exit: store VLAN interface addresses in NetBox
… instead of generating them from prefixes. A NetBox script can be used to create and configure all necessary data for a new VLAN. Instead of VLAN roles “inside" and “outside” we now create separate VRFs for inside VLANs to match the actual exit/firewall configuration. The “outside” VRF is for all VLANs that are directly accessible from the internet.
This commit is contained in:
parent
ece3b8a377
commit
db397cb2b1
7 changed files with 32 additions and 51 deletions
|
|
@ -2,10 +2,8 @@
|
|||
| map(attribute='ip_addresses') | first
|
||||
| selectattr('role') | selectattr('role.value', '==', 'loopback')
|
||||
| map(attribute='address') %}
|
||||
{% set my_index = inventory_hostname.split('-')[1]|int %}
|
||||
{% set bridge = interfaces | selectattr('type') | selectattr('type.value', '==', 'bridge') | first %}
|
||||
{% set bridge_vlans = vlans | selectattr('vid', 'in', bridge.tagged_vlans | map(attribute='vid')) -%}
|
||||
{% set inside_vlans = bridge_vlans | selectattr('role.slug', '==', 'inside') -%}
|
||||
{% set inside_vrfs = interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
|
||||
| selectattr('vrf') | map(attribute='vrf') | rejectattr('name', '==', 'outside') -%}
|
||||
|
||||
frr defaults datacenter
|
||||
log syslog informational
|
||||
|
|
@ -159,8 +157,8 @@ router bgp {{ asn.asn }} vrf inside
|
|||
{% endfor %}
|
||||
|
||||
redistribute connected route-map loopback-inside
|
||||
{% for vlan in inside_vlans %}
|
||||
import vrf {{ vlan.name }}
|
||||
{% for vrf in inside_vrfs %}
|
||||
import vrf {{ vrf.name }}
|
||||
{% endfor %}
|
||||
import vrf default
|
||||
import vrf route-map inside-import
|
||||
|
|
@ -181,17 +179,17 @@ router bgp {{ asn.asn }} vrf inside
|
|||
{% endfor %}
|
||||
|
||||
redistribute connected route-map loopback-inside
|
||||
{% for vlan in inside_vlans %}
|
||||
import vrf {{ vlan.name }}
|
||||
{% for vrf in inside_vrfs %}
|
||||
import vrf {{ vrf.name }}
|
||||
{% endfor %}
|
||||
import vrf default
|
||||
import vrf route-map inside-import
|
||||
exit-address-family
|
||||
|
||||
|
||||
{% for vlan in inside_vlans %}
|
||||
# VRF for L2 network {{ vlan.name }}. Imports gateway from inside VRF.
|
||||
router bgp {{ asn.asn }} vrf {{ vlan.name }}
|
||||
{% for vrf in inside_vrfs %}
|
||||
# VRF for L2 network {{ vrf.name }}. Imports gateway from inside VRF.
|
||||
router bgp {{ asn.asn }} vrf {{ vrf.name }}
|
||||
bgp bestpath as-path multipath-relax
|
||||
|
||||
address-family ipv4 unicast
|
||||
|
|
@ -215,8 +213,8 @@ ipv6 prefix-list default permit ::/0
|
|||
ip prefix-list fabric permit 10.34.0.0/24 ge 32
|
||||
ipv6 prefix-list fabric permit 2001:1470:fffd:3400::/64 ge 128
|
||||
|
||||
{% for vlan in inside_vlans %}
|
||||
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vlan_id='~vlan.id, raw_data=true)
|
||||
{% for vrf in inside_vrfs %}
|
||||
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vrf_id='~vrf.id, raw_data=true)
|
||||
| sort(attribute='family.value') %}
|
||||
{% for prefix in prefixes %}
|
||||
{% if prefix.family.value == 4 %}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue