. - * `graceful_restart_stale_route_timer` - (Optional) BGP stale route timer. Default is `600`. + * `inter_sr_ibgp` - (Optional) A boolean flag to enable/disable inter SR IBGP configuration. Default is `true`. This setting is not applicable to VRF-Lite Gateway. + * `local_as_num` - (Optional) BGP AS number in ASPLAIN/ASDOT Format. This setting is not applicable to VRF-Lite Gateway. + * `multipath_relax` - (Optional) A boolean flag to enable/disable multipath relax for BGP. Default is `true`. This setting is not applicable to VRF-Lite Gateway. + * `graceful_restart_mode` - (Optional) Setting to control BGP graceful restart mode, one of `DISABLE`, `GR_AND_HELPER`, `HELPER_ONLY`. This setting is not applicable to VRF-Lite Gateway. + * `graceful_restart_timer` - (Optional) BGP graceful restart timer. Default is `180`. This setting is not applicable to VRF-Lite Gateway. + * `graceful_restart_stale_route_timer` - (Optional) BGP stale route timer. Default is `600`. This setting is not applicable to VRF-Lite Gateway. * `route_aggregation`- (Optional) Zero or more route aggregations for BGP. * `prefix` - (Required) CIDR of aggregate address. * `summary_only` - (Optional) A boolean flag to enable/disable summarized route info. Default is `true`. diff --git a/website/docs/r/policy_tier0_gateway_interface.html.markdown b/website/docs/r/policy_tier0_gateway_interface.html.markdown index 720311f5e..036931119 100644 --- a/website/docs/r/policy_tier0_gateway_interface.html.markdown +++ b/website/docs/r/policy_tier0_gateway_interface.html.markdown @@ -9,6 +9,8 @@ description: A resource to configure an Interface on Tier-0 gateway on NSX Polic This resource provides a method for the management of a Tier-0 gateway Interface. Note that edge cluster must be configured on Tier-0 Gateway in order to configure interfaces on it. +~> **NOTE:** When configuring VRF-Lite interfaces, please specify explicit dependency on parent Tier-0 Gateway interface(see VRF interface example below). This will ensure correct order of object deletion. + This resource is applicable to NSX Global Manager, NSX Policy Manager and VMC. # Example Usage @@ -39,6 +41,23 @@ resource "nsxt_policy_tier0_gateway_interface" "if1" { } ``` +# VRF Interface Example Usage + +```hcl +resource "nsxt_policy_tier0_gateway_interface" "red_vrf_uplink1" { + display_name = "Uplink-01" + type = "EXTERNAL" + edge_node_path = data.nsxt_policy_edge_node.edge_node_1.path + gateway_path = nsxt_policy_tier0_gateway.red_vrf.path + segment_path = nsxt_policy_vlan_segment.vrf_trunk_1.path + access_vlan_id = 112 + subnets = ["192.168.112.254/24"] + mtu = 1500 + + depends_on = [nsxt_policy_tier0_gateway_interface.parent_uplink1] +} +``` + ## Argument Reference The following arguments are supported: From 8468a7ab1d52b8ca406e49cbf5ebaacae0fca1d3 Mon Sep 17 00:00:00 2001 From: Anna Khmelnitsky Date: Tue, 6 Oct 2020 16:20:11 -0700 Subject: [PATCH 2/2] Clarify docs on BGP local_as_num and fix test --- nsxt/resource_nsxt_policy_bgp_config_test.go | 5 +++-- website/docs/r/policy_bgp_config.html.markdown | 2 +- website/docs/r/policy_tier0_gateway.html.markdown | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/nsxt/resource_nsxt_policy_bgp_config_test.go b/nsxt/resource_nsxt_policy_bgp_config_test.go index 507e72ed6..7827ef6b6 100644 --- a/nsxt/resource_nsxt_policy_bgp_config_test.go +++ b/nsxt/resource_nsxt_policy_bgp_config_test.go @@ -157,8 +157,9 @@ resource "nsxt_policy_tier0_gateway" "test" { } resource "nsxt_policy_bgp_config" "test" { - gateway_path = nsxt_policy_tier0_gateway.test.path - site_path = data.nsxt_policy_site.site1.path + gateway_path = nsxt_policy_tier0_gateway.test.path + site_path = data.nsxt_policy_site.site1.path + local_as_num = 65001 } data "nsxt_policy_realization_info" "realization_info" { diff --git a/website/docs/r/policy_bgp_config.html.markdown b/website/docs/r/policy_bgp_config.html.markdown index 10f744c7f..f3d174c36 100644 --- a/website/docs/r/policy_bgp_config.html.markdown +++ b/website/docs/r/policy_bgp_config.html.markdown @@ -40,7 +40,7 @@ The following arguments are supported: * `ecmp` - (Optional) A boolean flag to enable/disable ECMP. Default is `true`. * `enabled` - (Optional) A boolean flag to enable/disable BGP. Default is `true`. * `inter_sr_ibgp` - (Optional) A boolean flag to enable/disable inter SR IBGP configuration. Default is `true`. - * `local_as_num` - (Optional) BGP AS number in ASPLAIN/ASDOT Format. Default is `65000`. + * `local_as_num` - (Optional) BGP AS number in ASPLAIN/ASDOT Format. This attribute is required for non-VRF configurations. * `multipath_relax` - (Optional) A boolean flag to enable/disable multipath relax for BGP. Default is `true`. * `graceful_restart_mode` - (Optional) Setting to control BGP graceful restart mode, one of `DISABLE`, `GR_AND_HELPER`, `HELPER_ONLY`. * `graceful_restart_timer` - (Optional) BGP graceful restart timer. Default is `180`. diff --git a/website/docs/r/policy_tier0_gateway.html.markdown b/website/docs/r/policy_tier0_gateway.html.markdown index 5e0f9309b..ccd63e026 100644 --- a/website/docs/r/policy_tier0_gateway.html.markdown +++ b/website/docs/r/policy_tier0_gateway.html.markdown @@ -144,7 +144,7 @@ The following arguments are supported: * `ecmp` - (Optional) A boolean flag to enable/disable ECMP. Default is `true`. * `enabled` - (Optional) A boolean flag to enable/disable BGP. Default is `true`. * `inter_sr_ibgp` - (Optional) A boolean flag to enable/disable inter SR IBGP configuration. Default is `true`. This setting is not applicable to VRF-Lite Gateway. - * `local_as_num` - (Optional) BGP AS number in ASPLAIN/ASDOT Format. This setting is not applicable to VRF-Lite Gateway. + * `local_as_num` - (Optional) BGP AS number in ASPLAIN/ASDOT Format. This setting is not applicable to VRF-Lite Gateway, and is required otherwise. * `multipath_relax` - (Optional) A boolean flag to enable/disable multipath relax for BGP. Default is `true`. This setting is not applicable to VRF-Lite Gateway. * `graceful_restart_mode` - (Optional) Setting to control BGP graceful restart mode, one of `DISABLE`, `GR_AND_HELPER`, `HELPER_ONLY`. This setting is not applicable to VRF-Lite Gateway. * `graceful_restart_timer` - (Optional) BGP graceful restart timer. Default is `180`. This setting is not applicable to VRF-Lite Gateway.