Compare commits
5 commits
3b3e759cc1
...
d3196a48c2
| Author | SHA1 | Date | |
|---|---|---|---|
| d3196a48c2 | |||
| f9f71bb337 | |||
| cafa938da3 | |||
| 8a0113ea49 | |||
| d667a38553 |
5 changed files with 32 additions and 75 deletions
|
|
@ -37,18 +37,8 @@ router bgp {{ asn.asn }}
|
|||
neighbor {{ iface }} bfd 3 150 150
|
||||
{% endfor %}
|
||||
|
||||
address-family ipv4 unicast
|
||||
redistribute connected route-map loopback
|
||||
|
||||
neighbor fabric soft-reconfiguration inbound
|
||||
neighbor fabric route-map fabric->default in
|
||||
neighbor fabric route-map default->fabric out
|
||||
|
||||
import vrf outside
|
||||
import vrf route-map default-import
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
redistribute connected route-map loopback
|
||||
|
||||
neighbor fabric activate
|
||||
|
|
@ -60,6 +50,7 @@ router bgp {{ asn.asn }}
|
|||
import vrf route-map default-import
|
||||
exit-address-family
|
||||
|
||||
{% endfor %}
|
||||
address-family l2vpn evpn
|
||||
advertise-all-vni
|
||||
advertise-default-gw
|
||||
|
|
@ -86,10 +77,12 @@ router bgp {{ asn.asn }} vrf outside
|
|||
{% endfor %}
|
||||
|
||||
address-family ipv4 unicast
|
||||
neighbor peerlink.4 activate
|
||||
neighbor peerlink.4 soft-reconfiguration inbound
|
||||
neighbor peerlink.4 route-map peer.4->me in
|
||||
neighbor peerlink.4 route-map me->peer.4 out
|
||||
|
||||
neighbor firewall activate
|
||||
neighbor firewall allowas-in 1
|
||||
neighbor firewall default-originate
|
||||
neighbor firewall soft-reconfiguration inbound
|
||||
|
|
@ -144,27 +137,8 @@ router bgp {{ asn.asn }} vrf inside
|
|||
neighbor {{ iface }}.2 bfd 3 150 150
|
||||
{% endfor %}
|
||||
|
||||
address-family ipv4 unicast
|
||||
neighbor peerlink.2 soft-reconfiguration inbound
|
||||
neighbor peerlink.2 route-map peer.2->me in
|
||||
neighbor peerlink.2 route-map me->peer.2 out
|
||||
|
||||
neighbor firewall allowas-in 1
|
||||
neighbor firewall soft-reconfiguration inbound
|
||||
neighbor firewall route-map inside->firewall out
|
||||
{% for iface in ifaces_firewall %}
|
||||
neighbor {{ iface }}.2 route-map firewall-{{ loop.index }}->inside in
|
||||
{% endfor %}
|
||||
|
||||
redistribute connected route-map loopback-inside
|
||||
{% for vrf in inside_vrfs %}
|
||||
import vrf {{ vrf }}
|
||||
{% endfor %}
|
||||
import vrf default
|
||||
import vrf route-map inside-import
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
neighbor peerlink.2 activate
|
||||
neighbor peerlink.2 soft-reconfiguration inbound
|
||||
neighbor peerlink.2 route-map peer.2->me in
|
||||
|
|
@ -186,25 +160,15 @@ router bgp {{ asn.asn }} vrf inside
|
|||
import vrf route-map inside-import
|
||||
exit-address-family
|
||||
|
||||
{% endfor %}
|
||||
|
||||
|
||||
{% for vrf in vrfs.values() | selectattr('name', 'in', inside_vrfs) %}
|
||||
router bgp {{ asn.asn }} vrf {{ vrf.name }}
|
||||
bgp bestpath as-path multipath-relax
|
||||
|
||||
address-family ipv4 unicast
|
||||
redistribute connected
|
||||
import vrf inside
|
||||
{% if vrf.custom_fields.imports %}
|
||||
{% for import in vrf.custom_fields.imports %}
|
||||
import vrf {{ import.name }}
|
||||
{% endfor %}
|
||||
import vrf route-map {{ vrf.name }}-import
|
||||
{% else %}
|
||||
import vrf route-map office-import
|
||||
{% endif %}
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
redistribute connected
|
||||
import vrf inside
|
||||
{% if vrf.custom_fields.imports %}
|
||||
|
|
@ -218,6 +182,7 @@ router bgp {{ asn.asn }} vrf {{ vrf.name }}
|
|||
exit-address-family
|
||||
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
||||
# Prefix lists.
|
||||
ip prefix-list default permit 0.0.0.0/0
|
||||
|
|
|
|||
|
|
@ -51,6 +51,12 @@
|
|||
mode: 0644
|
||||
notify: enable interfaces
|
||||
|
||||
- name: Set up resolv.conf
|
||||
template:
|
||||
dest: /etc/resolv.conf
|
||||
src: resolv.conf.j2
|
||||
mode: 0644
|
||||
|
||||
- name: Set up sysctls
|
||||
template:
|
||||
dest: /etc/sysctl.d/firewall.conf
|
||||
|
|
|
|||
|
|
@ -40,26 +40,14 @@ router bgp {{ asn.asn }}
|
|||
neighbor {{ iface.name }}.4 bfd profile fast
|
||||
{% endfor %}
|
||||
|
||||
address-family ipv4 unicast
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
{% if family == 'ipv4' %}
|
||||
{% for network in nat %}
|
||||
network {{ network }}
|
||||
{% endfor %}
|
||||
|
||||
redistribute connected route-map loopback
|
||||
maximum-paths 16
|
||||
|
||||
neighbor outside soft-reconfiguration inbound
|
||||
neighbor outside route-map outside->default in
|
||||
neighbor outside route-map default->outside out
|
||||
|
||||
neighbor inside allowas-in origin
|
||||
neighbor inside default-originate
|
||||
neighbor inside soft-reconfiguration inbound
|
||||
neighbor inside route-map inside->default in
|
||||
neighbor inside route-map default->inside out
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
{% endif %}
|
||||
redistribute connected route-map loopback
|
||||
maximum-paths 16
|
||||
|
||||
|
|
@ -76,6 +64,8 @@ router bgp {{ asn.asn }}
|
|||
neighbor inside route-map default->inside out
|
||||
exit-address-family
|
||||
|
||||
{% endfor %}
|
||||
|
||||
# Prefix lists.
|
||||
ip prefix-list default permit 0.0.0.0/0
|
||||
ipv6 prefix-list default permit ::/0
|
||||
|
|
@ -85,9 +75,9 @@ ip prefix-list fabric permit 10.34.0.0/24 ge 32
|
|||
{% for prefix in vrf_prefixes | rejectattr('vrf.name', '==', 'outside')
|
||||
| sort(attribute='family.value') %}
|
||||
{% if prefix.family.value == 4 %}
|
||||
ip prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
|
||||
ip prefix-list office permit {{ prefix.prefix }}
|
||||
{% elif prefix.family.value == 6 %}
|
||||
ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
|
||||
ipv6 prefix-list office permit {{ prefix.prefix }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
|
|
|
|||
|
|
@ -41,7 +41,8 @@ router bgp {{ asn.asn }}
|
|||
{% endfor %}
|
||||
|
||||
{% endfor %}
|
||||
address-family ipv4 unicast
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
redistribute connected route-map loopbacks
|
||||
neighbor fabric activate
|
||||
{% for tenant in my_tenants %}
|
||||
|
|
@ -51,16 +52,7 @@ router bgp {{ asn.asn }}
|
|||
{% endfor %}
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
redistribute connected route-map loopbacks
|
||||
neighbor fabric activate
|
||||
{% for tenant in my_tenants %}
|
||||
neighbor dc-{{ tenant }} activate
|
||||
neighbor dc-{{ tenant }} route-map dc-{{ tenant }}->default in
|
||||
neighbor dc-{{ tenant }} route-map default->dc out
|
||||
{% endfor %}
|
||||
exit-address-family
|
||||
|
||||
address-family l2vpn evpn
|
||||
neighbor fabric activate
|
||||
{% for iface in ifaces_evpn|default([]) %}
|
||||
|
|
|
|||
4
templates/resolv.conf.j2
Normal file
4
templates/resolv.conf.j2
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
search {{ domain }}
|
||||
{% for server in dns6 %}
|
||||
nameserver {{ server }}
|
||||
{% endfor %}
|
||||
Loading…
Reference in a new issue