From 053d5df46e638763d3ef5981dec3db5f19b4ee81 Mon Sep 17 00:00:00 2001 From: Marek Isalski Date: Sun, 3 Jan 2021 19:26:53 +0000 Subject: [PATCH] VRF support (for management networks) --- vyos.conf.j2 | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/vyos.conf.j2 b/vyos.conf.j2 index f28d2e1..d6ffa58 100644 --- a/vyos.conf.j2 +++ b/vyos.conf.j2 @@ -184,6 +184,7 @@ interfaces { {% elif iface_data.get('type',{}).get('label','') != 'Virtual' %} ethernet {{ iface_name }} { description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}" + {% if 'vrf' in salt['pillar.get']('interfaces:'+iface_name,{}) %}vrf {{ salt['pillar.get']('interfaces:'+iface_name+':vrf') }}{% endif %} {% for address in iface_data['addresses'] %} address {{ address['address'] }} {% endfor %} @@ -200,6 +201,7 @@ interfaces { {% set subiface_data = salt['pillar.get']('netbox:interfaces:%s.%d'%(iface_name,tagged_vlan['vid']),{'description':'','addresses':[],'enabled':False}) %} vif {{ tagged_vlan['vid'] }} { description "{{ tagged_vlan['name'].replace('"','\\"') or "-" }} => {{ subiface_data['description'].replace('"','\\"') or "-" }}" + {% if 'vrf' in salt['pillar.get']('interfaces:'+iface_name+"."+("%d"%tagged_vlan['vid']),{}) %}vrf {{ salt['pillar.get']('interfaces:'+iface_name+"."+("%d"%tagged_vlan['vid'])+':vrf') }}{% endif %} {% for address in subiface_data['addresses'] %} address {{ address['address'] }} {% endfor %} @@ -238,6 +240,16 @@ interfaces { {% endif %}{% endfor %} } +/* -=-=-=-=-=-=-=-=-=-=-=-=-=- VRFS -=-=-=-=-=-=-=-=-=-=-=-=-=- */ + +vrf { +{% for vrf_name, vrf_data in salt['pillar.get']('vrf',{}).items() %} + name {{ vrf_name }} { + {% if 'table' in vrf_data %}table {{ vrf_data['table'] }}{% endif %} + } +{% endfor %} +} + /* -=-=-=-=-=-=-=-=-=-=-=-=-=- PROTOCOLS -=-=-=-=-=-=-=-=-=-=-=-=-=- */ protocols { @@ -349,6 +361,41 @@ protocols { {% endfor %} } +{% for vrf_name, vrf_data in pillar['protocols']['vrf'].items() %} +{% if 'static' in vrf_data %} + vrf {{ vrf_name }} { + static { + {% for route_name, route_data in vrf_data['static'].get('route',{}).items() %} + route {{ route_name }} { + {% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %} + next-hop {{ nexthop }} { + } + {% endfor %} + {% if route_data.get('blackhole',None) %} + blackhole { + distance {{ route_data['blackhole'].get('distance',254) }} + } + {% endif %} + } + {% endfor %} + {% for route_name, route_data in vrf_data['static'].get('route6',{}).items() %} + route6 {{ route_name }} { + {% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %} + next-hop {{ nexthop }} { + } + {% endfor %} + {% if route_data.get('blackhole',None) %} + blackhole { + distance {{ route_data['blackhole'].get('distance',254) }} + } + {% endif %} + } + {% endfor %} + } + } +{% endif %} +{% endfor %} + /* -=-=-=-=-=-=-=-=-=-=-=-=-=- BGP -=-=-=-=-=-=-=-=-=-=-=-=-=- */ {% for bgp_as, as_data in salt['pillar.get']('protocols:bgp',{}).items() %} @@ -1441,9 +1488,11 @@ service { trap-target {{ trap_target }} { } {% endfor %} + {% if salt['pillar.get']('service:snmp:vrf') %}vrf {{ salt['pillar.get']('service:snmp:vrf') }}{% endif %} } ssh { listen-address {{ pillar['service']['ssh']['listen-address'] }} + {% if salt['pillar.get']('service:snmp:vrf') %}vrf {{ salt['pillar.get']('service:snmp:vrf') }}{% endif %} ciphers chacha20-poly1305@openssh.com ciphers aes256-gcm@openssh.com ciphers aes128-gcm@openssh.com @@ -1522,6 +1571,7 @@ system { {% endif %} {% else %} radius { + {% if salt['pillar.get']('radius:vrf') %}vrf {{ salt['pillar.get']('radius:vrf') }}{% endif %} {% for server, server_data in salt['pillar.get']('radius:server',{}).items() %} server {{ server }} { key {{ server_data.get('key',server_data.get('secret','')) }}