From 688784a0fff94866b1fa283fd6d22d5b6d08edf1 Mon Sep 17 00:00:00 2001 From: Marek Isalski Date: Fri, 2 Aug 2019 07:04:05 +0100 Subject: [PATCH] route-maps for redistribute in BGP; allowas-in; communities; flow accounting --- vyos.conf.j2 | 102 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 98 insertions(+), 4 deletions(-) diff --git a/vyos.conf.j2 b/vyos.conf.j2 index e0756eb..f3d9807 100644 --- a/vyos.conf.j2 +++ b/vyos.conf.j2 @@ -208,19 +208,33 @@ protocols { {% if as_data['address-family'].get('ipv4-unicast',None) %} ipv4-unicast { redistribute { - {% for redistribute in as_data['address-family']['ipv4-unicast'].get('redistribute',[]) %} - {{ redistribute }} {} + {% for redistribute, redist_data in as_data['address-family']['ipv4-unicast'].get('redistribute',{}).items() %} + {{ redistribute }} { + {% if 'route-map' in redist_data %}route-map {{ redist_data['route-map'] }}{% endif %} + } {% endfor %} } + {% for network, network_data in as_data['address-family']['ipv4-unicast'].get('network',{}).items() %} + network {{ network }} { + {% if 'route-map' in network_data %}route-map {{ network_data['route-map'] }}{% endif %} + } + {% endfor %} } {% endif %} {% if as_data['address-family'].get('ipv6-unicast',None) %} ipv6-unicast { redistribute { - {% for redistribute in as_data['address-family']['ipv6-unicast'].get('redistribute',[]) %} - {{ redistribute }} {} + {% for redistribute, redist_data in as_data['address-family']['ipv6-unicast'].get('redistribute',{}).items() %} + {{ redistribute }} { + {% if 'route-map' in redist_data %}route-map {{ redist_data['route-map'] }}{% endif %} + } {% endfor %} } + {% for network, network_data in as_data['address-family']['ipv6-unicast'].get('network',{}).items() %} + network {{ network }} { + {% if 'route-map' in network_data %}route-map {{ network_data['route-map'] }}{% endif %} + } + {% endfor %} } {% endif %} } @@ -255,6 +269,11 @@ protocols { {% endfor %} } {% endif %} + {% if 'allowas-in' in neighbor_data['address-family']['ipv4-unicast'] %} + allowas-in { + {# neighbor_data['address-family']['ipv4-unicast']['allowas-in'] #} + } + {% endif %} } {% endif %} {% if 'ipv6-unicast' in neighbor_data['address-family'] %} @@ -278,6 +297,11 @@ protocols { {% endfor %} } {% endif %} + {% if 'allowas-in' in neighbor_data['address-family']['ipv6-unicast'] %} + allowas-in { + {# neighbor_data['address-family']['ipv6-unicast']['allowas-in'] #} + } + {% endif %} } {% endif %} } @@ -748,6 +772,61 @@ policy { } } + + + {% include "route-map/self.j2" %} + + + + {% for community_list_name, cm_data in pillar['policy']['community-list'].items() %} + community-list {{ community_list_name }} { + {% for group in cm_data %} + rule {{ loop.index }} { + regex "{{ group['community'] }}" + action permit + } + {% endfor %} + } + {% endfor %} + + {% for route_map_name, af_pg in pillar['policy']['route-map'].items() %}{% for af, prefix_groups in af_pg.items() %} + route-map {{ route_map_name }}-{{ af }} { + {% for group in prefix_groups %} + rule {{ loop.index }} { + match { + {% if 'match-prefix-list' in group %} + {% if af=="IPv4" %}ip{% elif af=="IPv6" %}ipv6{% endif %} { + address { + prefix-list {{ group['match-prefix-list'] }} + } + } + {% endif %} + {% if 'match-community' in group %} + community { + community-list {{ group['match-community'] }} + } + {% endif %} + } + action permit + {% if 'on-match' in group %} + on-match { + {{ group['on-match'] }} + } + {% endif %} + {% if 'continue' in group %} + continue {% if group['continue'] == 'next' %}{{ loop.index+1 }}{% else %}{{ group['continue'] }}{% endif %} + {% endif %} + set { + {% if 'set-community' in group %}community {{ group['set-community'] }}{% endif %} + {% if 'set-local-preference' in group %}local-preference {{ group['set-local-preference'] }}{% endif %} + } + } + {% endfor %} + } + {% endfor %}{% endfor %} + + + {% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list {{ prefix_list_name }} { {% if 'bgpq3' in prefix_data %} @@ -859,6 +938,21 @@ system { } } + flow-accounting { + {% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if salt['pillar.get']('interfaces:'+iface_name+':netflow') %} + interface {{ iface_name }} + {% endif %}{% endfor %} + netflow { + sampling-rate {{ pillar['netflow']['sampling-rate']}} + {% for server in pillar['netflow']['servers'] %} + server {{ server.split(":")[0] }} { + port {{ server.split(":")[1] }} + } + {% endfor %} + version 9 + } + } + host-name {{ grains['fqdn'] }} ip {