FAELIX/hphr
FAELIX/hphr
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

VRF support (for management networks)

Browse Source
This commit is contained in:
Marek Isalski 2021-01-03 19:26:53 +00:00
parent 5754e0209f
commit 053d5df46e
1 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
vyos.conf.j2
View File

@ -184,6 +184,7 @@ interfaces {
{% elif iface_data.get('type',{}).get('label','') != 'Virtual' %}
ethernet {{ iface_name }} {
description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}"
{% if 'vrf' in salt['pillar.get']('interfaces:'+iface_name,{}) %}vrf {{ salt['pillar.get']('interfaces:'+iface_name+':vrf') }}{% endif %}
{% for address in iface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %}
@ -200,6 +201,7 @@ interfaces {
{% set subiface_data = salt['pillar.get']('netbox:interfaces:%s.%d'%(iface_name,tagged_vlan['vid']),{'description':'','addresses':[],'enabled':False}) %}
vif {{ tagged_vlan['vid'] }} {
description "{{ tagged_vlan['name'].replace('"','\\"') or "-" }} => {{ subiface_data['description'].replace('"','\\"') or "-" }}"
{% if 'vrf' in salt['pillar.get']('interfaces:'+iface_name+"."+("%d"%tagged_vlan['vid']),{}) %}vrf {{ salt['pillar.get']('interfaces:'+iface_name+"."+("%d"%tagged_vlan['vid'])+':vrf') }}{% endif %}
{% for address in subiface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %}
@ -238,6 +240,16 @@ interfaces {
{% endif %}{% endfor %}
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- VRFS -=-=-=-=-=-=-=-=-=-=-=-=-=- */
vrf {
{% for vrf_name, vrf_data in salt['pillar.get']('vrf',{}).items() %}
name {{ vrf_name }} {
{% if 'table' in vrf_data %}table {{ vrf_data['table'] }}{% endif %}
}
{% endfor %}
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- PROTOCOLS -=-=-=-=-=-=-=-=-=-=-=-=-=- */
protocols {
@ -349,6 +361,41 @@ protocols {
{% endfor %}
}
{% for vrf_name, vrf_data in pillar['protocols']['vrf'].items() %}
{% if 'static' in vrf_data %}
vrf {{ vrf_name }} {
static {
{% for route_name, route_data in vrf_data['static'].get('route',{}).items() %}
route {{ route_name }} {
{% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %}
next-hop {{ nexthop }} {
}
{% endfor %}
{% if route_data.get('blackhole',None) %}
blackhole {
distance {{ route_data['blackhole'].get('distance',254) }}
}
{% endif %}
}
{% endfor %}
{% for route_name, route_data in vrf_data['static'].get('route6',{}).items() %}
route6 {{ route_name }} {
{% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %}
next-hop {{ nexthop }} {
}
{% endfor %}
{% if route_data.get('blackhole',None) %}
blackhole {
distance {{ route_data['blackhole'].get('distance',254) }}
}
{% endif %}
}
{% endfor %}
}
}
{% endif %}
{% endfor %}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- BGP -=-=-=-=-=-=-=-=-=-=-=-=-=- */
{% for bgp_as, as_data in salt['pillar.get']('protocols:bgp',{}).items() %}
@ -1441,9 +1488,11 @@ service {
trap-target {{ trap_target }} {
}
{% endfor %}
{% if salt['pillar.get']('service:snmp:vrf') %}vrf {{ salt['pillar.get']('service:snmp:vrf') }}{% endif %}
}
ssh {
listen-address {{ pillar['service']['ssh']['listen-address'] }}
{% if salt['pillar.get']('service:snmp:vrf') %}vrf {{ salt['pillar.get']('service:snmp:vrf') }}{% endif %}
ciphers chacha20-poly1305@openssh.com
ciphers aes256-gcm@openssh.com
ciphers aes128-gcm@openssh.com
@ -1522,6 +1571,7 @@ system {
{% endif %}
{% else %}
radius {
{% if salt['pillar.get']('radius:vrf') %}vrf {{ salt['pillar.get']('radius:vrf') }}{% endif %}
{% for server, server_data in salt['pillar.get']('radius:server',{}).items() %}
server {{ server }} {
key {{ server_data.get('key',server_data.get('secret','')) }}