Merge pull request #11 from natedoot/routing-control-functions

Routing control functions
aristanetworks · Jun 5, 2024 · 5245438 · 5245438
2 parents 6c0e427 + 94fc341
commit 5245438
Show file tree

Hide file tree

Showing 9 changed files with 180 additions and 133 deletions.
diff --git a/datacenter/domain-b/group_vars/DOMAIN_B_EVPNGW.yml b/datacenter/domain-b/group_vars/DOMAIN_B_EVPNGW.yml
@@ -6,92 +6,54 @@ cv_tags_topology_type: leaf
 evpn_multicast: false
 underlay_multicast: false
 
-bgp_peer_groups: 
-  evpn_overlay_peers:
-    structured_config:
-      route_reflector_client: true
-
-csc_router_bgp:
-  bgp:
-    bestpath:
-      d_path: true
-  address_family_evpn:
-    domain_identifier: "2:2" 
-
-csc_community_lists:
-  - name: CL-LOCAL-DOMAIN-ORIGINATED 
-    action: "permit 65200:65200"
-  - name: CL-REMOTE-DOMAIN-ORIGINATED
-    action: "permit 65000:65000"
-
-csc_route_maps:
-  - name: RM-AS65000-EVPN-IN
-    sequence_numbers:
-      - sequence: 10
-        type: "permit"
-        set:
-          - "community 65000:65000 additive"
-  - name: RM-AS65000-EVPN-OUT
-    sequence_numbers:
-      - sequence: 5
-        type: "deny"
-        match:
-          - "community CL-REMOTE-DOMAIN-ORIGINATED"
-      - sequence: 10
-        type: "permit"
-  - name: RM-AS65000-IPV4-OUT
-    sequence_numbers:
-      - sequence: 10
-        type: 'permit'
-        match:
-          - 'ip address prefix-list PL-GATEWAY-LOOP'
-  - name: RM-AS65200-EVPN-IN
-    sequence_numbers:
-      - sequence: 10
-        type: "permit"
-        match:
-          - "community CL-REMOTE-DOMAIN-ORIGINATED"
-        set:
-          - "local-preference 0"
-      - sequence: 20
-        type: "permit"
-        set:
-          - "community 65200:65200 additive"
-  - name: RM-AS65200-EVPN-OUT
-    sequence_numbers:
-      - sequence: 5
-        type: "deny"
-        match: 
-          - "community CL-LOCAL-DOMAIN-ORIGINATED"
-      - sequence: 10
-        type: "permit"
-
-monitor_connectivity:
-  shutdown: false
-  vrfs:
-      # VRF Name
-    - name: Prod
-      interface_sets:
-        - name: Prod-Vtep-Diag
-          interfaces: Loopback101
-      hosts:
-        - name: A-LEAF7-DiagVtep-Prod
-          ip: 10.101.101.7
-          local_interfaces: Prod-Vtep-Diag
-        - name: C-LEAF7-DiagVtep-Prod
-          ip: 10.101.103.7
-          local_interfaces: Prod-Vtep-Diag
-    - name: Dev
-      interface_sets:
-        - name: Dev-Vtep-Diag
-          interfaces: Loopback102
-      hosts:
-        - name: A-LEAF7-DiagVtep-Dev
-          ip: 10.102.101.7
-          local_interfaces: Dev-Vtep-Diag
-        - name: C-LEAF7-DiagVtep-Dev
-          ip: 10.102.103.7
-          local_interfaces: Dev-Vtep-Diag
+router_general:
+  control_functions:
+    code_units:
+      - name: evpngw-rcf
+        content: |-
+          function PREFIX_ROUTE() {
+            return evpn.route_type is EVPN_IP_PREFIX;
+          }
+          function IMET_ROUTE() {
+            return evpn.route_type is EVPN_IMET;
+          }
+          function FROM_GW_PEER() {
+            return community has_any {2:2};
+          }
+          function GW_LOOPBACK() {
+            return prefix match prefix_list_v4 PL-GATEWAY-LOOP;
+          }
+          function AS65000_OUT_IPV4() {
+            if GW_LOOPBACK(){
+              return true;
+            }
+            return false;
+          }
+          function AS65000_OUT_EVPN() {
+            if IMET_ROUTE() or PREFIX_ROUTE(){
+              community add {2:2};
+            }
+            return true;
+          }
+          function AS65000_IN_EVPN() {
+            if (IMET_ROUTE() or PREFIX_ROUTE()) and FROM_GW_PEER() {
+              return false;
+            }
+            return true;
+          }
+          function AS65400_OUT_EVPN() { 
+            if PREFIX_ROUTE(){
+              community add {2:2};
+            }
+            return true;
+          }
+          function AS65400_IN_EVPN() { 
+            if PREFIX_ROUTE() and FROM_GW_PEER() {
+              return false;
+              }
+            return true;
+          }
+          EOF
 
 custom_templates:
   - evpngw-af-evpn.j2
diff --git a/datacenter/domain-b/host_vars/B-LEAF7.yml b/datacenter/domain-b/host_vars/B-LEAF7.yml
@@ -4,21 +4,24 @@ csc_prefix_lists:
   - name: PL-GATEWAY-LOOP
     sequence_numbers:
       - sequence: 10
-        action: 'permit 2.2.2.7/32'
-      - sequence: 20
         action: 'permit 1.1.2.7/32'
-      - sequence: 30
+      - sequence: 20
         action: 'permit 1.1.2.8/32'
+      - sequence: 30
+        action: 'permit 2.2.2.7/32'
+      - sequence: 40
+        action: 'permit 2.2.2.8/32'
 
 csc_router_bgp:
+  bgp:
+    bestpath:
+      d_path: true
   peer_groups:
     - name: EVPN-OVERLAY-CORE
       local_as: 65000
       remove_private_as:
         replace_as: true
       remote_as: 65000
-      route_map_in: RM-AS65000-EVPN-IN
-      route_map_out: RM-AS65000-EVPN-OUT
       route_reflector_client: true
       update_source: Loopback0
       bfd: true
@@ -42,20 +45,23 @@ csc_router_bgp:
       - name: EVPN-OVERLAY-CORE
         activate: true
         domain_remote: true
+        rcf_in: AS65000_IN_EVPN()
+        rcf_out: AS65000_OUT_EVPN()
+      - name: EVPN-OVERLAY-PEERS
+        rcf_in: AS65200_IN_EVPN()
+        rcf_out: AS65200_OUT_EVPN()
     neighbor_default:
       next_hop_self_received_evpn_routes:
         enable: true
         inter_domain: true
+    domain_identifier: "2:2"
   address_family_ipv4:
     peer_groups:
       - name: IPv4-REMOTE-UNDERLAY-PEERS
         activate: true
+        rcf_out: AS65000_OUT_IPV4()
       - name: EVPN-OVERLAY-CORE
         activate: false
-    networks:
-      - prefix: "1.1.2.7/32"
-      - prefix: "1.1.2.8/32"
-      - prefix: "2.2.2.7/32"
 
 csc_ethernet_interfaces:
   - name: Ethernet7

diff --git a/datacenter/domain-b/host_vars/B-LEAF8.yml b/datacenter/domain-b/host_vars/B-LEAF8.yml
@@ -4,21 +4,24 @@ csc_prefix_lists:
   - name: PL-GATEWAY-LOOP
     sequence_numbers:
       - sequence: 10
-        action: 'permit 2.2.2.8/32'
-      - sequence: 20
         action: 'permit 1.1.2.7/32'
-      - sequence: 30
+      - sequence: 20
         action: 'permit 1.1.2.8/32'
+      - sequence: 30
+        action: 'permit 2.2.2.7/32'
+      - sequence: 40
+        action: 'permit 2.2.2.8/32'
 
 csc_router_bgp:
+  bgp:
+    bestpath:
+      d_path: true
   peer_groups:
     - name: EVPN-OVERLAY-CORE
       local_as: 65000
       remove_private_as:
         replace_as: true
       remote_as: 65000
-      route_map_in: RM-AS65000-EVPN-IN
-      route_map_out: RM-AS65000-EVPN-OUT
       route_reflector_client: true
       update_source: Loopback0
       bfd: true
@@ -42,20 +45,23 @@ csc_router_bgp:
       - name: EVPN-OVERLAY-CORE
         activate: true
         domain_remote: true
+        rcf_in: AS65000_IN_EVPN()
+        rcf_out: AS65000_OUT_EVPN()
+      - name: EVPN-OVERLAY-PEERS
+        rcf_in: AS65200_IN_EVPN()
+        rcf_out: AS65200_OUT_EVPN()
     neighbor_default:
       next_hop_self_received_evpn_routes:
         enable: true
         inter_domain: true
+    domain_identifier: "2:2"
   address_family_ipv4:
     peer_groups:
       - name: IPv4-REMOTE-UNDERLAY-PEERS
         activate: true
+        rcf_out: AS65000_OUT_IPV4()
       - name: EVPN-OVERLAY-CORE
         activate: false
-    networks:
-      - prefix: "1.1.2.7/32"
-      - prefix: "1.1.2.8/32"
-      - prefix: "2.2.2.8/32"
 
 csc_ethernet_interfaces:
   - name: Ethernet7

diff --git a/datacenter/domain-d/group_vars/DOMAIN_D_EVPNGW.yml b/datacenter/domain-d/group_vars/DOMAIN_D_EVPNGW.yml
@@ -1,14 +1,95 @@
 ---
 type: l3leaf
 
-evpn_multicast: false
-underlay_multicast: false
+bgp_peer_groups:
+  evpn_overlay_core:
+    structured_config:
+      local_as: 65000
+      remove_private_as:
+        replace_as: true
+      bfd: false
 
-underlay_ipv6: false
-underlay_rfc5549: false
-overlay_mlag_rfc5549: false
-overlay_routing_protocol_address_family: ipv4
+csc_router_bgp:
+  neighbors:
+    - ip_address: 1.1.4.201
+      peer_group: EVPN-OVERLAY-PEERS
+      remote_as: 65400
+      description: D-SPINE1
+    - ip_address: 1.1.4.202
+      peer_group: EVPN-OVERLAY-PEERS
+      remote_as: 65400
+      description: D-SPINE2
+    - ip_address: 1.1.4.203
+      peer_group: EVPN-OVERLAY-PEERS
+      remote_as: 65400
+      description: D-SPINE3
+    - ip_address: 1.1.4.204
+      peer_group: EVPN-OVERLAY-PEERS
+      remote_as: 65400
+      description: D-SPINE4
+  address_family_ipv4:
+    peer_groups:
+      - name: IPv4-REMOTE-UNDERLAY-PEERS
+        rcf_out: AS65000_OUT_IPV4()
+        activate: true
+  address_family_evpn:
+    peer_groups:
+      - name: EVPN-OVERLAY-PEERS
+        rcf_in: AS65400_IN_EVPN()
+        rcf_out: AS65400_OUT_EVPN()
+      - name: EVPN-OVERLAY-CORE
+        rcf_in: AS65000_IN_EVPN()
+        rcf_out: AS65000_OUT_EVPN()
 
 
+router_general:
+  control_functions:
+    code_units:
+      - name: evpngw-rcf
+        content: |-
+          function PREFIX_ROUTE() {
+            return evpn.route_type is EVPN_IP_PREFIX;
+          }
+          function IMET_ROUTE() {
+            return evpn.route_type is EVPN_IMET;
+          }
+          function FROM_GW_PEER() {
+            return community has_any {4:4};
+          }
+          function GW_LOOPBACK() {
+            return prefix match prefix_list_v4 PL-LOOPBACKS-EVPN-OVERLAY;
+          }
+          function AS65000_OUT_IPV4() {
+            if GW_LOOPBACK(){
+              return true;
+            }
+            return false;
+          }
+          function AS65000_OUT_EVPN() {
+            if IMET_ROUTE() or PREFIX_ROUTE(){
+              community add {4:4};
+            }
+            return true;
+          }
+          function AS65000_IN_EVPN() {
+            if (IMET_ROUTE() or PREFIX_ROUTE()) and FROM_GW_PEER() {
+              return false;
+            }
+            return true;
+          }
+          function AS65400_OUT_EVPN() { 
+            if PREFIX_ROUTE(){
+              community add {4:4};
+            }
+            return true;
+          }
+          function AS65400_IN_EVPN() { 
+            if PREFIX_ROUTE() and FROM_GW_PEER() {
+              return false;
+              }
+            return true;
+          }
+          EOF
+
 custom_templates:
   - evpngw-af-evpn.j2
diff --git a/datacenter/domain-d/group_vars/DOMAIN_D_L3_LEAVES.yml b/datacenter/domain-d/group_vars/DOMAIN_D_L3_LEAVES.yml
@@ -1,6 +1,11 @@
 ---
 type: l3leaf
 
+underlay_ipv6: true
+underlay_rfc5549: true
+overlay_mlag_rfc5549: true
+overlay_routing_protocol_address_family: ipv6
+
 dhcp_relay:
   tunnel_requests_disabled: true
   mlag_peerlink_requests_disabled: true

diff --git a/datacenter/domain-d/group_vars/DOMAIN_D_SPINES.yml b/datacenter/domain-d/group_vars/DOMAIN_D_SPINES.yml
@@ -1,6 +1,9 @@
 ---
 type: spine
-
+underlay_ipv6: true
+underlay_rfc5549: true
+overlay_mlag_rfc5549: true
+overlay_routing_protocol_address_family: ipv6
 switchport_default:
   mode: routed
 
@@ -11,6 +14,10 @@ peer_filters:
         match: 'as-range 65401-65499 result accept'
 
 csc_router_bgp:
+  address_family_ipv4:
+    peer_groups:
+      - name: LOCAL-UNDERLAY-PEERS
+        activate: true
   address_family_ipv6:
     redistribute_routes:
       - source_protocol: connected