FAELIX/hphr
FAELIX/hphr
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

route-maps for redistribute in BGP; allowas-in; communities; flow accounting

Browse Source
This commit is contained in:
Marek Isalski 2019-08-02 07:04:05 +01:00
parent 082cdd1f0c
commit 688784a0ff
1 changed files with 98 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
vyos.conf.j2
View File

@ -208,19 +208,33 @@ protocols {
{% if as_data['address-family'].get('ipv4-unicast',None) %}
ipv4-unicast {
redistribute {
{% for redistribute in as_data['address-family']['ipv4-unicast'].get('redistribute',[]) %}
{{ redistribute }} {}
{% for redistribute, redist_data in as_data['address-family']['ipv4-unicast'].get('redistribute',{}).items() %}
{{ redistribute }} {
{% if 'route-map' in redist_data %}route-map {{ redist_data['route-map'] }}{% endif %}
}
{% endfor %}
}
{% for network, network_data in as_data['address-family']['ipv4-unicast'].get('network',{}).items() %}
network {{ network }} {
{% if 'route-map' in network_data %}route-map {{ network_data['route-map'] }}{% endif %}
}
{% endfor %}
}
{% endif %}
{% if as_data['address-family'].get('ipv6-unicast',None) %}
ipv6-unicast {
redistribute {
{% for redistribute in as_data['address-family']['ipv6-unicast'].get('redistribute',[]) %}
{{ redistribute }} {}
{% for redistribute, redist_data in as_data['address-family']['ipv6-unicast'].get('redistribute',{}).items() %}
{{ redistribute }} {
{% if 'route-map' in redist_data %}route-map {{ redist_data['route-map'] }}{% endif %}
}
{% endfor %}
}
{% for network, network_data in as_data['address-family']['ipv6-unicast'].get('network',{}).items() %}
network {{ network }} {
{% if 'route-map' in network_data %}route-map {{ network_data['route-map'] }}{% endif %}
}
{% endfor %}
}
{% endif %}
}
@ -255,6 +269,11 @@ protocols {
{% endfor %}
}
{% endif %}
{% if 'allowas-in' in neighbor_data['address-family']['ipv4-unicast'] %}
allowas-in {
{# neighbor_data['address-family']['ipv4-unicast']['allowas-in'] #}
}
{% endif %}
}
{% endif %}
{% if 'ipv6-unicast' in neighbor_data['address-family'] %}
@ -278,6 +297,11 @@ protocols {
{% endfor %}
}
{% endif %}
{% if 'allowas-in' in neighbor_data['address-family']['ipv6-unicast'] %}
allowas-in {
{# neighbor_data['address-family']['ipv6-unicast']['allowas-in'] #}
}
{% endif %}
}
{% endif %}
}
@ -748,6 +772,61 @@ policy {
}
}
{% include "route-map/self.j2" %}
{% for community_list_name, cm_data in pillar['policy']['community-list'].items() %}
community-list {{ community_list_name }} {
{% for group in cm_data %}
rule {{ loop.index }} {
regex "{{ group['community'] }}"
action permit
}
{% endfor %}
}
{% endfor %}
{% for route_map_name, af_pg in pillar['policy']['route-map'].items() %}{% for af, prefix_groups in af_pg.items() %}
route-map {{ route_map_name }}-{{ af }} {
{% for group in prefix_groups %}
rule {{ loop.index }} {
match {
{% if 'match-prefix-list' in group %}
{% if af=="IPv4" %}ip{% elif af=="IPv6" %}ipv6{% endif %} {
address {
prefix-list {{ group['match-prefix-list'] }}
}
}
{% endif %}
{% if 'match-community' in group %}
community {
community-list {{ group['match-community'] }}
}
{% endif %}
}
action permit
{% if 'on-match' in group %}
on-match {
{{ group['on-match'] }}
}
{% endif %}
{% if 'continue' in group %}
continue {% if group['continue'] == 'next' %}{{ loop.index+1 }}{% else %}{{ group['continue'] }}{% endif %}
{% endif %}
set {
{% if 'set-community' in group %}community {{ group['set-community'] }}{% endif %}
{% if 'set-local-preference' in group %}local-preference {{ group['set-local-preference'] }}{% endif %}
}
}
{% endfor %}
}
{% endfor %}{% endfor %}
{% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %}
prefix-list {{ prefix_list_name }} {
{% if 'bgpq3' in prefix_data %}
@ -859,6 +938,21 @@ system {
}
}
flow-accounting {
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if salt['pillar.get']('interfaces:'+iface_name+':netflow') %}
interface {{ iface_name }}
{% endif %}{% endfor %}
netflow {
sampling-rate {{ pillar['netflow']['sampling-rate']}}
{% for server in pillar['netflow']['servers'] %}
server {{ server.split(":")[0] }} {
port {{ server.split(":")[1] }}
}
{% endfor %}
version 9
}
}
host-name {{ grains['fqdn'] }}
ip {