Compare commits
No commits in common. "d3196a48c2e3e1a1449725ef225174e37b8a0416" and "3b3e759cc18f9dd158e1329fa8573ef45ba87eef" have entirely different histories.
d3196a48c2
...
3b3e759cc1
5 changed files with 75 additions and 32 deletions
|
|
@ -37,8 +37,18 @@ router bgp {{ asn.asn }}
|
|||
neighbor {{ iface }} bfd 3 150 150
|
||||
{% endfor %}
|
||||
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
address-family ipv4 unicast
|
||||
redistribute connected route-map loopback
|
||||
|
||||
neighbor fabric soft-reconfiguration inbound
|
||||
neighbor fabric route-map fabric->default in
|
||||
neighbor fabric route-map default->fabric out
|
||||
|
||||
import vrf outside
|
||||
import vrf route-map default-import
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
redistribute connected route-map loopback
|
||||
|
||||
neighbor fabric activate
|
||||
|
|
@ -50,7 +60,6 @@ router bgp {{ asn.asn }}
|
|||
import vrf route-map default-import
|
||||
exit-address-family
|
||||
|
||||
{% endfor %}
|
||||
address-family l2vpn evpn
|
||||
advertise-all-vni
|
||||
advertise-default-gw
|
||||
|
|
@ -77,12 +86,10 @@ router bgp {{ asn.asn }} vrf outside
|
|||
{% endfor %}
|
||||
|
||||
address-family ipv4 unicast
|
||||
neighbor peerlink.4 activate
|
||||
neighbor peerlink.4 soft-reconfiguration inbound
|
||||
neighbor peerlink.4 route-map peer.4->me in
|
||||
neighbor peerlink.4 route-map me->peer.4 out
|
||||
|
||||
neighbor firewall activate
|
||||
neighbor firewall allowas-in 1
|
||||
neighbor firewall default-originate
|
||||
neighbor firewall soft-reconfiguration inbound
|
||||
|
|
@ -137,8 +144,27 @@ router bgp {{ asn.asn }} vrf inside
|
|||
neighbor {{ iface }}.2 bfd 3 150 150
|
||||
{% endfor %}
|
||||
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
address-family ipv4 unicast
|
||||
neighbor peerlink.2 soft-reconfiguration inbound
|
||||
neighbor peerlink.2 route-map peer.2->me in
|
||||
neighbor peerlink.2 route-map me->peer.2 out
|
||||
|
||||
neighbor firewall allowas-in 1
|
||||
neighbor firewall soft-reconfiguration inbound
|
||||
neighbor firewall route-map inside->firewall out
|
||||
{% for iface in ifaces_firewall %}
|
||||
neighbor {{ iface }}.2 route-map firewall-{{ loop.index }}->inside in
|
||||
{% endfor %}
|
||||
|
||||
redistribute connected route-map loopback-inside
|
||||
{% for vrf in inside_vrfs %}
|
||||
import vrf {{ vrf }}
|
||||
{% endfor %}
|
||||
import vrf default
|
||||
import vrf route-map inside-import
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
neighbor peerlink.2 activate
|
||||
neighbor peerlink.2 soft-reconfiguration inbound
|
||||
neighbor peerlink.2 route-map peer.2->me in
|
||||
|
|
@ -160,15 +186,25 @@ router bgp {{ asn.asn }} vrf inside
|
|||
import vrf route-map inside-import
|
||||
exit-address-family
|
||||
|
||||
{% endfor %}
|
||||
|
||||
|
||||
{% for vrf in vrfs.values() | selectattr('name', 'in', inside_vrfs) %}
|
||||
router bgp {{ asn.asn }} vrf {{ vrf.name }}
|
||||
bgp bestpath as-path multipath-relax
|
||||
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
address-family ipv4 unicast
|
||||
redistribute connected
|
||||
import vrf inside
|
||||
{% if vrf.custom_fields.imports %}
|
||||
{% for import in vrf.custom_fields.imports %}
|
||||
import vrf {{ import.name }}
|
||||
{% endfor %}
|
||||
import vrf route-map {{ vrf.name }}-import
|
||||
{% else %}
|
||||
import vrf route-map office-import
|
||||
{% endif %}
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
redistribute connected
|
||||
import vrf inside
|
||||
{% if vrf.custom_fields.imports %}
|
||||
|
|
@ -182,7 +218,6 @@ router bgp {{ asn.asn }} vrf {{ vrf.name }}
|
|||
exit-address-family
|
||||
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
||||
# Prefix lists.
|
||||
ip prefix-list default permit 0.0.0.0/0
|
||||
|
|
|
|||
|
|
@ -51,12 +51,6 @@
|
|||
mode: 0644
|
||||
notify: enable interfaces
|
||||
|
||||
- name: Set up resolv.conf
|
||||
template:
|
||||
dest: /etc/resolv.conf
|
||||
src: resolv.conf.j2
|
||||
mode: 0644
|
||||
|
||||
- name: Set up sysctls
|
||||
template:
|
||||
dest: /etc/sysctl.d/firewall.conf
|
||||
|
|
|
|||
|
|
@ -40,14 +40,26 @@ router bgp {{ asn.asn }}
|
|||
neighbor {{ iface.name }}.4 bfd profile fast
|
||||
{% endfor %}
|
||||
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
{% if family == 'ipv4' %}
|
||||
address-family ipv4 unicast
|
||||
{% for network in nat %}
|
||||
network {{ network }}
|
||||
{% endfor %}
|
||||
|
||||
{% endif %}
|
||||
redistribute connected route-map loopback
|
||||
maximum-paths 16
|
||||
|
||||
neighbor outside soft-reconfiguration inbound
|
||||
neighbor outside route-map outside->default in
|
||||
neighbor outside route-map default->outside out
|
||||
|
||||
neighbor inside allowas-in origin
|
||||
neighbor inside default-originate
|
||||
neighbor inside soft-reconfiguration inbound
|
||||
neighbor inside route-map inside->default in
|
||||
neighbor inside route-map default->inside out
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
redistribute connected route-map loopback
|
||||
maximum-paths 16
|
||||
|
||||
|
|
@ -64,8 +76,6 @@ router bgp {{ asn.asn }}
|
|||
neighbor inside route-map default->inside out
|
||||
exit-address-family
|
||||
|
||||
{% endfor %}
|
||||
|
||||
# Prefix lists.
|
||||
ip prefix-list default permit 0.0.0.0/0
|
||||
ipv6 prefix-list default permit ::/0
|
||||
|
|
@ -75,9 +85,9 @@ ip prefix-list fabric permit 10.34.0.0/24 ge 32
|
|||
{% for prefix in vrf_prefixes | rejectattr('vrf.name', '==', 'outside')
|
||||
| sort(attribute='family.value') %}
|
||||
{% if prefix.family.value == 4 %}
|
||||
ip prefix-list office permit {{ prefix.prefix }}
|
||||
ip prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
|
||||
{% elif prefix.family.value == 6 %}
|
||||
ipv6 prefix-list office permit {{ prefix.prefix }}
|
||||
ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
|
|
|
|||
|
|
@ -41,8 +41,7 @@ router bgp {{ asn.asn }}
|
|||
{% endfor %}
|
||||
|
||||
{% endfor %}
|
||||
{% for family in ['ipv4', 'ipv6'] %}
|
||||
address-family {{ family }} unicast
|
||||
address-family ipv4 unicast
|
||||
redistribute connected route-map loopbacks
|
||||
neighbor fabric activate
|
||||
{% for tenant in my_tenants %}
|
||||
|
|
@ -52,7 +51,16 @@ router bgp {{ asn.asn }}
|
|||
{% endfor %}
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
redistribute connected route-map loopbacks
|
||||
neighbor fabric activate
|
||||
{% for tenant in my_tenants %}
|
||||
neighbor dc-{{ tenant }} activate
|
||||
neighbor dc-{{ tenant }} route-map dc-{{ tenant }}->default in
|
||||
neighbor dc-{{ tenant }} route-map default->dc out
|
||||
{% endfor %}
|
||||
exit-address-family
|
||||
|
||||
address-family l2vpn evpn
|
||||
neighbor fabric activate
|
||||
{% for iface in ifaces_evpn|default([]) %}
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
search {{ domain }}
|
||||
{% for server in dns6 %}
|
||||
nameserver {{ server }}
|
||||
{% endfor %}
|
||||
Loading…
Reference in a new issue