Timotej Lazar
9a56e48141
Turns out that while Cumulus supports “up to” 255 VRFs, no switch it runs on supports more than 64. So we have to turn down paranoia and put internal networks for each tenant in the same VRF. This commit just ensures VRF definitions are not duplicated on exits.
12 lines
464 B
Django/Jinja
12 lines
464 B
Django/Jinja
{# VRF outside is special, all others are inside but also firewalled from each other. #}
|
|
{% set inside_vrfs = interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
|
|
| selectattr('vrf') | map(attribute='vrf') | rejectattr('name', '==', 'outside') | unique -%}
|
|
|
|
# A separate VRF for each inside network so we can firewall between them.
|
|
{% for vrf in inside_vrfs %}
|
|
auto {{ vrf.name }}
|
|
iface {{ vrf.name }}
|
|
vrf-table auto
|
|
|
|
{% endfor %}
|