From 45357cd56131390b867d944af8de927d19e4135d Mon Sep 17 00:00:00 2001 From: Marek Isalski Date: Tue, 27 Apr 2021 17:02:51 +0100 Subject: [PATCH] add community_affects route-map magic --- vyos.conf.j2 | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 99 insertions(+), 1 deletion(-) diff --git a/vyos.conf.j2 b/vyos.conf.j2 index ec35633..15538fe 100644 --- a/vyos.conf.j2 +++ b/vyos.conf.j2 @@ -1357,7 +1357,105 @@ policy { } {% endfor %}{% endfor %} - + {% if 'community_affects_route_maps' in pillar and 'site_codes' in pillar and 'community_affects_prepend_asn' in pillar %} + {% for route_map_prefix,community_suffixes in pillar.get('community_affects',{}).items() %} + {% for community_suffix in community_suffixes %} + {% for digit in "01239" %} + community-list community_affects_65XX{{ digit }}_{{ community_suffix }} { + {% for site_code in ['00'] + pillar['site_codes'] %} + rule {{ loop.index }} { + action 'permit' + regex 65{{ site_code }}0:{{ community_suffix }} + } + {% endfor %} + } + {% endfor %} + {% endfor %} + {% for af in ['IPv4','IPv6'] %} + {% for rm in pillar['community_affects_route_maps'] %} + route-map {{ route_map_prefix }}-{{ rm }}-{{ af }} { + {% for community_suffix in community_suffixes %} + rule {{ loop.index*10 }} { + match { + community { + community-list community_affects_65XX0_{{ community_suffix }} + } + } + action deny + } + rule {{ loop.index*10 + 1 }} { + match { + community { + community-list community_affects_65XX1_{{ community_suffix }} + } + } + set { + as-path-prepend "{{ pillar['community_affects_prepend_asn'] }}" + } + call {{ rm }}-{{ af }} + action permit + } + rule {{ loop.index*10 + 2 }} { + match { + community { + community-list community_affects_65XX2_{{ community_suffix }} + } + } + set { + as-path-prepend "{{ pillar['community_affects_prepend_asn'] }} {{ pillar['community_affects_prepend_asn'] }}" + } + call {{ rm }}-{{ af }} + action permit + } + rule {{ loop.index*10 + 3 }} { + match { + community { + community-list community_affects_65XX3_{{ community_suffix }} + } + } + set { + as-path-prepend "{{ pillar['community_affects_prepend_asn'] }} {{ pillar['community_affects_prepend_asn'] }} {{ pillar['community_affects_prepend_asn'] }}" + } + call {{ rm }}-{{ af }} + action permit + } + rule {{ loop.index*10 + 9 }} { + match { + community { + community-list community_affects_65XX9_{{ community_suffix }} + } + } + set { + community "additive no-export" + } + call {{ rm }}-{{ af }} + action permit + } + {% endfor %} + rule 65535 { + match { + {% if af == "IPv4" %} + ip { + address { + prefix-list hphr-DFZ-IPv4 + } + } + {% elif af == "IPv6" %} + ipv6 { + address { + prefix-list hphr-DFZ-IPv6 + } + } + {% endif %} + } + call {{ rm }}-{{ af }} + action permit + } + } + {% endfor %} + {% endfor %} + {% endfor %} + {% endif %} {% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list {{ prefix_list_name }} {