{% set lo_address = interfaces
    | selectattr('name', '==', 'lo')
    | map(attribute='ip_addresses') | first
    | selectattr('role') | selectattr('role.value', '==', 'loopback')
    | map(attribute='address') %}
{% set iface_bgp = interfaces
    | selectattr('enabled')
    | rejectattr('type.value', 'in', ('bridge', 'lag'))
    | rejectattr('mgmt_only') | rejectattr('bridge') | rejectattr('lag') %}
{% set iface_server = iface_bgp | selectattr('custom_fields.tenant') %}
{% set iface_fabric = iface_bgp | difference(iface_server) | rejectattr('ip_addresses') %}
{% set my_tenants = iface_server | map(attribute='custom_fields.tenant.slug') | unique -%}

frr defaults datacenter
log syslog informational
service integrated-vtysh-config

# Route installation into kernels fails (rarely) without this option.
# It is not documented anywhere and appears to be a Cumulus extension.
zebra nexthop proto only

router-id {{ lo_address | ipv4 | first | ipaddr('address') }}

router bgp {{ asn.asn }}
  bgp bestpath as-path multipath-relax

  neighbor fabric peer-group
  neighbor fabric remote-as external

{% for interface in iface_fabric %}
  neighbor {{ interface.name }} interface peer-group fabric
  neighbor {{ interface.name }} bfd 3 150 150
{% endfor %}

{% for tenant in my_tenants %}
  neighbor dc-{{ tenant }} peer-group
  neighbor dc-{{ tenant }} remote-as external
{% for interface in iface_server | selectattr('custom_fields.tenant.slug', '==', tenant) %}
  neighbor {{ interface.name }} interface peer-group dc-{{ tenant }}
  neighbor {{ interface.name }} bfd
{% endfor %}

{% endfor %}
{% for family in ['ipv4', 'ipv6'] %}
  address-family {{ family }} unicast
    redistribute connected route-map loopbacks
    neighbor fabric activate
{% for tenant in my_tenants %}
    neighbor dc-{{ tenant }} activate
    neighbor dc-{{ tenant }} route-map dc-{{ tenant }}->default in
    neighbor dc-{{ tenant }} route-map default->dc out
{% endfor %}
  exit-address-family

{% endfor %}
  address-family l2vpn evpn
    neighbor fabric activate
{% for iface in ifaces_evpn|default([]) %}
    neighbor {{ iface }} activate
{% endfor %}
{% if peer is defined and  interfaces | selectattr('mode') %}
    advertise-all-vni
{% endif %}
  exit-address-family

route-map loopbacks permit 10
  match interface lo

{% if my_tenants %}
ip prefix-list default permit 0.0.0.0/0
ipv6 prefix-list default permit ::/0

{% for prefix in bgp_prefixes | selectattr('tenant.slug', 'in', my_tenants) %}
{% if prefix.family.value == 4 %}
ip prefix-list dc-{{ prefix.tenant.slug }} permit {{ prefix.prefix }} ge 32
{% else %}
ipv6 prefix-list dc-{{ prefix.tenant.slug }} permit {{ prefix.prefix }} ge 64
{% endif %}
{% endfor %}

# We only announce the default route to DC servers.
route-map default->dc permit 10
  match ip address prefix-list default
route-map default->dc permit 11
  match ipv6 address prefix-list default

{% for tenant in my_tenants %}
route-map dc-{{ tenant }}->default permit 10
  match ip address prefix-list dc-{{ tenant }}
route-map dc-{{ tenant }}->default permit 11
  match ipv6 address prefix-list dc-{{ tenant }}

{% endfor %}
{% endif %}