From f3cc2d263c2a07d38d73ba458a6195aa408ef760 Mon Sep 17 00:00:00 2001 From: "Amit M. Shenoy" Date: Thu, 21 Nov 2024 07:48:00 -0800 Subject: [PATCH 1/2] Feat(eos_designs): Add revised schema to support L3 Port-Channel interfaces --- ...ode-type-l3-port-channels-configuration.md | 797 ++++++++++++++++++ .../schema/eos_designs.schema.yml | 238 ++++++ .../defs_node_type.schema.yml | 8 + ...defs_node_type_l3_port_channels.schema.yml | 227 +++++ 4 files changed, 1270 insertions(+) create mode 100644 ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md create mode 100644 python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md new file mode 100644 index 00000000000..00496f9888a --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md @@ -0,0 +1,797 @@ + +=== "Table" + + | Variable | Type | Required | Default | Value Restrictions | Description | + | -------- | ---- | -------- | ------- | ------------------ | ----------- | + | [<node_type_keys.key>](## "") | Dictionary | | | | | + | [  defaults](## ".defaults") | Dictionary | | | | Define variables for all nodes of this type. | + | [    l3_port_channels](## ".defaults.l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [      - name](## ".defaults.l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | + | [        description](## ".defaults.l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | + | [        mode](## ".defaults.l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [        member_interfaces](## ".defaults.l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | + | [          - name](## ".defaults.l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | + | [            description](## ".defaults.l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | + | [            peer](## ".defaults.l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | + | [            peer_interface](## ".defaults.l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | + | [            speed](## ".defaults.l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [        ip_address](## ".defaults.l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | + | [        dhcp_ip](## ".defaults.l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | + | [        public_ip](## ".defaults.l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | + | [        encapsulation_dot1q_vlan](## ".defaults.l3_port_channels.[].encapsulation_dot1q_vlan") | Integer | | | Min: 1
Max: 4094 | For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. | + | [        dhcp_accept_default_route](## ".defaults.l3_port_channels.[].dhcp_accept_default_route") | Boolean | | `True` | | Accept a default route from DHCP if `ip_address` is set to `dhcp`. | + | [        enabled](## ".defaults.l3_port_channels.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | + | [        peer](## ".defaults.l3_port_channels.[].peer") | String | | | | The peer device name. Used for description and documentation. | + | [        peer_port_channel](## ".defaults.l3_port_channels.[].peer_port_channel") | String | | | | The peer device port-channel interface. Used for description and documentation. | + | [        peer_ip](## ".defaults.l3_port_channels.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [        bgp](## ".defaults.l3_port_channels.[].bgp") | Dictionary | | | | Enforce IPv4 BGP peering for the peer | + | [          peer_as](## ".defaults.l3_port_channels.[].bgp.peer_as") | String | Required | | | BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. | + | [          ipv4_prefix_list_in](## ".defaults.l3_port_channels.[].bgp.ipv4_prefix_list_in") | String | | | | Prefix List Name. Accept routes for only these prefixes from the peer.
Required for wan interfaces. | + | [          ipv4_prefix_list_out](## ".defaults.l3_port_channels.[].bgp.ipv4_prefix_list_out") | String | | | | Prefix List Name. Advertise routes for only these prefixes.
If not specified, nothing would be advertised. | + | [        ipv4_acl_in](## ".defaults.l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [        ipv4_acl_out](## ".defaults.l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | + | [        static_routes](## ".defaults.l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | + | [          - prefix](## ".defaults.l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [        qos_profile](## ".defaults.l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | + | [        wan_carrier](## ".defaults.l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | + | [        wan_circuit_id](## ".defaults.l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [        connected_to_pathfinder](## ".defaults.l3_port_channels.[].connected_to_pathfinder") | Boolean | | `True` | | For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. | + | [        cv_pathfinder_internet_exit](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit") | Dictionary | | | | PREVIEW: This key is in preview mode | + | [          policies](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | + | [            - name](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | + | [              tunnel_interface_numbers](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | + | [        raw_eos_cli](## ".defaults.l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | + | [        flow_tracking](## ".defaults.l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [          enabled](## ".defaults.l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | + | [          name](## ".defaults.l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | + | [        structured_config](## ".defaults.l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | + | [  node_groups](## ".node_groups") | List, items: Dictionary | | | | Define variables related to all nodes part of this group. | + | [    - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
| + | [      nodes](## ".node_groups.[].nodes") | List, items: Dictionary | | | | Define variables per node. | + | [        - name](## ".node_groups.[].nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | + | [          l3_port_channels](## ".node_groups.[].nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [            - name](## ".node_groups.[].nodes.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | + | [              description](## ".node_groups.[].nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | + | [              mode](## ".node_groups.[].nodes.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [              member_interfaces](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | + | [                - name](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | + | [                  description](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | + | [                  peer](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | + | [                  peer_interface](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | + | [                  speed](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [              ip_address](## ".node_groups.[].nodes.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | + | [              dhcp_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | + | [              public_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | + | [              encapsulation_dot1q_vlan](## ".node_groups.[].nodes.[].l3_port_channels.[].encapsulation_dot1q_vlan") | Integer | | | Min: 1
Max: 4094 | For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. | + | [              dhcp_accept_default_route](## ".node_groups.[].nodes.[].l3_port_channels.[].dhcp_accept_default_route") | Boolean | | `True` | | Accept a default route from DHCP if `ip_address` is set to `dhcp`. | + | [              enabled](## ".node_groups.[].nodes.[].l3_port_channels.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | + | [              peer](## ".node_groups.[].nodes.[].l3_port_channels.[].peer") | String | | | | The peer device name. Used for description and documentation. | + | [              peer_port_channel](## ".node_groups.[].nodes.[].l3_port_channels.[].peer_port_channel") | String | | | | The peer device port-channel interface. Used for description and documentation. | + | [              peer_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [              bgp](## ".node_groups.[].nodes.[].l3_port_channels.[].bgp") | Dictionary | | | | Enforce IPv4 BGP peering for the peer | + | [                peer_as](## ".node_groups.[].nodes.[].l3_port_channels.[].bgp.peer_as") | String | Required | | | BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. | + | [                ipv4_prefix_list_in](## ".node_groups.[].nodes.[].l3_port_channels.[].bgp.ipv4_prefix_list_in") | String | | | | Prefix List Name. Accept routes for only these prefixes from the peer.
Required for wan interfaces. | + | [                ipv4_prefix_list_out](## ".node_groups.[].nodes.[].l3_port_channels.[].bgp.ipv4_prefix_list_out") | String | | | | Prefix List Name. Advertise routes for only these prefixes.
If not specified, nothing would be advertised. | + | [              ipv4_acl_in](## ".node_groups.[].nodes.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [              ipv4_acl_out](## ".node_groups.[].nodes.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | + | [              static_routes](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | + | [                - prefix](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [              qos_profile](## ".node_groups.[].nodes.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | + | [              wan_carrier](## ".node_groups.[].nodes.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | + | [              wan_circuit_id](## ".node_groups.[].nodes.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [              connected_to_pathfinder](## ".node_groups.[].nodes.[].l3_port_channels.[].connected_to_pathfinder") | Boolean | | `True` | | For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. | + | [              cv_pathfinder_internet_exit](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit") | Dictionary | | | | PREVIEW: This key is in preview mode | + | [                policies](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | + | [                  - name](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | + | [                    tunnel_interface_numbers](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | + | [              raw_eos_cli](## ".node_groups.[].nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | + | [              flow_tracking](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [                enabled](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | + | [                name](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | + | [              structured_config](## ".node_groups.[].nodes.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | + | [      l3_port_channels](## ".node_groups.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [        - name](## ".node_groups.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | + | [          description](## ".node_groups.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | + | [          mode](## ".node_groups.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [          member_interfaces](## ".node_groups.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | + | [            - name](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | + | [              description](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | + | [              peer](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | + | [              peer_interface](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | + | [              speed](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [          ip_address](## ".node_groups.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | + | [          dhcp_ip](## ".node_groups.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | + | [          public_ip](## ".node_groups.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | + | [          encapsulation_dot1q_vlan](## ".node_groups.[].l3_port_channels.[].encapsulation_dot1q_vlan") | Integer | | | Min: 1
Max: 4094 | For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. | + | [          dhcp_accept_default_route](## ".node_groups.[].l3_port_channels.[].dhcp_accept_default_route") | Boolean | | `True` | | Accept a default route from DHCP if `ip_address` is set to `dhcp`. | + | [          enabled](## ".node_groups.[].l3_port_channels.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | + | [          peer](## ".node_groups.[].l3_port_channels.[].peer") | String | | | | The peer device name. Used for description and documentation. | + | [          peer_port_channel](## ".node_groups.[].l3_port_channels.[].peer_port_channel") | String | | | | The peer device port-channel interface. Used for description and documentation. | + | [          peer_ip](## ".node_groups.[].l3_port_channels.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [          bgp](## ".node_groups.[].l3_port_channels.[].bgp") | Dictionary | | | | Enforce IPv4 BGP peering for the peer | + | [            peer_as](## ".node_groups.[].l3_port_channels.[].bgp.peer_as") | String | Required | | | BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. | + | [            ipv4_prefix_list_in](## ".node_groups.[].l3_port_channels.[].bgp.ipv4_prefix_list_in") | String | | | | Prefix List Name. Accept routes for only these prefixes from the peer.
Required for wan interfaces. | + | [            ipv4_prefix_list_out](## ".node_groups.[].l3_port_channels.[].bgp.ipv4_prefix_list_out") | String | | | | Prefix List Name. Advertise routes for only these prefixes.
If not specified, nothing would be advertised. | + | [          ipv4_acl_in](## ".node_groups.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [          ipv4_acl_out](## ".node_groups.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | + | [          static_routes](## ".node_groups.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | + | [            - prefix](## ".node_groups.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [          qos_profile](## ".node_groups.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | + | [          wan_carrier](## ".node_groups.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | + | [          wan_circuit_id](## ".node_groups.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [          connected_to_pathfinder](## ".node_groups.[].l3_port_channels.[].connected_to_pathfinder") | Boolean | | `True` | | For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. | + | [          cv_pathfinder_internet_exit](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit") | Dictionary | | | | PREVIEW: This key is in preview mode | + | [            policies](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | + | [              - name](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | + | [                tunnel_interface_numbers](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | + | [          raw_eos_cli](## ".node_groups.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | + | [          flow_tracking](## ".node_groups.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [            enabled](## ".node_groups.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | + | [            name](## ".node_groups.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | + | [          structured_config](## ".node_groups.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | + | [  nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. | + | [    - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | + | [      l3_port_channels](## ".nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [        - name](## ".nodes.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | + | [          description](## ".nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | + | [          mode](## ".nodes.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [          member_interfaces](## ".nodes.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | + | [            - name](## ".nodes.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | + | [              description](## ".nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | + | [              peer](## ".nodes.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | + | [              peer_interface](## ".nodes.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | + | [              speed](## ".nodes.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [          ip_address](## ".nodes.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | + | [          dhcp_ip](## ".nodes.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | + | [          public_ip](## ".nodes.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | + | [          encapsulation_dot1q_vlan](## ".nodes.[].l3_port_channels.[].encapsulation_dot1q_vlan") | Integer | | | Min: 1
Max: 4094 | For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. | + | [          dhcp_accept_default_route](## ".nodes.[].l3_port_channels.[].dhcp_accept_default_route") | Boolean | | `True` | | Accept a default route from DHCP if `ip_address` is set to `dhcp`. | + | [          enabled](## ".nodes.[].l3_port_channels.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | + | [          peer](## ".nodes.[].l3_port_channels.[].peer") | String | | | | The peer device name. Used for description and documentation. | + | [          peer_port_channel](## ".nodes.[].l3_port_channels.[].peer_port_channel") | String | | | | The peer device port-channel interface. Used for description and documentation. | + | [          peer_ip](## ".nodes.[].l3_port_channels.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [          bgp](## ".nodes.[].l3_port_channels.[].bgp") | Dictionary | | | | Enforce IPv4 BGP peering for the peer | + | [            peer_as](## ".nodes.[].l3_port_channels.[].bgp.peer_as") | String | Required | | | BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. | + | [            ipv4_prefix_list_in](## ".nodes.[].l3_port_channels.[].bgp.ipv4_prefix_list_in") | String | | | | Prefix List Name. Accept routes for only these prefixes from the peer.
Required for wan interfaces. | + | [            ipv4_prefix_list_out](## ".nodes.[].l3_port_channels.[].bgp.ipv4_prefix_list_out") | String | | | | Prefix List Name. Advertise routes for only these prefixes.
If not specified, nothing would be advertised. | + | [          ipv4_acl_in](## ".nodes.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [          ipv4_acl_out](## ".nodes.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | + | [          static_routes](## ".nodes.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | + | [            - prefix](## ".nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [          qos_profile](## ".nodes.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | + | [          wan_carrier](## ".nodes.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | + | [          wan_circuit_id](## ".nodes.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [          connected_to_pathfinder](## ".nodes.[].l3_port_channels.[].connected_to_pathfinder") | Boolean | | `True` | | For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. | + | [          cv_pathfinder_internet_exit](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit") | Dictionary | | | | PREVIEW: This key is in preview mode | + | [            policies](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | + | [              - name](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | + | [                tunnel_interface_numbers](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | + | [          raw_eos_cli](## ".nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | + | [          flow_tracking](## ".nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [            enabled](## ".nodes.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | + | [            name](## ".nodes.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | + | [          structured_config](## ".nodes.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | + +=== "YAML" + + ```yaml + : + + # Define variables for all nodes of this type. + defaults: + + # L3 Port-Channel interfaces to configure on the node. + # Used to define the node for WAN interfaces when `wan_carrier` is set. + l3_port_channels: + + # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + # For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + - name: + + # Interface description. + # If not set a default description will be configured with '[[ ]]'. + description: + + # Port-Channel mode. + # Should not be set on Port-Channel subinterfaces. + mode: + + # Port-Channel member interfaces. + # Should not be set on Port-Channel subinterfaces. + member_interfaces: + + # Ethernet interface name like 'Ethernet2'. + # Member interface cannot be subinterface. + - name: + + # Interface description for this member. + # If not set a default description will be configured with '[[ ]]'. + description: + + # The peer device name. Used for description and documentation. + # If not set, this inherits the peer setting on the port-channel interface. + peer: + + # The peer device interface. Used for description and documentation. + peer_interface: + + # Speed should be set in the format `` or `forced ` or `auto `. + speed: + + # Node IPv4 address/Mask or 'dhcp'. + ip_address: + + # When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + # IPv4 address (without mask) to be allocated on the interface if known. + # This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + # set under `ipv4_acl_in` and `ipv4_acl_out`. + dhcp_ip: + + # Node IPv4 address (no mask). + # + # This is used to get the public IP (if known) when the device is behind NAT. + # This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + # with the following preference: + # `wan_route_servers.path_groups.interfaces.ip_address` + # -> `l3_port_channels.public_ip` + # -> `l3_port_channels.ip_address` + # + # The determined Public IP is used by WAN routers when peering with this interface. + public_ip: + + # For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + encapsulation_dot1q_vlan: + + # Accept a default route from DHCP if `ip_address` is set to `dhcp`. + dhcp_accept_default_route: + + # Enable or Shutdown the interface. + enabled: + + # The peer device name. Used for description and documentation. + peer: + + # The peer device port-channel interface. Used for description and documentation. + peer_port_channel: + + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + peer_ip: + + # Enforce IPv4 BGP peering for the peer + bgp: + + # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. + peer_as: + + # Prefix List Name. Accept routes for only these prefixes from the peer. + # Required for wan interfaces. + ipv4_prefix_list_in: + + # Prefix List Name. Advertise routes for only these prefixes. + # If not specified, nothing would be advertised. + ipv4_prefix_list_out: + + # Name of the IPv4 access-list to be assigned in the ingress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + ipv4_acl_in: + + # Name of the IPv4 Access-list to be assigned in the egress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + ipv4_acl_out: + + # Configure IPv4 static routes pointing to `peer_ip`. + static_routes: # >=1 items + + # IPv4_network/Mask. + - prefix: + + # QOS service profile. + qos_profile: + + # The WAN carrier this interface is connected to. + # This is used to infer the path-groups in which this interface should be configured. + # Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_carrier: + + # The WAN circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + connected_to_pathfinder: + + # PREVIEW: This key is in preview mode + cv_pathfinder_internet_exit: + + # List of Internet-exit policies using this interface as exit. + policies: + + # Internet-exit policy name. + - name: + + # Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + # Examples: '1-3' or '100,200,300' + tunnel_interface_numbers: + + # EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: + + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + flow_tracking: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + + # Custom structured config for the Port-Channel interface. + structured_config: + + # Define variables related to all nodes part of this group. + node_groups: + + # The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'. + # The Node Group Name is also used for peer description on downstream switches' uplinks. + - group: + + # Define variables per node. + nodes: + + # The Node Name is used as "hostname". + - name: + + # L3 Port-Channel interfaces to configure on the node. + # Used to define the node for WAN interfaces when `wan_carrier` is set. + l3_port_channels: + + # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + # For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + - name: + + # Interface description. + # If not set a default description will be configured with '[[ ]]'. + description: + + # Port-Channel mode. + # Should not be set on Port-Channel subinterfaces. + mode: + + # Port-Channel member interfaces. + # Should not be set on Port-Channel subinterfaces. + member_interfaces: + + # Ethernet interface name like 'Ethernet2'. + # Member interface cannot be subinterface. + - name: + + # Interface description for this member. + # If not set a default description will be configured with '[[ ]]'. + description: + + # The peer device name. Used for description and documentation. + # If not set, this inherits the peer setting on the port-channel interface. + peer: + + # The peer device interface. Used for description and documentation. + peer_interface: + + # Speed should be set in the format `` or `forced ` or `auto `. + speed: + + # Node IPv4 address/Mask or 'dhcp'. + ip_address: + + # When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + # IPv4 address (without mask) to be allocated on the interface if known. + # This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + # set under `ipv4_acl_in` and `ipv4_acl_out`. + dhcp_ip: + + # Node IPv4 address (no mask). + # + # This is used to get the public IP (if known) when the device is behind NAT. + # This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + # with the following preference: + # `wan_route_servers.path_groups.interfaces.ip_address` + # -> `l3_port_channels.public_ip` + # -> `l3_port_channels.ip_address` + # + # The determined Public IP is used by WAN routers when peering with this interface. + public_ip: + + # For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + encapsulation_dot1q_vlan: + + # Accept a default route from DHCP if `ip_address` is set to `dhcp`. + dhcp_accept_default_route: + + # Enable or Shutdown the interface. + enabled: + + # The peer device name. Used for description and documentation. + peer: + + # The peer device port-channel interface. Used for description and documentation. + peer_port_channel: + + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + peer_ip: + + # Enforce IPv4 BGP peering for the peer + bgp: + + # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. + peer_as: + + # Prefix List Name. Accept routes for only these prefixes from the peer. + # Required for wan interfaces. + ipv4_prefix_list_in: + + # Prefix List Name. Advertise routes for only these prefixes. + # If not specified, nothing would be advertised. + ipv4_prefix_list_out: + + # Name of the IPv4 access-list to be assigned in the ingress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + ipv4_acl_in: + + # Name of the IPv4 Access-list to be assigned in the egress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + ipv4_acl_out: + + # Configure IPv4 static routes pointing to `peer_ip`. + static_routes: # >=1 items + + # IPv4_network/Mask. + - prefix: + + # QOS service profile. + qos_profile: + + # The WAN carrier this interface is connected to. + # This is used to infer the path-groups in which this interface should be configured. + # Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_carrier: + + # The WAN circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + connected_to_pathfinder: + + # PREVIEW: This key is in preview mode + cv_pathfinder_internet_exit: + + # List of Internet-exit policies using this interface as exit. + policies: + + # Internet-exit policy name. + - name: + + # Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + # Examples: '1-3' or '100,200,300' + tunnel_interface_numbers: + + # EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: + + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + flow_tracking: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + + # Custom structured config for the Port-Channel interface. + structured_config: + + # L3 Port-Channel interfaces to configure on the node. + # Used to define the node for WAN interfaces when `wan_carrier` is set. + l3_port_channels: + + # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + # For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + - name: + + # Interface description. + # If not set a default description will be configured with '[[ ]]'. + description: + + # Port-Channel mode. + # Should not be set on Port-Channel subinterfaces. + mode: + + # Port-Channel member interfaces. + # Should not be set on Port-Channel subinterfaces. + member_interfaces: + + # Ethernet interface name like 'Ethernet2'. + # Member interface cannot be subinterface. + - name: + + # Interface description for this member. + # If not set a default description will be configured with '[[ ]]'. + description: + + # The peer device name. Used for description and documentation. + # If not set, this inherits the peer setting on the port-channel interface. + peer: + + # The peer device interface. Used for description and documentation. + peer_interface: + + # Speed should be set in the format `` or `forced ` or `auto `. + speed: + + # Node IPv4 address/Mask or 'dhcp'. + ip_address: + + # When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + # IPv4 address (without mask) to be allocated on the interface if known. + # This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + # set under `ipv4_acl_in` and `ipv4_acl_out`. + dhcp_ip: + + # Node IPv4 address (no mask). + # + # This is used to get the public IP (if known) when the device is behind NAT. + # This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + # with the following preference: + # `wan_route_servers.path_groups.interfaces.ip_address` + # -> `l3_port_channels.public_ip` + # -> `l3_port_channels.ip_address` + # + # The determined Public IP is used by WAN routers when peering with this interface. + public_ip: + + # For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + encapsulation_dot1q_vlan: + + # Accept a default route from DHCP if `ip_address` is set to `dhcp`. + dhcp_accept_default_route: + + # Enable or Shutdown the interface. + enabled: + + # The peer device name. Used for description and documentation. + peer: + + # The peer device port-channel interface. Used for description and documentation. + peer_port_channel: + + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + peer_ip: + + # Enforce IPv4 BGP peering for the peer + bgp: + + # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. + peer_as: + + # Prefix List Name. Accept routes for only these prefixes from the peer. + # Required for wan interfaces. + ipv4_prefix_list_in: + + # Prefix List Name. Advertise routes for only these prefixes. + # If not specified, nothing would be advertised. + ipv4_prefix_list_out: + + # Name of the IPv4 access-list to be assigned in the ingress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + ipv4_acl_in: + + # Name of the IPv4 Access-list to be assigned in the egress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + ipv4_acl_out: + + # Configure IPv4 static routes pointing to `peer_ip`. + static_routes: # >=1 items + + # IPv4_network/Mask. + - prefix: + + # QOS service profile. + qos_profile: + + # The WAN carrier this interface is connected to. + # This is used to infer the path-groups in which this interface should be configured. + # Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_carrier: + + # The WAN circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + connected_to_pathfinder: + + # PREVIEW: This key is in preview mode + cv_pathfinder_internet_exit: + + # List of Internet-exit policies using this interface as exit. + policies: + + # Internet-exit policy name. + - name: + + # Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + # Examples: '1-3' or '100,200,300' + tunnel_interface_numbers: + + # EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: + + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + flow_tracking: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + + # Custom structured config for the Port-Channel interface. + structured_config: + + # Define variables per node. + nodes: + + # The Node Name is used as "hostname". + - name: + + # L3 Port-Channel interfaces to configure on the node. + # Used to define the node for WAN interfaces when `wan_carrier` is set. + l3_port_channels: + + # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + # For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + - name: + + # Interface description. + # If not set a default description will be configured with '[[ ]]'. + description: + + # Port-Channel mode. + # Should not be set on Port-Channel subinterfaces. + mode: + + # Port-Channel member interfaces. + # Should not be set on Port-Channel subinterfaces. + member_interfaces: + + # Ethernet interface name like 'Ethernet2'. + # Member interface cannot be subinterface. + - name: + + # Interface description for this member. + # If not set a default description will be configured with '[[ ]]'. + description: + + # The peer device name. Used for description and documentation. + # If not set, this inherits the peer setting on the port-channel interface. + peer: + + # The peer device interface. Used for description and documentation. + peer_interface: + + # Speed should be set in the format `` or `forced ` or `auto `. + speed: + + # Node IPv4 address/Mask or 'dhcp'. + ip_address: + + # When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + # IPv4 address (without mask) to be allocated on the interface if known. + # This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + # set under `ipv4_acl_in` and `ipv4_acl_out`. + dhcp_ip: + + # Node IPv4 address (no mask). + # + # This is used to get the public IP (if known) when the device is behind NAT. + # This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + # with the following preference: + # `wan_route_servers.path_groups.interfaces.ip_address` + # -> `l3_port_channels.public_ip` + # -> `l3_port_channels.ip_address` + # + # The determined Public IP is used by WAN routers when peering with this interface. + public_ip: + + # For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + encapsulation_dot1q_vlan: + + # Accept a default route from DHCP if `ip_address` is set to `dhcp`. + dhcp_accept_default_route: + + # Enable or Shutdown the interface. + enabled: + + # The peer device name. Used for description and documentation. + peer: + + # The peer device port-channel interface. Used for description and documentation. + peer_port_channel: + + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + peer_ip: + + # Enforce IPv4 BGP peering for the peer + bgp: + + # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. + peer_as: + + # Prefix List Name. Accept routes for only these prefixes from the peer. + # Required for wan interfaces. + ipv4_prefix_list_in: + + # Prefix List Name. Advertise routes for only these prefixes. + # If not specified, nothing would be advertised. + ipv4_prefix_list_out: + + # Name of the IPv4 access-list to be assigned in the ingress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + ipv4_acl_in: + + # Name of the IPv4 Access-list to be assigned in the egress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + ipv4_acl_out: + + # Configure IPv4 static routes pointing to `peer_ip`. + static_routes: # >=1 items + + # IPv4_network/Mask. + - prefix: + + # QOS service profile. + qos_profile: + + # The WAN carrier this interface is connected to. + # This is used to infer the path-groups in which this interface should be configured. + # Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_carrier: + + # The WAN circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + connected_to_pathfinder: + + # PREVIEW: This key is in preview mode + cv_pathfinder_internet_exit: + + # List of Internet-exit policies using this interface as exit. + policies: + + # Internet-exit policy name. + - name: + + # Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + # Examples: '1-3' or '100,200,300' + tunnel_interface_numbers: + + # EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: + + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + flow_tracking: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + + # Custom structured config for the Port-Channel interface. + structured_config: + ``` diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml index b241f60331a..df00851d787 100644 --- a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml @@ -9233,6 +9233,14 @@ $defs: description: 'L3 interface profile name. Profile defined under `l3_interface_profiles`. ' + l3_port_channels: + type: list + $ref: eos_designs#/$defs/node_type_l3_port_channels + documentation_options: + table: node-type-l3-port-channels-configuration + description: 'L3 Port-Channel interfaces to configure on the node. + + Used to define the node for WAN interfaces when `wan_carrier` is set.' data_plane_cpu_allocation_max: documentation_options: table: system-settings @@ -9512,6 +9520,236 @@ $defs: hide_keys: true description: Custom structured config for the Ethernet interface. $ref: eos_cli_config_gen#/keys/ethernet_interfaces/items + node_type_l3_port_channels: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + required: true + description: 'Port-Channel interface name like ''Port-Channel2'' or subinterface + name like ''Port-Channel2.42''. + + For a Port-Channel subinterface, the parent Port-Channel interface must + be defined as well.' + pattern: Port-Channel[\d/]+(.[\d]+)? + description: + type: str + description: 'Interface description. + + If not set a default description will be configured with ''[[ ]]''.' + mode: + type: str + description: 'Port-Channel mode. + + Should not be set on Port-Channel subinterfaces.' + valid_values: + - active + - passive + - 'on' + default: 'on' + member_interfaces: + description: 'Port-Channel member interfaces. + + Should not be set on Port-Channel subinterfaces.' + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + required: true + description: 'Ethernet interface name like ''Ethernet2''. + + Member interface cannot be subinterface.' + pattern: Ethernet[\d/]+ + description: + type: str + description: 'Interface description for this member. + + If not set a default description will be configured with ''[[ + ]]''.' + peer: + type: str + description: 'The peer device name. Used for description and documentation. + + If not set, this inherits the peer setting on the port-channel interface.' + peer_interface: + type: str + description: The peer device interface. Used for description and documentation. + speed: + type: str + description: Speed should be set in the format `` + or `forced ` or `auto `. + ip_address: + type: str + description: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + type: str + description: 'When the `ip_address` is `dhcp`, this optional field allows + to indicate the expected + + IPv4 address (without mask) to be allocated on the interface if known. + + This is not rendered in the configuration but can be used for substitution + of ''interface_ip'' in the Access-list + + set under `ipv4_acl_in` and `ipv4_acl_out`.' + public_ip: + type: str + description: "Node IPv4 address (no mask).\n\nThis is used to get the public + IP (if known) when the device is behind NAT.\nThis is only used for `wan_rr` + routers (AutoVPN RRs and Pathfinders) to determine the Public IP\nwith + the following preference:\n `wan_route_servers.path_groups.interfaces.ip_address`\n + \ -> `l3_port_channels.public_ip`\n -> `l3_port_channels.ip_address`\n\nThe + determined Public IP is used by WAN routers when peering with this interface." + encapsulation_dot1q_vlan: + description: For subinterfaces the dot1q vlan is derived from the interface + name by default, but can also be specified. + type: int + convert_types: + - str + min: 1 + max: 4094 + dhcp_accept_default_route: + type: bool + default: true + description: Accept a default route from DHCP if `ip_address` is set to + `dhcp`. + enabled: + type: bool + default: true + description: Enable or Shutdown the interface. + peer: + type: str + description: The peer device name. Used for description and documentation. + peer_port_channel: + type: str + description: The peer device port-channel interface. Used for description + and documentation. + peer_ip: + type: str + description: The peer device IPv4 address (no mask). Used as default route + gateway if `set_default_route` is true and `ip` is an IP address. + bgp: + type: dict + description: Enforce IPv4 BGP peering for the peer + keys: + peer_as: + type: str + required: true + convert_types: + - int + description: 'BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + + For asdot notation in YAML inputs, the value must be put in quotes, + to prevent it from being interpreted as a float number.' + ipv4_prefix_list_in: + type: str + description: 'Prefix List Name. Accept routes for only these prefixes + from the peer. + + Required for wan interfaces.' + ipv4_prefix_list_out: + type: str + description: 'Prefix List Name. Advertise routes for only these prefixes. + + If not specified, nothing would be advertised.' + ipv4_acl_in: + description: 'Name of the IPv4 access-list to be assigned in the ingress + direction. + + The access-list must be defined under `ipv4_acls` and supports field substitution + for "interface_ip" and "peer_ip". + + Required for all WAN interfaces (`wan_carrier` is set) unless the carrier + is marked as ''trusted'' under `wan_carriers`.' + type: str + convert_types: + - int + ipv4_acl_out: + description: 'Name of the IPv4 Access-list to be assigned in the egress + direction. + + The access-list must be defined under `ipv4_acls` and supports field substitution + for "interface_ip" and "peer_ip".' + type: str + convert_types: + - int + static_routes: + description: Configure IPv4 static routes pointing to `peer_ip`. + type: list + min_length: 1 + items: + type: dict + keys: + prefix: + type: str + required: true + description: IPv4_network/Mask. + qos_profile: + type: str + description: QOS service profile. + wan_carrier: + type: str + description: 'The WAN carrier this interface is connected to. + + This is used to infer the path-groups in which this interface should be + configured. + + Unless the carrier is marked as ''trusted'' under `wan_carriers`, `ipv4_acl_in` + is also required on all WAN interfaces.' + wan_circuit_id: + type: str + convert_types: + - int + description: 'The WAN circuit ID for this interface. + + This is not rendered in the configuration but used for WAN designs.' + connected_to_pathfinder: + type: bool + default: true + description: For a WAN interface (`wan_carrier` is set), allow to disable + the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + description: 'PREVIEW: This key is in preview mode' + type: dict + keys: + policies: + type: list + primary_key: name + description: List of Internet-exit policies using this interface as + exit. + items: + type: dict + keys: + name: + type: str + description: Internet-exit policy name. + tunnel_interface_numbers: + type: str + description: 'Number range to use for Tunnel interfaces to an + internet-exit service provider using this local interface. + + Examples: ''1-3'' or ''100,200,300''' + raw_eos_cli: + type: str + description: EOS CLI rendered directly on the interface in the final EOS + configuration. + flow_tracking: + type: dict + $ref: eos_designs#/$defs/flow_tracking_link + description: Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` + setting. + structured_config: + type: dict + documentation_options: + hide_keys: true + description: Custom structured config for the Port-Channel interface. + $ref: eos_cli_config_gen#/keys/port_channel_interfaces/items p2p_links: type: list items: diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml index af03a895337..3d3eb02d7e4 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml @@ -1384,6 +1384,14 @@ $defs: type: str description: | L3 interface profile name. Profile defined under `l3_interface_profiles`. + l3_port_channels: + type: list + $ref: "eos_designs#/$defs/node_type_l3_port_channels" + documentation_options: + table: node-type-l3-port-channels-configuration + description: |- + L3 Port-Channel interfaces to configure on the node. + Used to define the node for WAN interfaces when `wan_carrier` is set. data_plane_cpu_allocation_max: documentation_options: table: system-settings diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml new file mode 100644 index 00000000000..2478adf2783 --- /dev/null +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml @@ -0,0 +1,227 @@ +# Copyright (c) 2023-2024 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. +# yaml-language-server: $schema=../../../_schema/avd_meta_schema.json +# Line above is used by RedHat's YAML Schema vscode extension +# Use Ctrl + Space to get suggestions for every field. Autocomplete will pop up after typing 2 letters. +type: dict +$defs: + node_type_l3_port_channels: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + required: true + description: |- + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + pattern: "Port-Channel[\\d/]+(.[\\d]+)?" + description: + type: str + description: |- + Interface description. + If not set a default description will be configured with '[[ ]]'. + mode: + type: str + description: |- + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + valid_values: + - "active" + - "passive" + - "on" + default: "on" + member_interfaces: + description: |- + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + required: true + description: |- + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + pattern: "Ethernet[\\d/]+" + description: + type: str + description: |- + Interface description for this member. + If not set a default description will be configured with '[[ ]]'. + peer: + type: str + description: |- + The peer device name. Used for description and documentation. + If not set, this inherits the peer setting on the port-channel interface. + peer_interface: + type: str + description: |- + The peer device interface. Used for description and documentation. + speed: + type: str + description: |- + Speed should be set in the format `` or `forced ` or `auto `. + ip_address: + type: str + description: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + type: str + description: |- + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address (without mask) to be allocated on the interface if known. + This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and `ipv4_acl_out`. + public_ip: + type: str + description: |- + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` + + The determined Public IP is used by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + description: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + type: int + convert_types: + - str + min: 1 + max: 4094 + dhcp_accept_default_route: + type: bool + default: true + description: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: + type: bool + default: true + description: Enable or Shutdown the interface. + peer: + type: str + description: |- + The peer device name. Used for description and documentation. + peer_port_channel: + type: str + description: |- + The peer device port-channel interface. Used for description and documentation. + peer_ip: + type: str + description: |- + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + bgp: + type: dict + description: |- + Enforce IPv4 BGP peering for the peer + keys: + peer_as: + type: str + required: true + convert_types: + - int + description: 'BGP AS <1-4294967295> or AS number in asdot notation + "<1-65535>.<0-65535>". + + For asdot notation in YAML inputs, the value must be put in + quotes, to prevent it from being interpreted as a float number.' + ipv4_prefix_list_in: + type: str + description: |- + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + type: str + description: |- + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be advertised. + ipv4_acl_in: + description: |- + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + type: str + convert_types: + - int + ipv4_acl_out: + description: |- + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + type: str + convert_types: + - int + static_routes: + description: Configure IPv4 static routes pointing to `peer_ip`. + type: list + min_length: 1 + items: + type: dict + keys: + prefix: + type: str + required: true + description: IPv4_network/Mask. + qos_profile: + type: str + description: QOS service profile. + wan_carrier: + type: str + description: |- + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + type: str + convert_types: + - int + description: |- + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN designs. + connected_to_pathfinder: + type: bool + default: true + description: |- + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + description: |- + PREVIEW: This key is in preview mode + type: dict + keys: + policies: + type: list + primary_key: name + description: List of Internet-exit policies using this interface as exit. + items: + type: dict + keys: + name: + type: str + description: Internet-exit policy name. + tunnel_interface_numbers: + type: str + description: |- + Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + Examples: '1-3' or '100,200,300' + raw_eos_cli: + type: str + description: EOS CLI rendered directly on the interface in the final EOS configuration. + flow_tracking: + type: dict + $ref: "eos_designs#/$defs/flow_tracking_link" + description: |- + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + structured_config: + type: dict + documentation_options: + hide_keys: true + description: |- + Custom structured config for the Port-Channel interface. + $ref: "eos_cli_config_gen#/keys/port_channel_interfaces/items" From 41612ab5e09dfe62be8bdd064d4684cc208cca07 Mon Sep 17 00:00:00 2001 From: Carl Buchmann Date: Tue, 19 Nov 2024 09:44:12 -0500 Subject: [PATCH 2/2] Feat(eos_designs): Add suport for l3_port_channel_interfaces for WAN --- .../documentation/devices/inet-cloud.md | 42 +- .../documentation/devices/site3-wan1.md | 52 +- .../cv-pathfinder/group_vars/SITE3.yml | 19 +- .../cv-pathfinder/group_vars/TRANSPORTS.yml | 15 +- .../intended/configs/inet-cloud.cfg | 19 +- .../intended/configs/site3-wan1.cfg | 28 +- .../structured_configs/inet-cloud.yml | 25 +- .../structured_configs/site1-wan1.yml | 2 +- .../structured_configs/site1-wan2.yml | 2 +- .../structured_configs/site2-wan2.yml | 2 +- .../structured_configs/site3-wan1.yml | 51 +- .../ipv4-acl-in-missing-on-wan-interface.yml | 2 +- .../intended/configs/cv-pathfinder-edge.cfg | 23 + .../intended/configs/cv-pathfinder-edge1.cfg | 230 +- .../intended/configs/cv-pathfinder-edge2A.cfg | 24 + .../intended/configs/cv-pathfinder-edge2B.cfg | 23 + .../intended/configs/cv-pathfinder-edge3A.cfg | 24 + .../intended/configs/cv-pathfinder-edge3B.cfg | 23 + .../intended/configs/cv-pathfinder-edge4A.cfg | 24 + .../intended/configs/cv-pathfinder-edge4B.cfg | 24 + .../configs/cv-pathfinder-pathfinder.cfg | 25 + .../configs/cv-pathfinder-pathfinder1.cfg | 25 + .../configs/cv-pathfinder-pathfinder2.cfg | 25 + .../configs/cv-pathfinder-transit1A.cfg | 24 + .../configs/cv-pathfinder-transit1B.cfg | 24 + .../configs/node-type-l3-port-channels.cfg | 322 + .../structured_configs/cv-pathfinder-edge.yml | 24 + .../cv-pathfinder-edge1.yml | 432 +- .../cv-pathfinder-edge2A.yml | 25 + .../cv-pathfinder-edge2B.yml | 24 + .../cv-pathfinder-edge3A.yml | 25 + .../cv-pathfinder-edge3B.yml | 24 + .../cv-pathfinder-edge4A.yml | 29 + .../cv-pathfinder-edge4B.yml | 29 + .../cv-pathfinder-pathfinder.yml | 43 + .../cv-pathfinder-pathfinder1.yml | 43 + .../cv-pathfinder-pathfinder2.yml | 43 + .../cv-pathfinder-transit1A.yml | 25 + .../cv-pathfinder-transit1B.yml | 25 + .../node-type-l3-port-channels.yml | 586 ++ .../group_vars/CV_PATHFINDER_TESTS.yml | 108 +- .../host_vars/cv-pathfinder-edge1.yml | 7 + .../host_vars/node-type-l3-port-channels.yml | 169 + .../inventory/hosts.yml | 1 + .../management-flow-tracking-settings.md | 10 + .../node-type-l3-interfaces-configuration.md | 12 +- ...ode-type-l3-port-channels-configuration.md | 92 +- .../pyavd/_eos_designs/schema/__init__.py | 7168 ++++++++++++++--- .../schema/eos_designs.schema.yml | 28 +- .../defs_node_type.schema.yml | 2 - ...defs_node_type_l3_port_channels.schema.yml | 15 +- .../fabric_flow_tracking.schema.yml | 4 + .../shared_utils/flow_tracking.py | 4 + .../shared_utils/l3_interfaces.py | 50 +- .../pyavd/_eos_designs/shared_utils/misc.py | 93 +- .../_eos_designs/shared_utils/routing.py | 2 +- .../pyavd/_eos_designs/shared_utils/wan.py | 65 +- .../structured_config/base/__init__.py | 6 +- .../structured_config/base/utils.py | 2 +- .../structured_config/metadata/cv_tags.py | 54 +- .../network_services/utils_wan.py | 34 +- .../structured_config/overlay/stun.py | 2 + .../underlay/ethernet_interfaces.py | 12 + .../underlay/ip_access_lists.py | 11 +- .../underlay/port_channel_interfaces.py | 42 + .../underlay/static_routes.py | 14 +- .../structured_config/underlay/utils.py | 227 +- .../api/interface_descriptions/__init__.py | 10 +- 68 files changed, 9476 insertions(+), 1244 deletions(-) create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/node-type-l3-port-channels.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-port-channels.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/node-type-l3-port-channels.yml diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/inet-cloud.md b/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/inet-cloud.md index 5cf8a45f6d5..af2228d68c5 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/inet-cloud.md +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/inet-cloud.md @@ -26,6 +26,7 @@ - [Internal VLAN Allocation Policy Device Configuration](#internal-vlan-allocation-policy-device-configuration) - [Interfaces](#interfaces) - [Ethernet Interfaces](#ethernet-interfaces) + - [Port-Channel Interfaces](#port-channel-interfaces) - [Loopback Interfaces](#loopback-interfaces) - [Routing](#routing) - [Service Routing Protocols Model](#service-routing-protocols-model) @@ -235,7 +236,6 @@ dhcp server | -------------- | --------- | --------- | | Ethernet5 | True | False | | Ethernet6 | True | False | -| Ethernet8 | True | False | ## Monitoring @@ -306,7 +306,10 @@ vlan internal order ascending range 1006 1199 | Ethernet5 | site1-wan1-Ethernet4 | - | 100.64.10.1/24 | default | - | False | - | - | | Ethernet6 | site1-wan2-Ethernet4 | - | 100.64.11.1/24 | default | - | False | - | - | | Ethernet7 | site2-wan2-Ethernet4 | - | 100.64.21.1/24 | default | - | False | - | - | -| Ethernet8 | site3-wan1-Ethernet4 | - | 100.64.30.1/24 | default | - | False | - | - | +| Ethernet8 | - | 8 | *100.64.30.1/24 | **default | **- | *False | **- | **- | +| Ethernet9 | - | 8 | *100.64.30.1/24 | **default | **- | *False | **- | **- | + +*Inherited from Port-Channel Interface #### Ethernet Interfaces Device Configuration @@ -345,11 +348,44 @@ interface Ethernet7 ip address 100.64.21.1/24 ! interface Ethernet8 - description site3-wan1-Ethernet4 + no shutdown + speed forced 10000full + no switchport + channel-group 8 mode active +! +interface Ethernet9 + no shutdown + speed forced 10000full + no switchport + channel-group 8 mode active +``` + +### Port-Channel Interfaces + +#### Port-Channel Interfaces Summary + +##### L2 + +| Interface | Description | Mode | VLANs | Native VLAN | Trunk Group | LACP Fallback Timeout | LACP Fallback Mode | MLAG ID | EVPN ESI | +| --------- | ----------- | ---- | ----- | ----------- | ------------| --------------------- | ------------------ | ------- | -------- | + +##### IPv4 + +| Interface | Description | MLAG ID | IP Address | VRF | MTU | Shutdown | ACL In | ACL Out | +| --------- | ----------- | ------- | ---------- | --- | --- | -------- | ------ | ------- | +| Port-Channel8 | site3-wan1-Port-Channel4 | - | 100.64.30.1/24 | default | - | False | - | - | + +#### Port-Channel Interfaces Device Configuration + +```eos +! +interface Port-Channel8 + description site3-wan1-Port-Channel4 no shutdown no switchport ip address 100.64.30.1/24 dhcp server ipv4 + ``` ### Loopback Interfaces diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/site3-wan1.md b/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/site3-wan1.md index 334c7029489..b0200cebca4 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/site3-wan1.md +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/site3-wan1.md @@ -33,6 +33,7 @@ - [Interfaces](#interfaces) - [DPS Interfaces](#dps-interfaces) - [Ethernet Interfaces](#ethernet-interfaces) + - [Port-Channel Interfaces](#port-channel-interfaces) - [Loopback Interfaces](#loopback-interfaces) - [VXLAN Interface](#vxlan-interface) - [Routing](#routing) @@ -287,7 +288,7 @@ daemon TerminAttr | Tracker Name | Record Export On Inactive Timeout | Record Export On Interval | Number of Exporters | Applied On | | ------------ | --------------------------------- | ------------------------- | ------------------- | ---------- | -| FLOW-TRACKER | 70000 | 5000 | 1 | Dps1
Ethernet1.666
Ethernet1.42
Ethernet4 | +| FLOW-TRACKER | 70000 | 5000 | 1 | Dps1
Ethernet1.666
Ethernet1.42
Port-Channel4 | ##### Exporters Summary @@ -430,7 +431,10 @@ interface Dps1 | --------- | ----------- | ------------- | ---------- | ----| ---- | -------- | ------ | ------- | | Ethernet1.42 | RED-TEST | - | 10.42.3.1/24 | RED | - | False | - | - | | Ethernet1.666 | BLUE-TEST | - | 10.66.3.1/24 | BLUE | - | False | - | - | -| Ethernet4 | REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8 | - | dhcp | default | - | False | ACL-INTERNET-IN_Ethernet4 | - | +| Ethernet4 | REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud | 4 | *dhcp | **default | **- | *False | *ACL-INTERNET-IN_Port-Channel4 | **- | +| Ethernet5 | REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud | 4 | *dhcp | **default | **- | *False | *ACL-INTERNET-IN_Port-Channel4 | **- | + +*Inherited from Port-Channel Interface #### Ethernet Interfaces Device Configuration @@ -459,13 +463,47 @@ interface Ethernet1.666 ip address 10.66.3.1/24 ! interface Ethernet4 - description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8 + description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud + no shutdown + speed forced 10000full + no switchport + channel-group 4 mode active +! +interface Ethernet5 + description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud + no shutdown + speed forced 10000full + no switchport + channel-group 4 mode active +``` + +### Port-Channel Interfaces + +#### Port-Channel Interfaces Summary + +##### L2 + +| Interface | Description | Mode | VLANs | Native VLAN | Trunk Group | LACP Fallback Timeout | LACP Fallback Mode | MLAG ID | EVPN ESI | +| --------- | ----------- | ---- | ----- | ----------- | ------------| --------------------- | ------------------ | ------- | -------- | + +##### IPv4 + +| Interface | Description | MLAG ID | IP Address | VRF | MTU | Shutdown | ACL In | ACL Out | +| --------- | ----------- | ------- | ---------- | --- | --- | -------- | ------ | ------- | +| Port-Channel4 | REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Port-Channel8 | - | dhcp | default | - | False | ACL-INTERNET-IN_Port-Channel4 | - | + +#### Port-Channel Interfaces Device Configuration + +```eos +! +interface Port-Channel4 + description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Port-Channel8 no shutdown no switchport flow tracker hardware FLOW-TRACKER ip address dhcp dhcp client accept default-route - ip access-group ACL-INTERNET-IN_Ethernet4 in + ip access-group ACL-INTERNET-IN_Port-Channel4 in ``` ### Loopback Interfaces @@ -1011,7 +1049,7 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.255.11:203 ```eos ! -ip access-list ACL-INTERNET-IN_Ethernet4 +ip access-list ACL-INTERNET-IN_Port-Channel4 1 remark Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface 10 permit udp any host 100.64.30.2 eq isakmp non500-isakmp 30 permit icmp any host 100.64.30.2 @@ -1168,7 +1206,7 @@ application traffic recognition | Interface name | Public address | STUN server profile(s) | | -------------- | -------------- | ---------------------- | -| Ethernet4 | - | INTERNET-pf1-Ethernet2
INTERNET-pf2-Ethernet2 | +| Port-Channel4 | - | INTERNET-pf1-Ethernet2
INTERNET-pf2-Ethernet2 | ###### Dynamic Peers Settings @@ -1206,7 +1244,7 @@ router path-selection path-group INTERNET id 102 ipsec profile CP-PROFILE ! - local interface Ethernet4 + local interface Port-Channel4 stun server-profile INTERNET-pf1-Ethernet2 INTERNET-pf2-Ethernet2 ! peer dynamic diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/SITE3.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/SITE3.yml index c0d78381609..c3f1639569f 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/SITE3.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/SITE3.yml @@ -23,10 +23,21 @@ wan_router: id: 11 mgmt_ip: 192.168.17.20/24 uplink_switches: [site3-leaf1] - l3_interfaces: - - name: Ethernet4 - peer_interface: Ethernet8 + l3_port_channels: + - name: Port-Channel4 + mode: active + member_interfaces: + - name: Ethernet4 + speed: forced 10000full + - name: Ethernet5 + speed: forced 10000full + peer: inet-cloud + ip_address: dhcp dhcp_ip: 100.64.30.2 - profile: INTERNET-WAN-INTERFACE + dhcp_accept_default_route: true + ipv4_acl_in: ACL-INTERNET-IN + peer_port_channel: Port-Channel8 wan_carrier: REGION2-INTERNET-CORP wan_circuit_id: inet-site3-wan1 + flow_tracking: + enabled: true diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/TRANSPORTS.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/TRANSPORTS.yml index 3a289d70903..45f19c45942 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/TRANSPORTS.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/TRANSPORTS.yml @@ -50,11 +50,18 @@ spine: - name: Ethernet7 description: site2-wan2-Ethernet4 ip_address: 100.64.21.1/24 - - name: Ethernet8 - description: site3-wan1-Ethernet4 + l3_port_channels: + - name: Port-Channel8 + mode: active + description: site3-wan1-Port-Channel4 + member_interfaces: + - name: Ethernet8 + speed: forced 10000full + - name: Ethernet9 + speed: forced 10000full ip_address: 100.64.30.1/24 - structured_config: - dhcp_server_ipv4: true + raw_eos_cli: | + dhcp server ipv4 structured_config: router_bgp: # Neighbor definition for site2-wan2 diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/inet-cloud.cfg b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/inet-cloud.cfg index f38e4cdf0e6..0c8ca483342 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/inet-cloud.cfg +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/inet-cloud.cfg @@ -53,6 +53,14 @@ management api http-commands no shutdown ! aaa authorization exec default local +! +interface Port-Channel8 + description site3-wan1-Port-Channel4 + no shutdown + no switchport + ip address 100.64.30.1/24 + dhcp server ipv4 + ! interface Ethernet1 description pf1-Ethernet2 @@ -87,11 +95,16 @@ interface Ethernet7 ip address 100.64.21.1/24 ! interface Ethernet8 - description site3-wan1-Ethernet4 no shutdown + speed forced 10000full no switchport - ip address 100.64.30.1/24 - dhcp server ipv4 + channel-group 8 mode active +! +interface Ethernet9 + no shutdown + speed forced 10000full + no switchport + channel-group 8 mode active ! interface Loopback0 description ROUTER_ID diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/site3-wan1.cfg b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/site3-wan1.cfg index 58fbee377cb..65f4547c301 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/site3-wan1.cfg +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/site3-wan1.cfg @@ -104,7 +104,7 @@ router path-selection path-group INTERNET id 102 ipsec profile CP-PROFILE ! - local interface Ethernet4 + local interface Port-Channel4 stun server-profile INTERNET-pf1-Ethernet2 INTERNET-pf2-Ethernet2 ! peer dynamic @@ -196,6 +196,15 @@ ip security key controller profile DP-PROFILE ! +interface Port-Channel4 + description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Port-Channel8 + no shutdown + no switchport + flow tracker hardware FLOW-TRACKER + ip address dhcp + dhcp client accept default-route + ip access-group ACL-INTERNET-IN_Port-Channel4 in +! interface Dps1 description DPS Interface mtu 9194 @@ -225,13 +234,18 @@ interface Ethernet1.666 ip address 10.66.3.1/24 ! interface Ethernet4 - description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8 + description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud no shutdown + speed forced 10000full no switchport - flow tracker hardware FLOW-TRACKER - ip address dhcp - dhcp client accept default-route - ip access-group ACL-INTERNET-IN_Ethernet4 in + channel-group 4 mode active +! +interface Ethernet5 + description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud + no shutdown + speed forced 10000full + no switchport + channel-group 4 mode active ! interface Loopback0 description ROUTER_ID @@ -296,7 +310,7 @@ application traffic recognition field-set l4-port VOICE-PORTS 666-667 ! -ip access-list ACL-INTERNET-IN_Ethernet4 +ip access-list ACL-INTERNET-IN_Port-Channel4 1 remark Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface 10 permit udp any host 100.64.30.2 eq isakmp non500-isakmp 30 permit icmp any host 100.64.30.2 diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml index ff44c321f9d..61b000e4f33 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml @@ -138,13 +138,32 @@ ethernet_interfaces: enabled: false description: site2-wan2-Ethernet4 - name: Ethernet8 - peer_type: l3_interface + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 8 + mode: active +- name: Ethernet9 + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 8 + mode: active +port_channel_interfaces: +- name: Port-Channel8 + peer_type: l3_port_channel ip_address: 100.64.30.1/24 shutdown: false switchport: enabled: false - description: site3-wan1-Ethernet4 - dhcp_server_ipv4: true + description: site3-wan1-Port-Channel4 + eos_cli: 'dhcp server ipv4 + + ' loopback_interfaces: - name: Loopback0 description: ROUTER_ID diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml index 26ebe38fe11..1184ca94d6e 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml @@ -334,9 +334,9 @@ ethernet_interfaces: switchport: enabled: false description: REGION1-INTERNET-CORP_inet-site1-wan1_inet-cloud_Ethernet5 - access_group_in: ACL-INTERNET-IN_Ethernet4 flow_tracker: hardware: FLOW-TRACKER + access_group_in: ACL-INTERNET-IN_Ethernet4 loopback_interfaces: - name: Loopback0 description: ROUTER_ID diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml index 6cd61b9e2be..4bb66fe57cb 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml @@ -334,9 +334,9 @@ ethernet_interfaces: switchport: enabled: false description: REGION1-INTERNET-CORP_inet-site1-wan2_inet-cloud_Ethernet6 - access_group_in: ACL-INTERNET-IN_Ethernet4 flow_tracker: hardware: FLOW-TRACKER + access_group_in: ACL-INTERNET-IN_Ethernet4 dhcp_client_accept_default_route: true loopback_interfaces: - name: Loopback0 diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml index b95710ba067..22e9e1adb78 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml @@ -365,9 +365,9 @@ ethernet_interfaces: switchport: enabled: false description: REGION2-INTERNET-CORP_inet-site2-wan2_inet-cloud_Ethernet7 - access_group_in: ACL-INTERNET-IN_Ethernet4 flow_tracker: hardware: FLOW-TRACKER + access_group_in: ACL-INTERNET-IN_Ethernet4 - name: Ethernet5 switchport: enabled: false diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml index a5c8da00bd0..f656b8a3560 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml @@ -215,17 +215,38 @@ ethernet_interfaces: flow_tracker: hardware: FLOW-TRACKER - name: Ethernet4 - peer_type: l3_interface + description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud peer: inet-cloud - peer_interface: Ethernet8 + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 4 + mode: active +- name: Ethernet5 + description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud + peer: inet-cloud + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 4 + mode: active +port_channel_interfaces: +- name: Port-Channel4 + peer_type: l3_port_channel + peer: inet-cloud + peer_interface: Port-Channel8 ip_address: dhcp shutdown: false switchport: enabled: false - description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8 - access_group_in: ACL-INTERNET-IN_Ethernet4 + description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Port-Channel8 flow_tracker: hardware: FLOW-TRACKER + access_group_in: ACL-INTERNET-IN_Port-Channel4 dhcp_client_accept_default_route: true loopback_interfaces: - name: Loopback0 @@ -272,7 +293,7 @@ agents: - name: KERNELFIB_PROGRAM_ALL_ECMP value: '1' ip_access_lists: -- name: ACL-INTERNET-IN_Ethernet4 +- name: ACL-INTERNET-IN_Port-Channel4 entries: - sequence: 1 remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' @@ -428,7 +449,7 @@ router_path_selection: - name: INTERNET id: 102 local_interfaces: - - name: Ethernet4 + - name: Port-Channel4 stun: server_profiles: - INTERNET-pf1-Ethernet2 @@ -598,6 +619,22 @@ metadata: value: REGION2-INTERNET-CORP - name: Circuit value: inet-site3-wan1 + - interface: Ethernet5 + tags: + - name: Type + value: wan + - name: Carrier + value: REGION2-INTERNET-CORP + - name: Circuit + value: inet-site3-wan1 + - interface: Port-Channel4 + tags: + - name: Type + value: wan + - name: Carrier + value: REGION2-INTERNET-CORP + - name: Circuit + value: inet-site3-wan1 cv_pathfinder: role: edge ssl_profile: STUN-DTLS @@ -606,7 +643,7 @@ metadata: zone: REGION2-ZONE site: SITE3 interfaces: - - name: Ethernet4 + - name: Port-Channel4 carrier: REGION2-INTERNET-CORP circuit_id: inet-site3-wan1 pathgroup: INTERNET diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml index 0c2656b2281..5930aa1e75e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml @@ -24,4 +24,4 @@ wan_path_groups: expected_error_message: >- 'ipv4_acl_in' must be set on WAN interfaces where 'wan_carrier' is set, - unless the carrier is configured as 'trusted' under 'wan_carriers'. 'ipv4_acl_in' is missing on interface 'Ethernet1'. + unless the carrier is configured as 'trusted' under 'wan_carriers'. 'ipv4_acl_in' is missing on L3 interface 'Ethernet1'. diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 52331356039..4d144183706 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -66,6 +66,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -82,6 +85,9 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -116,6 +122,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! router internet-exit exit-group DIRECT-EXIT-POLICY-1 @@ -196,6 +203,10 @@ router path-selection path-group INET path-group MPLS ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group MPLS priority 2 @@ -427,6 +438,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -438,6 +452,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -461,8 +478,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! monitor connectivity no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge1.cfg index 9962486a0d2..2d3ac9de760 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge1.cfg @@ -63,6 +63,9 @@ router adaptive-virtual-topology match application-profile VIDEO avt profile PROD-AVT-POLICY-VIDEO ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -79,6 +82,10 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + internet-exit policy ZSCALER-EXIT-POLICY-3 + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -110,6 +117,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-DEFAULT id 1 avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! router internet-exit exit-group DIRECT-EXIT-POLICY-1 @@ -133,6 +141,15 @@ router internet-exit exit-group ZSCALER-EXIT-POLICY-2_TER local connection IE-Tunnel112 ! + exit-group ZSCALER-EXIT-POLICY-3_PRI + local connection IE-Tunnel200 + ! + exit-group ZSCALER-EXIT-POLICY-3_SEC + local connection IE-Tunnel201 + ! + exit-group ZSCALER-EXIT-POLICY-3_TER + local connection IE-Tunnel202 + ! policy DIRECT-EXIT-POLICY-1 exit-group DIRECT-EXIT-POLICY-1 ! @@ -146,6 +163,11 @@ router internet-exit exit-group ZSCALER-EXIT-POLICY-2_PRI exit-group ZSCALER-EXIT-POLICY-2_SEC exit-group ZSCALER-EXIT-POLICY-2_TER + ! + policy ZSCALER-EXIT-POLICY-3 + exit-group ZSCALER-EXIT-POLICY-3_PRI + exit-group ZSCALER-EXIT-POLICY-3_SEC + exit-group ZSCALER-EXIT-POLICY-3_TER ! router path-selection tcp mss ceiling ipv4 ingress @@ -163,6 +185,15 @@ router path-selection local interface Ethernet3 stun server-profile INET-cv-pathfinder-pathfinder1-Ethernet1 INET-cv-pathfinder-pathfinder2-Ethernet1 ! + local interface Port-Channel1 + stun server-profile INET-cv-pathfinder-pathfinder1-Ethernet1 INET-cv-pathfinder-pathfinder2-Ethernet1 + ! + local interface Port-Channel450 + stun server-profile INET-cv-pathfinder-pathfinder1-Ethernet1 INET-cv-pathfinder-pathfinder2-Ethernet1 + ! + local interface Port-Channel540 + stun server-profile INET-cv-pathfinder-pathfinder1-Ethernet1 INET-cv-pathfinder-pathfinder2-Ethernet1 + ! peer dynamic ! peer static router-ip 192.168.144.2 @@ -196,6 +227,11 @@ router path-selection path-group INET path-group Satellite priority 2 ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group AWS priority 2 + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET ! @@ -230,6 +266,15 @@ router service-insertion connection IE-Tunnel112 interface Tunnel112 primary monitor connectivity host IE-Tunnel112 + connection IE-Tunnel200 + interface Tunnel200 primary + monitor connectivity host IE-Tunnel200 + connection IE-Tunnel201 + interface Tunnel201 primary + monitor connectivity host IE-Tunnel201 + connection IE-Tunnel202 + interface Tunnel202 primary + monitor connectivity host IE-Tunnel202 ! spanning-tree mode none ! @@ -271,6 +316,12 @@ ip security dh-group 24 local-id fqdn cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-2@test.local ! + ike policy IE-ZSCALER-EXIT-POLICY-3-IKE-POLICY + ike-lifetime 24 + encryption aes256 + dh-group 24 + local-id fqdn cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-3@test.local + ! sa policy CP-SA-POLICY esp encryption aes256gcm128 pfs dh-group 14 @@ -291,6 +342,12 @@ ip security sa lifetime 8 hours pfs dh-group 24 ! + sa policy IE-ZSCALER-EXIT-POLICY-3-SA-POLICY + esp encryption aes256 + esp integrity sha256 + sa lifetime 8 hours + pfs dh-group 24 + ! profile CP-PROFILE ike-policy CP-IKE-POLICY sa-policy CP-SA-POLICY @@ -320,15 +377,70 @@ ip security shared-key 7 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0B67637B7B666B3873293274733B31233B6D2A332315696A dpd 10 60 clear ! + profile IE-ZSCALER-EXIT-POLICY-3-PROFILE + ike-policy IE-ZSCALER-EXIT-POLICY-3-IKE-POLICY + sa-policy IE-ZSCALER-EXIT-POLICY-3-SA-POLICY + connection start + shared-key 7 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0A67637B7B666B3873293274733B31233B6D2A332315696A + dpd 10 60 clear + ! key controller profile DP-PROFILE ! +interface Port-Channel1 + description ATT_404_peerDeviceA_Port-Channel2 + no shutdown + no switchport + flow tracker hardware FLOW-TRACKER + ip address 172.15.5.7/31 +! +interface Port-Channel450 + description Orange_peerDevice10_Port-Channel455 + no shutdown + no switchport + ip address 172.15.5.8/31 +! +interface Port-Channel540 + description Comcast_peerDevice11_Port-Channel545 + no shutdown + no switchport + ip address 172.15.6.9/31 + ip access-group TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Port-Channel540 in + ip access-group TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Port-Channel540 out +! interface Dps1 description DPS Interface mtu 9194 flow tracker hardware FLOW-TRACKER ip address 192.168.142.2/32 ! +interface Ethernet1/10 + description Orange_peerDevice10 + no shutdown + speed forced 10000full + no switchport + channel-group 450 mode on +! +interface Ethernet1/16 + description Comcast_peerDevice11 + no shutdown + speed auto 10000full + no switchport + channel-group 540 mode active +! +interface Ethernet1/17 + description Comcast_peerDevice11 + no shutdown + no switchport + channel-group 540 mode active +! +interface Ethernet1/18 + description Comcast_peerDevice11 + no shutdown + speed 1000full + no switchport + channel-group 540 mode active +! interface Ethernet1/49 no shutdown no switchport @@ -367,6 +479,20 @@ interface Ethernet5 ip address dhcp dhcp client accept default-route ! +interface Ethernet6 + description ATT_404_peerDevice1_PeerDevIntf1 + no shutdown + speed forced 10000full + no switchport + channel-group 1 mode active +! +interface Ethernet7 + description ATT_404_peerDeviceA + no shutdown + speed forced 10000full + no switchport + channel-group 1 mode active +! interface Ethernet52 description P2P_site-ha-disabled-leaf_Ethernet2 no shutdown @@ -463,6 +589,36 @@ interface Tunnel112 tunnel destination 10.50.9.1 tunnel ipsec profile IE-ZSCALER-EXIT-POLICY-2-PROFILE ! +interface Tunnel200 + description Internet Exit ZSCALER-EXIT-POLICY-3 PRI + mtu 1394 + ip address unnumbered Loopback0 + ip nat service-profile NAT-IE-ZSCALER + tunnel mode ipsec + tunnel source interface Port-Channel1 + tunnel destination 10.37.121.1 + tunnel ipsec profile IE-ZSCALER-EXIT-POLICY-3-PROFILE +! +interface Tunnel201 + description Internet Exit ZSCALER-EXIT-POLICY-3 SEC + mtu 1394 + ip address unnumbered Loopback0 + ip nat service-profile NAT-IE-ZSCALER + tunnel mode ipsec + tunnel source interface Port-Channel1 + tunnel destination 10.39.77.1 + tunnel ipsec profile IE-ZSCALER-EXIT-POLICY-3-PROFILE +! +interface Tunnel202 + description Internet Exit ZSCALER-EXIT-POLICY-3 TER + mtu 1394 + ip address unnumbered Loopback0 + ip nat service-profile NAT-IE-ZSCALER + tunnel mode ipsec + tunnel source interface Port-Channel1 + tunnel destination 10.50.9.1 + tunnel ipsec profile IE-ZSCALER-EXIT-POLICY-3-PROFILE +! interface Vxlan1 description cv-pathfinder-edge1_VTEP vxlan source-interface Dps1 @@ -485,6 +641,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -496,6 +655,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile VIDEO application CUSTOM-APPLICATION-1 application skype @@ -517,8 +679,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! monitor connectivity no shutdown @@ -529,6 +697,9 @@ monitor connectivity interface set SET-Tunnel110 Tunnel110 interface set SET-Tunnel111 Tunnel111 interface set SET-Tunnel112 Tunnel112 + interface set SET-Tunnel200 Tunnel200 + interface set SET-Tunnel201 Tunnel201 + interface set SET-Tunnel202 Tunnel202 ! host IE-Ethernet3 description @@ -577,6 +748,27 @@ monitor connectivity local-interfaces SET-Tunnel112 ip 10.50.9.1 url http://gateway.zscalerbeta.net/vpntest + ! + host IE-Tunnel200 + description + Internet Exit ZSCALER-EXIT-POLICY-3 PRI + local-interfaces SET-Tunnel200 + ip 10.37.121.1 + url http://gateway.zscalerbeta.net/vpntest + ! + host IE-Tunnel201 + description + Internet Exit ZSCALER-EXIT-POLICY-3 SEC + local-interfaces SET-Tunnel201 + ip 10.39.77.1 + url http://gateway.zscalerbeta.net/vpntest + ! + host IE-Tunnel202 + description + Internet Exit ZSCALER-EXIT-POLICY-3 TER + local-interfaces SET-Tunnel202 + ip 10.50.9.1 + url http://gateway.zscalerbeta.net/vpntest ! ip access-list ACL-NAT-IE-DIRECT 10 deny ip any 5.0.0.0/24 @@ -590,6 +782,14 @@ ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet1_49.3 15 deny ip any host 172.24.49.3 permit ip host 172.24.49.2 host 172.24.49.3 ! +ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Port-Channel540 + 15 deny ip any host 172.15.6.9 + permit ip host 172.31.0.11 host 172.15.6.9 +! +ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Port-Channel540 + remark Some remark will not require source and destination fields. + permit ip host 172.15.6.9 any +! ip routing ip routing vrf ATTRACTED-VRF-FROM-UPLINK ip routing vrf IT @@ -603,7 +803,7 @@ ip prefix-list ALLOW-DEFAULT ! ip prefix-list PL2 seq 10 permit 5.0.0.0/0 - seq 20 deny 10.00.0.0/24 + seq 20 deny 10.0.0.0/24 ! ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.42.0/24 eq 32 @@ -611,6 +811,9 @@ ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY ip route 10.37.121.1/32 172.31.0.1 name IE-ZSCALER-PRI ip route 10.39.77.1/32 172.31.0.1 name IE-ZSCALER-SEC ip route 10.50.9.1/32 172.31.0.1 name IE-ZSCALER-TER +ip route 172.16.0.0/16 172.31.0.1 +ip route 172.17.0.0/16 172.31.0.10 +ip route 172.18.0.0/16 172.31.0.11 ! ip nat pool PORT-ONLY-POOL port-only port range 1500 65535 @@ -628,6 +831,21 @@ route-map RM-BGP-172.29.0.13-OUT permit 10 ! route-map RM-BGP-172.29.0.13-OUT deny 20 ! +route-map RM-BGP-172.31.0.1-IN permit 10 + match ip address prefix-list PL2 + set community no-advertise additive +! +route-map RM-BGP-172.31.0.1-OUT permit 10 + match ip address prefix-list ALLOW-DEFAULT +! +route-map RM-BGP-172.31.0.1-OUT deny 20 +! +route-map RM-BGP-172.31.0.10-IN permit 10 + match ip address prefix-list PL2 + set community no-advertise additive +! +route-map RM-BGP-172.31.0.10-OUT deny 10 +! route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.42.2:511 additive @@ -676,6 +894,14 @@ router bgp 65000 neighbor 172.29.0.13 remote-as 64520 neighbor 172.29.0.13 route-map RM-BGP-172.29.0.13-IN in neighbor 172.29.0.13 route-map RM-BGP-172.29.0.13-OUT out + neighbor 172.31.0.1 remote-as 64520 + neighbor 172.31.0.1 description ATT_404_peerDeviceA_Port-Channel2 + neighbor 172.31.0.1 route-map RM-BGP-172.31.0.1-IN in + neighbor 172.31.0.1 route-map RM-BGP-172.31.0.1-OUT out + neighbor 172.31.0.10 remote-as 64520 + neighbor 172.31.0.10 description Orange_peerDevice10_Port-Channel455 + neighbor 172.31.0.10 route-map RM-BGP-172.31.0.10-IN in + neighbor 172.31.0.10 route-map RM-BGP-172.31.0.10-OUT out neighbor 192.168.144.2 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.2 description cv-pathfinder-pathfinder1_Dps1 neighbor 192.168.144.3 peer group WAN-OVERLAY-PEERS @@ -693,6 +919,8 @@ router bgp 65000 no neighbor WAN-OVERLAY-PEERS activate neighbor 172.28.0.14 activate neighbor 172.29.0.13 activate + neighbor 172.31.0.1 activate + neighbor 172.31.0.10 activate ! address-family ipv4 sr-te neighbor WAN-OVERLAY-PEERS activate diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg index f2d1fb1eab3..f0eab7d42c3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg @@ -59,6 +59,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -74,6 +77,9 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -107,6 +113,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! router path-selection tcp mss ceiling ipv4 ingress @@ -153,6 +160,11 @@ router path-selection path-group INET path-group LAN_HA ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -331,6 +343,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -342,6 +357,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -365,8 +383,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing ip routing vrf ATTRACTED-VRF-FROM-UPLINK diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg index 926b3c4a899..9618cf8fe8a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg @@ -59,6 +59,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -74,6 +77,9 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -107,6 +113,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! router path-selection tcp mss ceiling ipv4 ingress @@ -153,6 +160,10 @@ router path-selection path-group CUSTOM_LAN_HA path-group MPLS ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group CUSTOM_LAN_HA + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group CUSTOM_LAN_HA path-group MPLS priority 2 @@ -316,6 +327,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -327,6 +341,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -350,8 +367,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing ip routing vrf ATTRACTED-VRF-FROM-UPLINK diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg index a25ef697368..abf4b6d9718 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg @@ -54,6 +54,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -66,6 +69,9 @@ router adaptive-virtual-topology profile DEFAULT-AVT-POLICY-VIDEO path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -95,6 +101,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! router path-selection tcp mss ceiling ipv4 ingress @@ -134,6 +141,11 @@ router path-selection path-group INET path-group LAN_HA ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -255,6 +267,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -266,6 +281,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -289,8 +307,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing ip routing vrf IT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg index 661711e095c..ac9e9852069 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg @@ -54,6 +54,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -66,6 +69,9 @@ router adaptive-virtual-topology profile DEFAULT-AVT-POLICY-VIDEO path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -95,6 +101,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! router path-selection tcp mss ceiling ipv4 ingress @@ -134,6 +141,10 @@ router path-selection path-group LAN_HA path-group MPLS ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group LAN_HA + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group LAN_HA path-group MPLS priority 2 @@ -255,6 +266,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -266,6 +280,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -289,8 +306,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing ip routing vrf IT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg index 948b4f4a9cf..8d53fa194cd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg @@ -54,6 +54,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -66,6 +69,9 @@ router adaptive-virtual-topology profile DEFAULT-AVT-POLICY-VIDEO path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -95,6 +101,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! router path-selection tcp mss ceiling ipv4 ingress @@ -133,6 +140,11 @@ router path-selection path-group INET path-group LAN_HA ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -266,6 +278,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -277,6 +292,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -300,8 +318,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing ip routing vrf IT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg index 25a1e5e02dd..471f95547c3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg @@ -54,6 +54,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -66,6 +69,9 @@ router adaptive-virtual-topology profile DEFAULT-AVT-POLICY-VIDEO path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -95,6 +101,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! router path-selection tcp mss ceiling ipv4 ingress @@ -133,6 +140,11 @@ router path-selection path-group INET path-group LAN_HA ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -266,6 +278,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -277,6 +292,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -300,8 +318,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing ip routing vrf IT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index a010e84d82f..07e645346ea 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -56,6 +56,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -82,6 +85,9 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -118,6 +124,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! vrf TRANSIT avt policy TRANSIT-AVT-POLICY @@ -184,6 +191,12 @@ router path-selection path-group Equinix priority 2 path-group Satellite priority 2 ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + path-group AWS priority 2 + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -300,6 +313,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -311,6 +327,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -334,8 +353,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing no ip routing vrf MGMT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index a722345ab23..5c2dcfb50f5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -56,6 +56,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -82,6 +85,9 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -118,6 +124,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! vrf TRANSIT avt policy TRANSIT-AVT-POLICY @@ -187,6 +194,12 @@ router path-selection path-group Equinix priority 2 path-group Satellite priority 2 ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + path-group AWS priority 2 + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -291,6 +304,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -302,6 +318,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -325,8 +344,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing no ip routing vrf MGMT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index f5cef9139e2..b81e319bfac 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -56,6 +56,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -82,6 +85,9 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -118,6 +124,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! vrf TRANSIT avt policy TRANSIT-AVT-POLICY @@ -194,6 +201,12 @@ router path-selection path-group Equinix priority 2 path-group Satellite priority 2 ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + path-group AWS priority 2 + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -304,6 +317,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -315,6 +331,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -338,8 +357,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing no ip routing vrf MGMT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg index 55756638cc6..c1d39266d00 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg @@ -63,6 +63,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -90,6 +93,9 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -126,6 +132,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! vrf TRANSIT avt policy TRANSIT-AVT-POLICY @@ -203,6 +210,11 @@ router path-selection path-group LAN_HA path-group MPLS ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -380,6 +392,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -391,6 +406,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -414,8 +432,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! monitor connectivity no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg index a1abb72ffdb..64999ac4185 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg @@ -59,6 +59,9 @@ router adaptive-virtual-topology match application-profile MPLS-ONLY avt profile PROD-AVT-POLICY-MPLS-ONLY ! + match application-profile CRITICAL-APP + avt profile PROD-AVT-POLICY-CRITICAL-APP + ! match application-profile default avt profile PROD-AVT-POLICY-DEFAULT ! @@ -85,6 +88,9 @@ router adaptive-virtual-topology profile DEFAULT-POLICY-DEFAULT path-selection load-balance LB-DEFAULT-POLICY-DEFAULT ! + profile PROD-AVT-POLICY-CRITICAL-APP + path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP + ! profile PROD-AVT-POLICY-DEFAULT path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT ! @@ -121,6 +127,7 @@ router adaptive-virtual-topology avt profile PROD-AVT-POLICY-VOICE id 2 avt profile PROD-AVT-POLICY-VIDEO id 4 avt profile PROD-AVT-POLICY-MPLS-ONLY id 5 + avt profile PROD-AVT-POLICY-CRITICAL-APP id 6 ! vrf TRANSIT avt policy TRANSIT-AVT-POLICY @@ -190,6 +197,11 @@ router path-selection path-group LAN_HA path-group MPLS ! + load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP + loss-rate 45.0 + path-group INET + path-group LAN_HA + ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET path-group LAN_HA @@ -361,6 +373,9 @@ application traffic recognition application ipv4 CUSTOM-APPLICATION-2 protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 ! + application ipv4 CUSTOM-APPLICATION-3 + protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3 + ! application ipv4 CUSTOM-DSCP-APPLICATION dscp ef 12-14 cs6 42 ! @@ -372,6 +387,9 @@ application traffic recognition application-profile APP-PROFILE-CONTROL-PLANE application APP-CONTROL-PLANE ! + application-profile CRITICAL-APP + application CUSTOM-APPLICATION-3 + ! application-profile MPLS-ONLY ! application-profile VIDEO @@ -395,8 +413,14 @@ application traffic recognition field-set l4-port TCP-DEST-2 666, 777 ! + field-set l4-port TCP-DEST-3 + 880 + ! field-set l4-port TCP-SRC-2 42 + ! + field-set l4-port TCP-SRC-3 + 400 ! ip routing ip routing vrf ATTRACTED-VRF-FROM-UPLINK diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/node-type-l3-port-channels.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/node-type-l3-port-channels.cfg new file mode 100644 index 00000000000..7202d6bfc42 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/node-type-l3-port-channels.cfg @@ -0,0 +1,322 @@ +! +no enable password +no aaa root +! +agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP=1 +! +flow tracking hardware + tracker FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 300000 + exporter CV-TELEMETRY + collector 127.0.0.1 + local interface Loopback0 + template interval 3600000 + no shutdown +! +service routing protocols model multi-agent +! +hostname node-type-l3-port-channels +! +router adaptive-virtual-topology + topology role edge + region AVD_Land_East id 43 + zone AVD_Land_East-ZONE id 1 + site Site511 id 511 + ! + policy DEFAULT-POLICY-WITH-CP + ! + match application-profile APP-PROFILE-CONTROL-PLANE + avt profile DEFAULT-POLICY-CONTROL-PLANE + ! + match application-profile default + avt profile DEFAULT-POLICY-DEFAULT + ! + profile DEFAULT-POLICY-CONTROL-PLANE + path-selection load-balance LB-DEFAULT-POLICY-CONTROL-PLANE + ! + profile DEFAULT-POLICY-DEFAULT + path-selection load-balance LB-DEFAULT-POLICY-DEFAULT + ! + vrf default + avt policy DEFAULT-POLICY-WITH-CP + avt profile DEFAULT-POLICY-DEFAULT id 1 + avt profile DEFAULT-POLICY-CONTROL-PLANE id 254 +! +router path-selection + tcp mss ceiling ipv4 ingress + ! + path-group INET id 101 + ipsec profile CP-PROFILE + ! + local interface Port-Channel2 + ! + local interface Port-Channel5 + ! + local interface Port-Channel5.100 + ! + local interface Port-Channel8 + ! + local interface Port-Channel19 + ! + peer dynamic + ! + load-balance policy LB-DEFAULT-POLICY-CONTROL-PLANE + path-group INET + ! + load-balance policy LB-DEFAULT-POLICY-DEFAULT + path-group INET +! +spanning-tree mode none +! +vrf instance MGMT +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +management security + ! + ssl profile STUN-DTLS + tls versions 1.2 + trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt + certificate STUN-DTLS.crt key STUN-DTLS.key +! +ip security + ike policy CP-IKE-POLICY + local-id 192.168.142.1 + ! + sa policy CP-SA-POLICY + esp encryption aes256gcm128 + pfs dh-group 14 + ! + sa policy DP-SA-POLICY + esp encryption aes256gcm128 + pfs dh-group 14 + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + profile DP-PROFILE + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Port-Channel2 + description Cybercast_101_peer1_Port-Channel10 + no shutdown + no switchport + flow tracker hardware FLOW-TRACKER + ip address 192.168.1.102/31 + service-profile TEST-QOS-PROFILE1 +! +interface Port-Channel5 + description StreamFast_102_peer2_Port-Channel15 + no shutdown + no switchport + ip address 192.168.1.105/31 + service-policy type qos input TEST_POLICY + service-profile TEST-QOS-PROFILE1 + ! TEST RAW_EOS_CLI + +! +interface Port-Channel5.100 + description ExtremeCable_105_peer2_Port-Channel15 + no shutdown + encapsulation dot1q vlan 108 + flow tracker hardware FLOW-TRACKER + ip address 192.168.100.115/31 + service-profile TEST-QOS-PROFILE2 +! +interface Port-Channel5.105 + description peer2_Port-Channel16 + no shutdown + encapsulation dot1q vlan 105 + flow tracker hardware FLOW-TRACKER + ip address 192.168.100.116/31 + service-profile TEST-QOS-PROFILE2 +! +interface Port-Channel8 + description BlizzardFast_peerDevice3_Port-Channel18 + no shutdown + no switchport + flow tracker hardware FLOW-TRACKER + ip address dhcp + dhcp client accept default-route + service-profile TEST-QOS-PROFILE3 + ! TEST RAW_EOS_CLI 123 + +! +interface Port-Channel19 + description BlizzardFast_peerDevice4_Port-Channel20 + shutdown + no switchport + ip address 192.168.1.19 +! +interface Dps1 + description DPS Interface + mtu 9194 + flow tracker hardware FLOW-TRACKER + ip address 192.168.142.1/32 +! +interface Ethernet1 + description Cybercast_101_peerDevice1_Ethernet11 + no shutdown + speed forced 10000full + no switchport + channel-group 2 mode active +! +interface Ethernet1/4 + description StreamFast_102_peerDevice2_Ethernet1/12 + no shutdown + speed forced 10000full + no switchport + channel-group 5 mode passive +! +interface Ethernet1/5 + description StreamFast_102_peer2 + no shutdown + speed forced 10000full + no switchport + channel-group 5 mode passive +! +interface Ethernet1/10 + description BlizzardFast_peerDevice3_Ethernet1/10 + no shutdown + speed forced 1000full + no switchport + channel-group 8 mode on +! +interface Ethernet1/19 + description BlizzardFast_peerDevice4_Ethernet1/19 + shutdown + no switchport + channel-group 19 mode active +! +interface Ethernet1/20 + description BlizzardFast_peerDevice4_Ethernet1/20 + shutdown + no switchport + channel-group 19 mode active +! +interface Ethernet2 + description Cybercast_101_peer1 + no shutdown + speed forced 10000full + no switchport + channel-group 2 mode active +! +interface Ethernet3 + description Custom eth3 description + no shutdown + no switchport + channel-group 2 mode active +! +interface Loopback0 + description ROUTER_ID + no shutdown + ip address 192.168.255.1/32 +! +interface Vxlan1 + description node-type-l3-port-channels_VTEP + vxlan source-interface Dps1 + vxlan udp-port 4789 + vxlan vrf default vni 1 +! +application traffic recognition + ! + application ipv4 APP-CONTROL-PLANE + destination prefix field-set PFX-PATHFINDERS + ! + application-profile APP-PROFILE-CONTROL-PLANE + application APP-CONTROL-PLANE + ! + field-set ipv4 prefix PFX-PATHFINDERS +! +ip routing +no ip routing vrf MGMT +! +ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.255.1:511 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.255.0/24 eq 32 +! +ip route 0.0.0.0/0 192.168.1.10 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set extcommunity soo 192.168.255.1:511 additive +! +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN deny 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN permit 20 +! +route-map RM-EVPN-SOO-OUT permit 10 + set extcommunity soo 192.168.255.1:511 additive +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65005 + router-id 192.168.255.1 + update wait-install + no bgp default ipv4-unicast + maximum-paths 16 + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65005 + neighbor WAN-OVERLAY-PEERS update-source Dps1 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10 + neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS activate + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out + neighbor WAN-OVERLAY-PEERS encapsulation path-selection + ! + address-family ipv4 + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate + ! + vrf default + rd 192.168.255.1:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT +! +router traffic-engineering +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 5d5afc6d38f..dc24869f3ae 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -483,6 +483,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT @@ -506,6 +508,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -537,6 +541,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -638,6 +644,10 @@ router_path_selection: - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: MPLS + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -675,6 +685,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -691,6 +704,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -706,6 +724,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml index de3888f213d..3bf63f321bd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml @@ -22,6 +22,16 @@ router_bgp: - ip_address: 172.28.0.14 remote_as: '64520' route_map_out: RM-BGP-172.28.0.14-OUT + - ip_address: 172.31.0.1 + remote_as: '64520' + description: ATT_404_peerDeviceA_Port-Channel2 + route_map_in: RM-BGP-172.31.0.1-IN + route_map_out: RM-BGP-172.31.0.1-OUT + - ip_address: 172.31.0.10 + remote_as: '64520' + description: Orange_peerDevice10_Port-Channel455 + route_map_in: RM-BGP-172.31.0.10-IN + route_map_out: RM-BGP-172.31.0.10-OUT - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65199' @@ -41,6 +51,10 @@ router_bgp: activate: true - ip_address: 172.28.0.14 activate: true + - ip_address: 172.31.0.1 + activate: true + - ip_address: 172.31.0.10 + activate: true peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true @@ -196,7 +210,7 @@ prefix_lists: - sequence: 10 action: permit 5.0.0.0/0 - sequence: 20 - action: deny 10.00.0.0/24 + action: deny 10.0.0.0/24 - name: ALLOW-DEFAULT sequence_numbers: - sequence: 10 @@ -228,6 +242,34 @@ route_maps: - ip address prefix-list PL2 - sequence: 20 type: deny +- name: RM-BGP-172.31.0.1-IN + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL2 + set: + - community no-advertise additive +- name: RM-BGP-172.31.0.1-OUT + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list ALLOW-DEFAULT + - sequence: 20 + type: deny +- name: RM-BGP-172.31.0.10-IN + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL2 + set: + - community no-advertise additive +- name: RM-BGP-172.31.0.10-OUT + sequence_numbers: + - sequence: 10 + type: deny - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -352,11 +394,119 @@ ethernet_interfaces: enabled: false peer_type: l3_interface shutdown: false +- name: Ethernet6 + description: ATT_404_peerDevice1_PeerDevIntf1 + peer: peerDevice1 + peer_interface: PeerDevIntf1 + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 1 + mode: active +- name: Ethernet7 + description: ATT_404_peerDeviceA + peer: peerDeviceA + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 1 + mode: active +- name: Ethernet1/10 + description: Orange_peerDevice10 + peer: peerDevice10 + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 450 + mode: 'on' +- name: Ethernet1/16 + description: Comcast_peerDevice11 + peer: peerDevice11 + shutdown: false + switchport: + enabled: false + speed: auto 10000full + channel_group: + id: 540 + mode: active +- name: Ethernet1/17 + description: Comcast_peerDevice11 + peer: peerDevice11 + shutdown: false + switchport: + enabled: false + channel_group: + id: 540 + mode: active +- name: Ethernet1/18 + description: Comcast_peerDevice11 + peer: peerDevice11 + shutdown: false + switchport: + enabled: false + speed: 1000full + channel_group: + id: 540 + mode: active +port_channel_interfaces: +- name: Port-Channel1 + peer_type: l3_port_channel + peer: peerDeviceA + peer_interface: Port-Channel2 + ip_address: 172.15.5.7/31 + shutdown: false + switchport: + enabled: false + description: ATT_404_peerDeviceA_Port-Channel2 + flow_tracker: + hardware: FLOW-TRACKER +- name: Port-Channel450 + peer_type: l3_port_channel + peer: peerDevice10 + peer_interface: Port-Channel455 + ip_address: 172.15.5.8/31 + shutdown: false + switchport: + enabled: false + description: Orange_peerDevice10_Port-Channel455 +- name: Port-Channel540 + peer_type: l3_port_channel + peer: peerDevice11 + peer_interface: Port-Channel545 + ip_address: 172.15.6.9/31 + shutdown: false + switchport: + enabled: false + description: Comcast_peerDevice11_Port-Channel545 + access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Port-Channel540 + access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Port-Channel540 loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.42.2/32 +static_routes: +- destination_address_prefix: 172.16.0.0/16 + gateway: 172.31.0.1 +- destination_address_prefix: 172.17.0.0/16 + gateway: 172.31.0.10 +- destination_address_prefix: 172.18.0.0/16 + gateway: 172.31.0.11 +- destination_address_prefix: 10.37.121.1/32 + name: IE-ZSCALER-PRI + gateway: 172.31.0.1 +- destination_address_prefix: 10.39.77.1/32 + name: IE-ZSCALER-SEC + gateway: 172.31.0.1 +- destination_address_prefix: 10.50.9.1/32 + name: IE-ZSCALER-TER + gateway: 172.31.0.1 agents: - name: KernelFib environment_variables: @@ -374,6 +524,24 @@ ip_access_lists: destination: 172.24.49.3 action: permit protocol: ip +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Port-Channel540 + entries: + - source: any + destination: 172.15.6.9 + sequence: 15 + action: deny + protocol: ip + - source: 172.31.0.11 + destination: 172.15.6.9 + action: permit + protocol: ip +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Port-Channel540 + entries: + - remark: Some remark will not require source and destination fields. + - source: 172.15.6.9 + destination: any + action: permit + protocol: ip - name: ACL-NAT-IE-DIRECT entries: - source: any @@ -417,6 +585,11 @@ ip_security: ike_lifetime: 24 encryption: aes256 dh_group: 24 + - name: IE-ZSCALER-EXIT-POLICY-3-IKE-POLICY + local_id_fqdn: cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-3@test.local + ike_lifetime: 24 + encryption: aes256 + dh_group: 24 sa_policies: - name: DP-SA-POLICY esp: @@ -440,6 +613,13 @@ ip_security: esp: integrity: sha256 encryption: aes256 + - name: IE-ZSCALER-EXIT-POLICY-3-SA-POLICY + pfs_dh_group: 24 + sa_lifetime: + value: 8 + esp: + integrity: sha256 + encryption: aes256 profiles: - name: DP-PROFILE sa_policy: DP-SA-POLICY @@ -478,6 +658,15 @@ ip_security: time: 60 action: clear connection: start + - name: IE-ZSCALER-EXIT-POLICY-3-PROFILE + ike_policy: IE-ZSCALER-EXIT-POLICY-3-IKE-POLICY + sa_policy: IE-ZSCALER-EXIT-POLICY-3-SA-POLICY + shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0A67637B7B666B3873293274733B31233B6D2A332315696A + dpd: + interval: 10 + time: 60 + action: clear + connection: start key_controller: profile: DP-PROFILE management_security: @@ -515,6 +704,9 @@ router_adaptive_virtual_topology: - name: PROD-AVT-POLICY-VIDEO load_balance_policy: LB-PROD-AVT-POLICY-VIDEO internet_exit_policy: ZSCALER-EXIT-POLICY-2 + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP + internet_exit_policy: ZSCALER-EXIT-POLICY-3 - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT @@ -536,6 +728,8 @@ router_adaptive_virtual_topology: id: 2 - name: PROD-AVT-POLICY-VIDEO id: 4 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -565,6 +759,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VOICE - application_profile: VIDEO avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -610,6 +806,21 @@ router_path_selection: server_profiles: - INET-cv-pathfinder-pathfinder1-Ethernet1 - INET-cv-pathfinder-pathfinder2-Ethernet1 + - name: Port-Channel1 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder1-Ethernet1 + - INET-cv-pathfinder-pathfinder2-Ethernet1 + - name: Port-Channel450 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder1-Ethernet1 + - INET-cv-pathfinder-pathfinder2-Ethernet1 + - name: Port-Channel540 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder1-Ethernet1 + - INET-cv-pathfinder-pathfinder2-Ethernet1 dynamic_peers: enabled: true static_peers: @@ -645,6 +856,12 @@ router_path_selection: - name: INET priority: 2 loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: AWS + priority: 2 + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -678,6 +895,9 @@ application_traffic_recognition: - name: VOICE applications: - name: CUSTOM-VOICE-APPLICATION + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -694,6 +914,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -709,6 +934,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' @@ -746,16 +977,6 @@ ip_nat: ranges: - first_port: 1500 last_port: 65535 -static_routes: -- destination_address_prefix: 10.37.121.1/32 - name: IE-ZSCALER-PRI - gateway: 172.31.0.1 -- destination_address_prefix: 10.39.77.1/32 - name: IE-ZSCALER-SEC - gateway: 172.31.0.1 -- destination_address_prefix: 10.50.9.1/32 - name: IE-ZSCALER-TER - gateway: 172.31.0.1 router_service_insertion: enabled: true connections: @@ -788,6 +1009,18 @@ router_service_insertion: monitor_connectivity_host: IE-Tunnel112 tunnel_interface: primary: Tunnel112 + - name: IE-Tunnel200 + monitor_connectivity_host: IE-Tunnel200 + tunnel_interface: + primary: Tunnel200 + - name: IE-Tunnel201 + monitor_connectivity_host: IE-Tunnel201 + tunnel_interface: + primary: Tunnel201 + - name: IE-Tunnel202 + monitor_connectivity_host: IE-Tunnel202 + tunnel_interface: + primary: Tunnel202 router_internet_exit: exit_groups: - name: DIRECT-EXIT-POLICY-1 @@ -811,6 +1044,15 @@ router_internet_exit: - name: ZSCALER-EXIT-POLICY-2_TER local_connections: - name: IE-Tunnel112 + - name: ZSCALER-EXIT-POLICY-3_PRI + local_connections: + - name: IE-Tunnel200 + - name: ZSCALER-EXIT-POLICY-3_SEC + local_connections: + - name: IE-Tunnel201 + - name: ZSCALER-EXIT-POLICY-3_TER + local_connections: + - name: IE-Tunnel202 policies: - name: DIRECT-EXIT-POLICY-1 exit_groups: @@ -826,6 +1068,11 @@ router_internet_exit: - name: ZSCALER-EXIT-POLICY-2_PRI - name: ZSCALER-EXIT-POLICY-2_SEC - name: ZSCALER-EXIT-POLICY-2_TER + - name: ZSCALER-EXIT-POLICY-3 + exit_groups: + - name: ZSCALER-EXIT-POLICY-3_PRI + - name: ZSCALER-EXIT-POLICY-3_SEC + - name: ZSCALER-EXIT-POLICY-3_TER dps_interfaces: - name: Dps1 description: DPS Interface @@ -903,6 +1150,33 @@ tunnel_interfaces: destination: 10.50.9.1 ipsec_profile: IE-ZSCALER-EXIT-POLICY-2-PROFILE nat_profile: NAT-IE-ZSCALER +- name: Tunnel200 + description: Internet Exit ZSCALER-EXIT-POLICY-3 PRI + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Port-Channel1 + destination: 10.37.121.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-3-PROFILE + nat_profile: NAT-IE-ZSCALER +- name: Tunnel201 + description: Internet Exit ZSCALER-EXIT-POLICY-3 SEC + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Port-Channel1 + destination: 10.39.77.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-3-PROFILE + nat_profile: NAT-IE-ZSCALER +- name: Tunnel202 + description: Internet Exit ZSCALER-EXIT-POLICY-3 TER + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Port-Channel1 + destination: 10.50.9.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-3-PROFILE + nat_profile: NAT-IE-ZSCALER monitor_connectivity: interface_sets: - name: SET-Ethernet3 @@ -919,6 +1193,12 @@ monitor_connectivity: interfaces: Tunnel111 - name: SET-Tunnel112 interfaces: Tunnel112 + - name: SET-Tunnel200 + interfaces: Tunnel200 + - name: SET-Tunnel201 + interfaces: Tunnel201 + - name: SET-Tunnel202 + interfaces: Tunnel202 hosts: - name: IE-Ethernet3 description: Internet Exit DIRECT-EXIT-POLICY-1 @@ -961,6 +1241,24 @@ monitor_connectivity: local_interfaces: SET-Tunnel112 address_only: false url: http://gateway.zscalerbeta.net/vpntest + - name: IE-Tunnel200 + description: Internet Exit ZSCALER-EXIT-POLICY-3 PRI + ip: 10.37.121.1 + local_interfaces: SET-Tunnel200 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest + - name: IE-Tunnel201 + description: Internet Exit ZSCALER-EXIT-POLICY-3 SEC + ip: 10.39.77.1 + local_interfaces: SET-Tunnel201 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest + - name: IE-Tunnel202 + description: Internet Exit ZSCALER-EXIT-POLICY-3 TER + ip: 10.50.9.1 + local_interfaces: SET-Tunnel202 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest shutdown: false metadata: cv_pathfinder: @@ -1049,6 +1347,48 @@ metadata: region: eu-west1 latitude: '50' longitude: '9' + - name: ZSCALER-EXIT-POLICY-3 + type: zscaler + city: Santa Clara, CA + country: United States + firewall: false + ips_control: false + acceptable_use_policy: false + vpn_credentials: + - fqdn: cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-3@test.local + vpn_type: UFQDN + pre_shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0A67637B7B666B3873293274733B31233B6D2A332315696A + tunnels: + - name: Tunnel200 + preference: Preferred + endpoint: + ip_address: 10.37.121.1 + datacenter: FMT1 + city: Fremont, CA + country: United States + region: us-west1 + latitude: '37' + longitude: '-121' + - name: Tunnel201 + preference: Alternate + endpoint: + ip_address: 10.39.77.1 + datacenter: WAS1 + city: Washington, DC + country: United States + region: us-east1 + latitude: '39' + longitude: '-77' + - name: Tunnel202 + preference: Alternate + endpoint: + ip_address: 10.50.9.1 + datacenter: FRA4 + city: Frankfurt + country: Germany + region: eu-west1 + latitude: '50' + longitude: '9' role: edge ssl_profile: profileA vtep_ip: 192.168.142.2 @@ -1068,6 +1408,16 @@ metadata: carrier: ATT circuit_id: '404' pathgroup: INET + - name: Port-Channel1 + carrier: ATT + circuit_id: '404' + pathgroup: INET + - name: Port-Channel450 + carrier: Orange + pathgroup: INET + - name: Port-Channel540 + carrier: Comcast + pathgroup: INET pathfinders: - vtep_ip: 192.168.144.2 - vtep_ip: 192.168.144.3 @@ -1134,6 +1484,66 @@ metadata: tags: - name: Type value: lan + - interface: Ethernet6 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '404' + - interface: Ethernet7 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '404' + - interface: Ethernet1/10 + tags: + - name: Type + value: wan + - name: Carrier + value: Orange + - interface: Ethernet1/16 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - interface: Ethernet1/17 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - interface: Ethernet1/18 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - interface: Port-Channel1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '404' + - interface: Port-Channel450 + tags: + - name: Type + value: wan + - name: Carrier + value: Orange + - interface: Port-Channel540 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast flow_tracking: hardware: trackers: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml index e5b55b5cdaa..a767e6f3c0a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml @@ -499,6 +499,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT @@ -522,6 +524,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -553,6 +557,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -633,6 +639,11 @@ router_path_selection: - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -666,6 +677,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -682,6 +696,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -697,6 +716,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml index 13d4ac9ac68..614c8c24ebe 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml @@ -482,6 +482,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT @@ -505,6 +507,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -536,6 +540,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -617,6 +623,10 @@ router_path_selection: path_groups: - name: MPLS - name: CUSTOM_LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: CUSTOM_LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: MPLS @@ -648,6 +658,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -664,6 +677,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -679,6 +697,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml index effa2d4a8b3..9cda7bf959c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml @@ -334,6 +334,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT vrfs: @@ -355,6 +357,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -381,6 +385,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -455,6 +461,11 @@ router_path_selection: - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -484,6 +495,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -500,6 +514,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -515,6 +534,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml index 451caef49c9..22ee556e080 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml @@ -333,6 +333,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT vrfs: @@ -354,6 +356,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -380,6 +384,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -455,6 +461,10 @@ router_path_selection: path_groups: - name: MPLS - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: MPLS @@ -482,6 +492,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -498,6 +511,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -513,6 +531,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml index 84006493a56..387f34a30b7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml @@ -358,6 +358,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT vrfs: @@ -379,6 +381,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -405,6 +409,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -478,6 +484,11 @@ router_path_selection: - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -507,6 +518,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -523,6 +537,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -538,6 +557,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' @@ -619,6 +644,10 @@ metadata: tags: - name: Type value: lan + - interface: Port-Channel666 + tags: + - name: Type + value: lan cv_pathfinder: role: transit region ssl_profile: profileA diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml index cfa89076411..b7a99606c28 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml @@ -358,6 +358,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT vrfs: @@ -379,6 +381,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -405,6 +409,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -478,6 +484,11 @@ router_path_selection: - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -507,6 +518,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -523,6 +537,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -538,6 +557,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' @@ -619,6 +644,10 @@ metadata: tags: - name: Type value: lan + - interface: Port-Channel666 + tags: + - name: Type + value: lan cv_pathfinder: role: transit region ssl_profile: profileA diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index a16d246a099..7c2e6ddd943 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -215,6 +215,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: CUSTOM-VOICE-PROFILE-NAME @@ -242,6 +244,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -280,6 +284,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -377,6 +383,13 @@ router_path_selection: path_groups: - name: MPLS - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: AWS + priority: 2 + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -428,6 +441,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -444,6 +460,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -459,6 +480,12 @@ application_traffic_recognition: src_prefix_set_name: PFX-LOCAL-VTEP-IP field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' @@ -517,6 +544,9 @@ metadata: builtin_applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + user_defined_applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE user_defined_applications: - name: APP-CONTROL-PLANE @@ -692,6 +722,19 @@ metadata: preference: preferred application_profiles: - MPLS-ONLY + - constraints: + lossrate: 45.0 + id: 6 + name: PROD-AVT-POLICY-CRITICAL-APP + pathgroups: + - name: INET + preference: preferred + - name: AWS + preference: alternate + - name: LAN_HA + preference: preferred + application_profiles: + - CRITICAL-APP - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index fb494dc1aca..5d5117bc84d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -231,6 +231,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: CUSTOM-VOICE-PROFILE-NAME @@ -258,6 +260,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -296,6 +300,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -396,6 +402,13 @@ router_path_selection: path_groups: - name: MPLS - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: AWS + priority: 2 + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -445,6 +458,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -461,6 +477,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -476,6 +497,12 @@ application_traffic_recognition: src_prefix_set_name: PFX-LOCAL-VTEP-IP field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' @@ -534,6 +561,9 @@ metadata: builtin_applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + user_defined_applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE user_defined_applications: - name: APP-CONTROL-PLANE @@ -700,6 +730,19 @@ metadata: preference: preferred application_profiles: - MPLS-ONLY + - constraints: + lossrate: 45.0 + id: 6 + name: PROD-AVT-POLICY-CRITICAL-APP + pathgroups: + - name: INET + preference: preferred + - name: AWS + preference: alternate + - name: LAN_HA + preference: preferred + application_profiles: + - CRITICAL-APP - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 6da01081346..396e4e4fd53 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -238,6 +238,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: CUSTOM-VOICE-PROFILE-NAME @@ -265,6 +267,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -303,6 +307,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -413,6 +419,13 @@ router_path_selection: path_groups: - name: MPLS - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: AWS + priority: 2 + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -463,6 +476,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -479,6 +495,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -494,6 +515,12 @@ application_traffic_recognition: src_prefix_set_name: PFX-LOCAL-VTEP-IP field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' @@ -552,6 +579,9 @@ metadata: builtin_applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + user_defined_applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE user_defined_applications: - name: APP-CONTROL-PLANE @@ -721,6 +751,19 @@ metadata: preference: preferred application_profiles: - MPLS-ONLY + - constraints: + lossrate: 45.0 + id: 6 + name: PROD-AVT-POLICY-CRITICAL-APP + pathgroups: + - name: INET + preference: preferred + - name: AWS + preference: alternate + - name: LAN_HA + preference: preferred + application_profiles: + - CRITICAL-APP - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml index b42ca1cd3e3..1710d303e3c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml @@ -477,6 +477,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: CUSTOM-VOICE-PROFILE-NAME @@ -505,6 +507,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -543,6 +547,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -651,6 +657,11 @@ router_path_selection: path_groups: - name: MPLS - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -702,6 +713,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -718,6 +732,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -733,6 +752,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml index 4b42d7cbaa8..977abd30a51 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml @@ -475,6 +475,8 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - name: PROD-AVT-POLICY-MPLS-ONLY load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-CRITICAL-APP + load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: CUSTOM-VOICE-PROFILE-NAME @@ -502,6 +504,8 @@ router_adaptive_virtual_topology: id: 4 - name: PROD-AVT-POLICY-MPLS-ONLY id: 5 + - name: PROD-AVT-POLICY-CRITICAL-APP + id: 6 - name: PROD-AVT-POLICY-DEFAULT id: 1 - name: IT @@ -540,6 +544,8 @@ router_adaptive_virtual_topology: avt_profile: PROD-AVT-POLICY-VIDEO - application_profile: MPLS-ONLY avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: CRITICAL-APP + avt_profile: PROD-AVT-POLICY-CRITICAL-APP - application_profile: default avt_profile: PROD-AVT-POLICY-DEFAULT - name: DEFAULT-AVT-POLICY @@ -648,6 +654,11 @@ router_path_selection: path_groups: - name: MPLS - name: LAN_HA + - name: LB-PROD-AVT-POLICY-CRITICAL-APP + path_groups: + - name: INET + - name: LAN_HA + loss_rate: '45.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: - name: INET @@ -699,6 +710,9 @@ application_traffic_recognition: applications: - name: CUSTOM-VOICE-APPLICATION - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + - name: CUSTOM-APPLICATION-3 - name: APP-PROFILE-CONTROL-PLANE applications: - name: APP-CONTROL-PLANE @@ -715,6 +729,11 @@ application_traffic_recognition: dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 protocols: - tcp + - name: CUSTOM-APPLICATION-3 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-APPLICATION-2 protocols: - tcp @@ -730,6 +749,12 @@ application_traffic_recognition: dest_prefix_set_name: PFX-PATHFINDERS field_sets: l4_ports: + - name: TCP-SRC-3 + port_values: + - '400' + - name: TCP-DEST-3 + port_values: + - '880' - name: TCP-SRC-2 port_values: - '42' diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-port-channels.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-port-channels.yml new file mode 100644 index 00000000000..865c5b733d6 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-port-channels.yml @@ -0,0 +1,586 @@ +hostname: node-type-l3-port-channels +is_deployed: true +router_bgp: + as: '65005' + router_id: 192.168.255.1 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + updates: + wait_install: true + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Dps1 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65005' + ttl_maximum_hops: 1 + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + encapsulation: path-selection + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: any + vrfs: + - name: default + rd: 192.168.255.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +service_routing_protocols_model: multi-agent +ip_routing: true +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +transceiver_qsfp_default_mode_4x10: false +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + description: Cybercast_101_peerDevice1_Ethernet11 + peer: peerDevice1 + peer_interface: Ethernet11 + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 2 + mode: active +- name: Ethernet2 + description: Cybercast_101_peer1 + peer: peer1 + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 2 + mode: active +- name: Ethernet3 + description: Custom eth3 description + peer: peer1 + shutdown: false + switchport: + enabled: false + channel_group: + id: 2 + mode: active +- name: Ethernet1/4 + description: StreamFast_102_peerDevice2_Ethernet1/12 + peer: peerDevice2 + peer_interface: Ethernet1/12 + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 5 + mode: passive +- name: Ethernet1/5 + description: StreamFast_102_peer2 + peer: peer2 + shutdown: false + switchport: + enabled: false + speed: forced 10000full + channel_group: + id: 5 + mode: passive +- name: Ethernet1/10 + description: BlizzardFast_peerDevice3_Ethernet1/10 + peer: peerDevice3 + peer_interface: Ethernet1/10 + shutdown: false + switchport: + enabled: false + channel_group: + id: 8 + mode: 'on' + speed: forced 1000full +- name: Ethernet1/19 + description: BlizzardFast_peerDevice4_Ethernet1/19 + peer: peerDevice4 + peer_interface: Ethernet1/19 + shutdown: true + switchport: + enabled: false + channel_group: + id: 19 + mode: active +- name: Ethernet1/20 + description: BlizzardFast_peerDevice4_Ethernet1/20 + peer: peerDevice4 + peer_interface: Ethernet1/20 + shutdown: true + switchport: + enabled: false + channel_group: + id: 19 + mode: active +port_channel_interfaces: +- name: Port-Channel2 + peer_type: l3_port_channel + peer: peer1 + peer_interface: Port-Channel10 + ip_address: 192.168.1.102/31 + shutdown: false + switchport: + enabled: false + description: Cybercast_101_peer1_Port-Channel10 + service_profile: TEST-QOS-PROFILE1 + flow_tracker: + hardware: FLOW-TRACKER +- name: Port-Channel5 + peer_type: l3_port_channel + peer: peer2 + peer_interface: Port-Channel15 + ip_address: 192.168.1.105/31 + shutdown: false + switchport: + enabled: false + description: StreamFast_102_peer2_Port-Channel15 + service_profile: TEST-QOS-PROFILE1 + eos_cli: '! TEST RAW_EOS_CLI + + ' + service_policy: + qos: + input: TEST_POLICY +- name: Port-Channel5.100 + peer_type: l3_port_channel + peer: peer2 + peer_interface: Port-Channel15 + ip_address: 192.168.100.115/31 + shutdown: false + description: ExtremeCable_105_peer2_Port-Channel15 + service_profile: TEST-QOS-PROFILE2 + flow_tracker: + hardware: FLOW-TRACKER + encapsulation_dot1q: + vlan: 108 +- name: Port-Channel5.105 + peer_type: l3_port_channel + peer: peer2 + peer_interface: Port-Channel16 + ip_address: 192.168.100.116/31 + shutdown: false + description: peer2_Port-Channel16 + service_profile: TEST-QOS-PROFILE2 + flow_tracker: + hardware: FLOW-TRACKER + encapsulation_dot1q: + vlan: 105 +- name: Port-Channel8 + peer_type: l3_port_channel + peer: peerDevice3 + peer_interface: Port-Channel18 + ip_address: dhcp + shutdown: false + switchport: + enabled: false + description: BlizzardFast_peerDevice3_Port-Channel18 + service_profile: TEST-QOS-PROFILE3 + eos_cli: '! TEST RAW_EOS_CLI 123 + + ' + flow_tracker: + hardware: FLOW-TRACKER + dhcp_client_accept_default_route: true +- name: Port-Channel19 + peer_type: l3_port_channel + peer: peerDevice4 + peer_interface: Port-Channel20 + ip_address: 192.168.1.19 + shutdown: true + switchport: + enabled: false + description: BlizzardFast_peerDevice4_Port-Channel20 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.255.1:511 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.255.1:511 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.10 +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.255.1:511 +ip_security: + ike_policies: + - name: CP-IKE-POLICY + local_id: 192.168.142.1 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +management_security: + ssl_profiles: + - name: STUN-DTLS + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + tls_versions: '1.2' +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_East + id: 43 + zone: + name: AVD_Land_East-ZONE + id: 1 + site: + name: Site511 + id: 511 + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE + - name: DEFAULT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-POLICY-DEFAULT + id: 1 + policies: + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto + path_groups: + - name: INET + id: 101 + local_interfaces: + - name: Port-Channel2 + - name: Port-Channel5 + - name: Port-Channel5.100 + - name: Port-Channel8 + - name: Port-Channel19 + dynamic_peers: + enabled: true + ipsec_profile: CP-PROFILE + load_balance_policies: + - name: LB-DEFAULT-POLICY-CONTROL-PLANE + path_groups: + - name: INET + - name: LB-DEFAULT-POLICY-DEFAULT + path_groups: + - name: INET +router_traffic_engineering: + enabled: true +application_traffic_recognition: + application_profiles: + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.1/32 + flow_tracker: + hardware: FLOW-TRACKER +vxlan_interface: + vxlan1: + description: node-type-l3-port-channels_VTEP + vxlan: + udp_port: 4789 + source_interface: Dps1 + vrfs: + - name: default + vni: 1 +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_East + - name: Zone + value: AVD_Land_East-ZONE + - name: Site + value: Site511 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: Cybercast + - name: Circuit + value: '101' + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Cybercast + - name: Circuit + value: '101' + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: Cybercast + - name: Circuit + value: '101' + - interface: Ethernet1/4 + tags: + - name: Type + value: wan + - name: Carrier + value: StreamFast + - name: Circuit + value: '102' + - interface: Ethernet1/5 + tags: + - name: Type + value: wan + - name: Carrier + value: StreamFast + - name: Circuit + value: '102' + - interface: Ethernet1/10 + tags: + - name: Type + value: wan + - name: Carrier + value: BlizzardFast + - interface: Ethernet1/19 + tags: + - name: Type + value: wan + - name: Carrier + value: BlizzardFast + - interface: Ethernet1/20 + tags: + - name: Type + value: wan + - name: Carrier + value: BlizzardFast + - interface: Port-Channel2 + tags: + - name: Type + value: wan + - name: Carrier + value: Cybercast + - name: Circuit + value: '101' + - interface: Port-Channel5 + tags: + - name: Type + value: wan + - name: Carrier + value: StreamFast + - name: Circuit + value: '102' + - interface: Port-Channel5.100 + tags: + - name: Type + value: wan + - name: Carrier + value: ExtremeCable + - name: Circuit + value: '105' + - interface: Port-Channel5.105 + tags: + - name: Type + value: lan + - interface: Port-Channel8 + tags: + - name: Type + value: wan + - name: Carrier + value: BlizzardFast + - interface: Port-Channel19 + tags: + - name: Type + value: wan + - name: Carrier + value: BlizzardFast + cv_pathfinder: + role: edge + ssl_profile: STUN-DTLS + vtep_ip: 192.168.142.1 + region: AVD_Land_East + zone: AVD_Land_East-ZONE + site: Site511 + interfaces: + - name: Port-Channel2 + carrier: Cybercast + circuit_id: '101' + pathgroup: INET + - name: Port-Channel5 + carrier: StreamFast + circuit_id: '102' + pathgroup: INET + - name: Port-Channel5.100 + carrier: ExtremeCable + circuit_id: '105' + pathgroup: INET + - name: Port-Channel8 + carrier: BlizzardFast + pathgroup: INET + - name: Port-Channel19 + carrier: BlizzardFast + pathgroup: INET diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 620bdc0843f..b26f6af9e9d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -15,7 +15,7 @@ ipv4_prefix_list_catalog: - sequence: 10 action: permit 5.0.0.0/0 - sequence: 20 - action: deny 10.00.0.0/24 + action: deny 10.0.0.0/24 cv_pathfinder_regions: - name: AVD_Land_West @@ -212,6 +212,81 @@ wan_router: bgp: peer_as: 64520 ipv4_prefix_list_out: PL2 + l3_port_channels: + - # Port-Channel with 2 member ports + name: Port-Channel1 + mode: active + member_interfaces: + - name: Ethernet6 + peer: peerDevice1 + peer_interface: PeerDevIntf1 + speed: "forced 10000full" + - # peer, peer_interface not set, use peer from parent L3 Port-Channel + name: Ethernet7 + speed: "forced 10000full" + ip_address: 172.15.5.7/31 + # Using peer_ip same as the one specified for Ethernet3 under l3_interfaces above. + # This will cause identical nexthop for Zscaler tunnel destinations to be configured via ip route. + # instead of multiple routes to same Zscaler destination via different nexthops. + peer: peerDeviceA + peer_ip: 172.31.0.1 + peer_port_channel: Port-Channel2 + wan_carrier: ATT + wan_circuit_id: 404 + static_routes: + - prefix: 172.16.0.0/16 + bgp: + peer_as: 64520 + ipv4_prefix_list_in: PL2 + ipv4_prefix_list_out: ALLOW-DEFAULT + cv_pathfinder_internet_exit: + policies: + - name: ZSCALER-EXIT-POLICY-3 + tunnel_interface_numbers: 200-202 + flow_tracking: + enabled: true + - # Port-Channel with 1 member ports + name: Port-Channel450 + mode: 'on' + member_interfaces: + - name: Ethernet1/10 + speed: "forced 10000full" + ip_address: 172.15.5.8/31 + peer: peerDevice10 + peer_ip: 172.31.0.10 + peer_port_channel: Port-Channel455 + wan_carrier: Orange + connected_to_pathfinder: false + static_routes: + - prefix: 172.17.0.0/16 + bgp: + peer_as: 64520 + ipv4_prefix_list_in: PL2 + flow_tracking: + enabled: false + - # Port-Channel with 3 member ports + name: Port-Channel540 + # use default mode + member_interfaces: + - name: Ethernet1/16 + speed: "auto 10000full" + - name: Ethernet1/17 + # interface speed not specified + - name: Ethernet1/18 + speed: "1000full" + ip_address: 172.15.6.9/31 + public_ip: 10.36.36.100 + peer: peerDevice11 + peer_ip: 172.31.0.11 + peer_port_channel: Port-Channel545 + wan_carrier: Comcast + connected_to_pathfinder: true + static_routes: + - prefix: 172.18.0.0/16 + # flow_tracking not set, hence not configured + ipv4_acl_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN + ipv4_acl_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT + # SITE_HA_ENABLED # Because HA is enabled, this allow to test that MPLS-ONLY, present on # cv-pathfinder-edge2B (because of Colt) is being configured on cv-pathfinder-edge2A @@ -607,6 +682,17 @@ wan_virtual_topologies: - names: [MPLS] preference: preferred id: 5 + - application_profile: CRITICAL-APP + path_groups: + - names: [INET] + preference: preferred + - names: [AWS] + preference: alternate + constraints: + loss_rate: 45.0 + internet_exit: + policy: ZSCALER-EXIT-POLICY-3 + id: 6 - name: DEFAULT-AVT-POLICY default_virtual_topology: path_groups: @@ -659,6 +745,10 @@ application_classification: - rtp - name: IT - name: MPLS-ONLY + - name: CRITICAL-APP + applications: + # Testing applications in application-profiles filtering + - name: CUSTOM-APPLICATION-3 - name: VOICE applications: # Testing applications in application-profiles filtering @@ -688,6 +778,10 @@ application_classification: protocols: [tcp] tcp_src_port_set_name: TCP-SRC-2 tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-APPLICATION-3 + protocols: [tcp] + tcp_src_port_set_name: TCP-SRC-3 + tcp_dest_port_set_name: TCP-DEST-3 - name: CUSTOM-voice-APPLICATION protocols: [udp] udp_src_port_set_name: UDP-SRC-VOICE @@ -714,10 +808,16 @@ application_classification: - name: TCP-SRC-2 port_values: - 42 + - name: TCP-SRC-3 + port_values: + - 400 - name: TCP-DEST-2 port_values: - 666 - 777 + - name: TCP-DEST-3 + port_values: + - 880 - name: UDP-SRC-VOICE port_values: - 42000-42999 @@ -738,6 +838,12 @@ cv_pathfinder_internet_exit_policies: zscaler: domain_name: test.local ipsec_key_salt: THIS_SHOULD_BE_VAULTED + - name: ZSCALER-EXIT-POLICY-3 + fallback_to_system_default: False + type: zscaler + zscaler: + domain_name: test.local + ipsec_key_salt: THIS_SHOULD_BE_VAULTED - name: DIRECT-EXIT-POLICY-1 fallback_to_system_default: False type: direct diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge1.yml index 85aa8d95d2c..a052889692f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge1.yml @@ -21,6 +21,13 @@ ipv4_acls: protocol: ip source: peer_ip destination: interface_ip + - name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: interface_ip + destination: any - name: ACL-NAT-IE-ZSCALER entries: - sequence: 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/node-type-l3-port-channels.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/node-type-l3-port-channels.yml new file mode 100644 index 00000000000..99d061c09ec --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/node-type-l3-port-channels.yml @@ -0,0 +1,169 @@ +--- +# This yml file is being used to test the various supported schema attributes for L3 Port-Channel +# for cv-pathfinder deployment use-case. +type: wan_router + +cv_pathfinder_regions: + - name: AVD_Land_East + id: 43 + description: AVD Region + sites: + - name: Site511 + id: 511 + location: Miami + +bgp_peer_groups: + wan_overlay_peers: + password: "htm4AZe9mIQOO1uiMuGgYQ==" + listen_range_prefixes: + - 192.168.142.0/24 + - 192.168.143.0/24 + +wan_ipsec_profiles: + control_plane: + shared_key: ABCDEF1234567890 + data_plane: + shared_key: ABCDEF1234567890666 + +wan_router: + node_groups: + - group: Site511 + uplink_type: p2p-vrfs + cv_pathfinder_region: AVD_Land_East + cv_pathfinder_site: Site511 + nodes: + - name: node-type-l3-port-channels + id: 1 + loopback_ipv4_pool: 192.168.255.0/24 + vtep_loopback_ipv4_pool: 192.168.142.0/24 + bgp_as: 65005 + l3_port_channels: + - # Port-Channel with 3 member ports + name: Port-Channel2 + mode: active + member_interfaces: + - name: Ethernet1 + peer: peerDevice1 + peer_interface: Ethernet11 + speed: "forced 10000full" + - # if peer not set, use one from parent L3 Port-Channel + name: Ethernet2 + speed: "forced 10000full" + - # one with structured config for member port (TO ADD) + name: Ethernet3 + description: "Custom eth3 description" + ip_address: 192.168.1.102/31 + peer: peer1 + peer_port_channel: Port-Channel10 + peer_ip: 192.168.1.10 + static_routes: + - prefix: 0.0.0.0/0 + qos_profile: TEST-QOS-PROFILE1 + wan_carrier: Cybercast + wan_circuit_id: 101 + flow_tracking: + enabled: true + - # Port-Channel with 2 member ports + name: Port-Channel5 + mode: passive + member_interfaces: + - name: Ethernet1/4 + peer: peerDevice2 + peer_interface: Ethernet1/12 + speed: "forced 10000full" + - # if peer not set, use one from parent L3 Port-Channel + name: Ethernet1/5 + speed: "forced 10000full" + ip_address: 192.168.1.105/31 + peer: peer2 + peer_port_channel: Port-Channel15 + peer_ip: 192.168.1.15 + qos_profile: TEST-QOS-PROFILE1 + wan_carrier: StreamFast + wan_circuit_id: 102 + flow_tracking: + enabled: false + structured_config: + service_policy: + qos: + input: TEST_POLICY + raw_eos_cli: | + ! TEST RAW_EOS_CLI + - # sub-interface for Port-Channel + # with user-specfied encapsulation_dot1q_vlan + name: Port-Channel5.100 + encapsulation_dot1q_vlan: 108 + ip_address: 192.168.100.115/31 + peer: peer2 + peer_port_channel: Port-Channel15 + peer_ip: 192.168.1.15 + qos_profile: TEST-QOS-PROFILE2 + wan_carrier: ExtremeCable + wan_circuit_id: 105 + flow_tracking: + enabled: true + - # sub-interface for Port-Channel + # Does not have wan_carrier set + name: Port-Channel5.105 + ip_address: 192.168.100.116/31 + peer: peer2 + peer_port_channel: Port-Channel16 + peer_ip: 192.168.1.16 + qos_profile: TEST-QOS-PROFILE2 + flow_tracking: + enabled: true + - # Port-Channel with 1 member port + name: Port-Channel8 + mode: 'on' + member_interfaces: + - name: Ethernet1/10 + peer: peerDevice3 + peer_interface: Ethernet1/10 + structured_config: + # specify interface speed via structured_config + speed: "forced 1000full" + peer: peerDevice3 + peer_port_channel: Port-Channel18 + peer_ip: 192.168.1.18 + qos_profile: TEST-QOS-PROFILE3 + wan_carrier: BlizzardFast + ip_address: dhcp + dhcp_ip: 10.15.16.17 + dhcp_accept_default_route: true + flow_tracking: + enabled: true + raw_eos_cli: | + ! TEST RAW_EOS_CLI 123 + - # Port-Channel interface is not enabled, member ports to inherit this + name: Port-Channel19 + # mode not specified, use default + enabled: false + ip_address: 192.168.1.19 + member_interfaces: + - name: Ethernet1/19 + peer_interface: Ethernet1/19 + - name: Ethernet1/20 + peer_interface: Ethernet1/20 + peer: peerDevice4 + peer_port_channel: Port-Channel20 + peer_ip: 192.168.2.19 + wan_carrier: BlizzardFast +wan_carriers: + - name: Cybercast + path_group: INET + trusted: true + - name: StreamFast + path_group: INET + trusted: true + - name: ExtremeCable + path_group: INET + trusted: true + - name: BlizzardFast + path_group: INET + trusted: true + +wan_path_groups: + - name: INET + id: 101 + - name: LTE + id: 102 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml index 62a5b1e8ca0..032556ab7a4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml @@ -50,6 +50,7 @@ all: spanning-tree-mode-rapid-pvst: node-type-l3-interfaces: node-type-l3-interfaces-bgp: + node-type-l3-port-channels: ipv4-acls: only-connected-endpoints: platform_settings: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-flow-tracking-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-flow-tracking-settings.md index 5eddb2ca443..27281796fe2 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-flow-tracking-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-flow-tracking-settings.md @@ -29,6 +29,9 @@ | [  l3_interfaces](## "fabric_flow_tracking.l3_interfaces") | Dictionary | | | | Enable flow-tracking on all node.l3_interfaces and network-services tenants.vrfs.l3_interfaces. | | [    enabled](## "fabric_flow_tracking.l3_interfaces.enabled") | Boolean | | `False` | | | | [    name](## "fabric_flow_tracking.l3_interfaces.name") | String | | `FLOW-TRACKER` | | Flow tracker name as defined in flow_tracking_settings. | + | [  l3_port_channels](## "fabric_flow_tracking.l3_port_channels") | Dictionary | | | | Enable flow-tracking on all node.l3_port_channels. | + | [    enabled](## "fabric_flow_tracking.l3_port_channels.enabled") | Boolean | | `False` | | | + | [    name](## "fabric_flow_tracking.l3_port_channels.name") | String | | `FLOW-TRACKER` | | Flow tracker name as defined in flow_tracking_settings. | | [  dps_interfaces](## "fabric_flow_tracking.dps_interfaces") | Dictionary | | | | Enable flow-tracking on all dps_interfaces. | | [    enabled](## "fabric_flow_tracking.dps_interfaces.enabled") | Boolean | | `True` | | | | [    name](## "fabric_flow_tracking.dps_interfaces.name") | String | | `FLOW-TRACKER` | | Flow tracker name as defined in flow_tracking_settings. | @@ -124,6 +127,13 @@ # Flow tracker name as defined in flow_tracking_settings. name: + # Enable flow-tracking on all node.l3_port_channels. + l3_port_channels: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + # Enable flow-tracking on all dps_interfaces. dps_interfaces: enabled: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md index 8c5ff47281d..0c16c173c87 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md @@ -9,7 +9,7 @@ | -------- | ---- | -------- | ------- | ------------------ | ----------- | | [<node_type_keys.key>](## "") | Dictionary | | | | | | [  defaults](## ".defaults") | Dictionary | | | | Define variables for all nodes of this type. | - | [    l3_interfaces](## ".defaults.l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [    l3_interfaces](## ".defaults.l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node. | | [      - profile](## ".defaults.l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under `l3_interface_profiles`.
| | [        name](## ".defaults.l3_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+(.[\d]+)?` | Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'.
For a subinterface, the parent physical interface is automatically created. | | [        description](## ".defaults.l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | @@ -48,7 +48,7 @@ | [    - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
| | [      nodes](## ".node_groups.[].nodes") | List, items: Dictionary | | | | Define variables per node. | | [        - name](## ".node_groups.[].nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | - | [          l3_interfaces](## ".node_groups.[].nodes.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [          l3_interfaces](## ".node_groups.[].nodes.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node. | | [            - profile](## ".node_groups.[].nodes.[].l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under `l3_interface_profiles`.
| | [              name](## ".node_groups.[].nodes.[].l3_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+(.[\d]+)?` | Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'.
For a subinterface, the parent physical interface is automatically created. | | [              description](## ".node_groups.[].nodes.[].l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | @@ -83,7 +83,7 @@ | [                enabled](## ".node_groups.[].nodes.[].l3_interfaces.[].flow_tracking.enabled") | Boolean | | | | | | [                name](## ".node_groups.[].nodes.[].l3_interfaces.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | | [              structured_config](## ".node_groups.[].nodes.[].l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | - | [      l3_interfaces](## ".node_groups.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [      l3_interfaces](## ".node_groups.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node. | | [        - profile](## ".node_groups.[].l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under `l3_interface_profiles`.
| | [          name](## ".node_groups.[].l3_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+(.[\d]+)?` | Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'.
For a subinterface, the parent physical interface is automatically created. | | [          description](## ".node_groups.[].l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | @@ -120,7 +120,7 @@ | [          structured_config](## ".node_groups.[].l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | | [  nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. | | [    - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | - | [      l3_interfaces](## ".nodes.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [      l3_interfaces](## ".nodes.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node. | | [        - profile](## ".nodes.[].l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under `l3_interface_profiles`.
| | [          name](## ".nodes.[].l3_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+(.[\d]+)?` | Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'.
For a subinterface, the parent physical interface is automatically created. | | [          description](## ".nodes.[].l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | @@ -200,7 +200,6 @@ defaults: # L3 Interfaces to configure on the node. - # Used to define the node for WAN interfaces when `wan_carrier` is set. l3_interfaces: # L3 interface profile name. Profile defined under `l3_interface_profiles`. @@ -341,7 +340,6 @@ - name: # L3 Interfaces to configure on the node. - # Used to define the node for WAN interfaces when `wan_carrier` is set. l3_interfaces: # L3 interface profile name. Profile defined under `l3_interface_profiles`. @@ -469,7 +467,6 @@ structured_config: # L3 Interfaces to configure on the node. - # Used to define the node for WAN interfaces when `wan_carrier` is set. l3_interfaces: # L3 interface profile name. Profile defined under `l3_interface_profiles`. @@ -603,7 +600,6 @@ - name: # L3 Interfaces to configure on the node. - # Used to define the node for WAN interfaces when `wan_carrier` is set. l3_interfaces: # L3 interface profile name. Profile defined under `l3_interface_profiles`. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md index 00496f9888a..775614ac238 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md @@ -9,16 +9,17 @@ | -------- | ---- | -------- | ------- | ------------------ | ----------- | | [<node_type_keys.key>](## "") | Dictionary | | | | | | [  defaults](## ".defaults") | Dictionary | | | | Define variables for all nodes of this type. | - | [    l3_port_channels](## ".defaults.l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [    l3_port_channels](## ".defaults.l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node. | | [      - name](## ".defaults.l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | | [        description](## ".defaults.l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | - | [        mode](## ".defaults.l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [        mode](## ".defaults.l3_port_channels.[].mode") | String | | `active` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | | [        member_interfaces](## ".defaults.l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | | [          - name](## ".defaults.l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | | [            description](## ".defaults.l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | | [            peer](## ".defaults.l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | | [            peer_interface](## ".defaults.l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [            speed](## ".defaults.l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [            structured_config](## ".defaults.l3_port_channels.[].member_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the member ethernet interface. | | [        ip_address](## ".defaults.l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | | [        dhcp_ip](## ".defaults.l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | | [        public_ip](## ".defaults.l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | @@ -35,7 +36,7 @@ | [        ipv4_acl_in](## ".defaults.l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | | [        ipv4_acl_out](## ".defaults.l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [        static_routes](## ".defaults.l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | - | [          - prefix](## ".defaults.l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [          - prefix](## ".defaults.l3_port_channels.[].static_routes.[].prefix") | String | Required, Unique | | | IPv4_network/Mask. | | [        qos_profile](## ".defaults.l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | | [        wan_carrier](## ".defaults.l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | | [        wan_circuit_id](## ".defaults.l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | @@ -44,8 +45,8 @@ | [          policies](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | | [            - name](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | | [              tunnel_interface_numbers](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | - | [        raw_eos_cli](## ".defaults.l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | - | [        flow_tracking](## ".defaults.l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [        raw_eos_cli](## ".defaults.l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. | + | [        flow_tracking](## ".defaults.l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. | | [          enabled](## ".defaults.l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | | [          name](## ".defaults.l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | | [        structured_config](## ".defaults.l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | @@ -53,16 +54,17 @@ | [    - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
| | [      nodes](## ".node_groups.[].nodes") | List, items: Dictionary | | | | Define variables per node. | | [        - name](## ".node_groups.[].nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | - | [          l3_port_channels](## ".node_groups.[].nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [          l3_port_channels](## ".node_groups.[].nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node. | | [            - name](## ".node_groups.[].nodes.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | | [              description](## ".node_groups.[].nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | - | [              mode](## ".node_groups.[].nodes.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [              mode](## ".node_groups.[].nodes.[].l3_port_channels.[].mode") | String | | `active` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | | [              member_interfaces](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | | [                - name](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | | [                  description](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | | [                  peer](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | | [                  peer_interface](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [                  speed](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [                  structured_config](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the member ethernet interface. | | [              ip_address](## ".node_groups.[].nodes.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | | [              dhcp_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | | [              public_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | @@ -79,7 +81,7 @@ | [              ipv4_acl_in](## ".node_groups.[].nodes.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | | [              ipv4_acl_out](## ".node_groups.[].nodes.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [              static_routes](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | - | [                - prefix](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [                - prefix](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required, Unique | | | IPv4_network/Mask. | | [              qos_profile](## ".node_groups.[].nodes.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | | [              wan_carrier](## ".node_groups.[].nodes.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | | [              wan_circuit_id](## ".node_groups.[].nodes.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | @@ -88,21 +90,22 @@ | [                policies](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | | [                  - name](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | | [                    tunnel_interface_numbers](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | - | [              raw_eos_cli](## ".node_groups.[].nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | - | [              flow_tracking](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [              raw_eos_cli](## ".node_groups.[].nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. | + | [              flow_tracking](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. | | [                enabled](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | | [                name](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | | [              structured_config](## ".node_groups.[].nodes.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | - | [      l3_port_channels](## ".node_groups.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [      l3_port_channels](## ".node_groups.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node. | | [        - name](## ".node_groups.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | | [          description](## ".node_groups.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | - | [          mode](## ".node_groups.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [          mode](## ".node_groups.[].l3_port_channels.[].mode") | String | | `active` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | | [          member_interfaces](## ".node_groups.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | | [            - name](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | | [              description](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | | [              peer](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | | [              peer_interface](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [              speed](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [              structured_config](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the member ethernet interface. | | [          ip_address](## ".node_groups.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | | [          dhcp_ip](## ".node_groups.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | | [          public_ip](## ".node_groups.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | @@ -119,7 +122,7 @@ | [          ipv4_acl_in](## ".node_groups.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | | [          ipv4_acl_out](## ".node_groups.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [          static_routes](## ".node_groups.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | - | [            - prefix](## ".node_groups.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [            - prefix](## ".node_groups.[].l3_port_channels.[].static_routes.[].prefix") | String | Required, Unique | | | IPv4_network/Mask. | | [          qos_profile](## ".node_groups.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | | [          wan_carrier](## ".node_groups.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | | [          wan_circuit_id](## ".node_groups.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | @@ -128,23 +131,24 @@ | [            policies](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | | [              - name](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | | [                tunnel_interface_numbers](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | - | [          raw_eos_cli](## ".node_groups.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | - | [          flow_tracking](## ".node_groups.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [          raw_eos_cli](## ".node_groups.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. | + | [          flow_tracking](## ".node_groups.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. | | [            enabled](## ".node_groups.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | | [            name](## ".node_groups.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | | [          structured_config](## ".node_groups.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | | [  nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. | | [    - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | - | [      l3_port_channels](## ".nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [      l3_port_channels](## ".nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node. | | [        - name](## ".nodes.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | | [          description](## ".nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | - | [          mode](## ".nodes.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [          mode](## ".nodes.[].l3_port_channels.[].mode") | String | | `active` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | | [          member_interfaces](## ".nodes.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | | [            - name](## ".nodes.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | | [              description](## ".nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | | [              peer](## ".nodes.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | | [              peer_interface](## ".nodes.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [              speed](## ".nodes.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [              structured_config](## ".nodes.[].l3_port_channels.[].member_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the member ethernet interface. | | [          ip_address](## ".nodes.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | | [          dhcp_ip](## ".nodes.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | | [          public_ip](## ".nodes.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | @@ -161,7 +165,7 @@ | [          ipv4_acl_in](## ".nodes.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | | [          ipv4_acl_out](## ".nodes.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [          static_routes](## ".nodes.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | - | [            - prefix](## ".nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [            - prefix](## ".nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required, Unique | | | IPv4_network/Mask. | | [          qos_profile](## ".nodes.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | | [          wan_carrier](## ".nodes.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | | [          wan_circuit_id](## ".nodes.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | @@ -170,8 +174,8 @@ | [            policies](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | | [              - name](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | | [                tunnel_interface_numbers](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | - | [          raw_eos_cli](## ".nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | - | [          flow_tracking](## ".nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [          raw_eos_cli](## ".nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. | + | [          flow_tracking](## ".nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. | | [            enabled](## ".nodes.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | | [            name](## ".nodes.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | | [          structured_config](## ".nodes.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | @@ -185,7 +189,6 @@ defaults: # L3 Port-Channel interfaces to configure on the node. - # Used to define the node for WAN interfaces when `wan_carrier` is set. l3_port_channels: # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. @@ -198,7 +201,7 @@ # Port-Channel mode. # Should not be set on Port-Channel subinterfaces. - mode: + mode: # Port-Channel member interfaces. # Should not be set on Port-Channel subinterfaces. @@ -222,6 +225,9 @@ # Speed should be set in the format `` or `forced ` or `auto `. speed: + # Custom structured config for the member ethernet interface. + structured_config: + # Node IPv4 address/Mask or 'dhcp'. ip_address: @@ -289,7 +295,7 @@ static_routes: # >=1 items # IPv4_network/Mask. - - prefix: + - prefix: # QOS service profile. qos_profile: @@ -319,10 +325,10 @@ # Examples: '1-3' or '100,200,300' tunnel_interface_numbers: - # EOS CLI rendered directly on the interface in the final EOS configuration. + # EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. raw_eos_cli: - # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. flow_tracking: enabled: @@ -346,7 +352,6 @@ - name: # L3 Port-Channel interfaces to configure on the node. - # Used to define the node for WAN interfaces when `wan_carrier` is set. l3_port_channels: # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. @@ -359,7 +364,7 @@ # Port-Channel mode. # Should not be set on Port-Channel subinterfaces. - mode: + mode: # Port-Channel member interfaces. # Should not be set on Port-Channel subinterfaces. @@ -383,6 +388,9 @@ # Speed should be set in the format `` or `forced ` or `auto `. speed: + # Custom structured config for the member ethernet interface. + structured_config: + # Node IPv4 address/Mask or 'dhcp'. ip_address: @@ -450,7 +458,7 @@ static_routes: # >=1 items # IPv4_network/Mask. - - prefix: + - prefix: # QOS service profile. qos_profile: @@ -480,10 +488,10 @@ # Examples: '1-3' or '100,200,300' tunnel_interface_numbers: - # EOS CLI rendered directly on the interface in the final EOS configuration. + # EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. raw_eos_cli: - # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. flow_tracking: enabled: @@ -494,7 +502,6 @@ structured_config: # L3 Port-Channel interfaces to configure on the node. - # Used to define the node for WAN interfaces when `wan_carrier` is set. l3_port_channels: # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. @@ -507,7 +514,7 @@ # Port-Channel mode. # Should not be set on Port-Channel subinterfaces. - mode: + mode: # Port-Channel member interfaces. # Should not be set on Port-Channel subinterfaces. @@ -531,6 +538,9 @@ # Speed should be set in the format `` or `forced ` or `auto `. speed: + # Custom structured config for the member ethernet interface. + structured_config: + # Node IPv4 address/Mask or 'dhcp'. ip_address: @@ -598,7 +608,7 @@ static_routes: # >=1 items # IPv4_network/Mask. - - prefix: + - prefix: # QOS service profile. qos_profile: @@ -628,10 +638,10 @@ # Examples: '1-3' or '100,200,300' tunnel_interface_numbers: - # EOS CLI rendered directly on the interface in the final EOS configuration. + # EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. raw_eos_cli: - # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. flow_tracking: enabled: @@ -648,7 +658,6 @@ - name: # L3 Port-Channel interfaces to configure on the node. - # Used to define the node for WAN interfaces when `wan_carrier` is set. l3_port_channels: # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. @@ -661,7 +670,7 @@ # Port-Channel mode. # Should not be set on Port-Channel subinterfaces. - mode: + mode: # Port-Channel member interfaces. # Should not be set on Port-Channel subinterfaces. @@ -685,6 +694,9 @@ # Speed should be set in the format `` or `forced ` or `auto `. speed: + # Custom structured config for the member ethernet interface. + structured_config: + # Node IPv4 address/Mask or 'dhcp'. ip_address: @@ -752,7 +764,7 @@ static_routes: # >=1 items # IPv4_network/Mask. - - prefix: + - prefix: # QOS service profile. qos_profile: @@ -782,10 +794,10 @@ # Examples: '1-3' or '100,200,300' tunnel_interface_numbers: - # EOS CLI rendered directly on the interface in the final EOS configuration. + # EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. raw_eos_cli: - # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. flow_tracking: enabled: diff --git a/python-avd/pyavd/_eos_designs/schema/__init__.py b/python-avd/pyavd/_eos_designs/schema/__init__.py index afa5548636b..686314c124c 100644 --- a/python-avd/pyavd/_eos_designs/schema/__init__.py +++ b/python-avd/pyavd/_eos_designs/schema/__init__.py @@ -3400,6 +3400,46 @@ def __init__( L3Interfaces. + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class L3PortChannels(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "enabled": {"type": bool, "default": False}, + "name": {"type": str, "default": "FLOW-TRACKER"}, + "_custom_data": {"type": dict}, + } + enabled: bool + """Default value: `False`""" + name: str + """ + Flow tracker name as defined in flow_tracking_settings. + + Default value: `"FLOW-TRACKER"` + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | UndefinedType = Undefined, + name: str | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + L3PortChannels. + + Subclass of AvdModel. Args: @@ -3497,6 +3537,7 @@ def __init__( "core_interfaces": {"type": CoreInterfaces}, "mlag_interfaces": {"type": MlagInterfaces}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "dps_interfaces": {"type": DpsInterfaces}, "direct_wan_ha_links": {"type": DirectWanHaLinks}, "_custom_data": {"type": dict}, @@ -3540,6 +3581,12 @@ def __init__( l3_interfaces: L3Interfaces """ Enable flow-tracking on all node.l3_interfaces and network-services tenants.vrfs.l3_interfaces. + Subclass of AvdModel. + """ + l3_port_channels: L3PortChannels + """ + Enable flow-tracking on all node.l3_port_channels. + Subclass of AvdModel. """ dps_interfaces: DpsInterfaces @@ -3568,6 +3615,7 @@ def __init__( core_interfaces: CoreInterfaces | UndefinedType = Undefined, mlag_interfaces: MlagInterfaces | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, dps_interfaces: DpsInterfaces | UndefinedType = Undefined, direct_wan_ha_links: DirectWanHaLinks | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -3605,6 +3653,10 @@ def __init__( Subclass of AvdModel. l3_interfaces: Enable flow-tracking on all node.l3_interfaces and network-services tenants.vrfs.l3_interfaces. + Subclass of AvdModel. + l3_port_channels: + Enable flow-tracking on all node.l3_port_channels. + Subclass of AvdModel. dps_interfaces: Enable flow-tracking on all dps_interfaces. @@ -21191,6 +21243,642 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): L3Interfaces._item_type = L3InterfacesItem + class L3PortChannelsItem(AvdModel): + """Subclass of AvdModel.""" + + class MemberInterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "speed": {"type": str}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + """ + description: str | None + """ + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + """ + peer: str | None + """ + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + """ + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + speed: str | None + """ + Speed should be set in the format `` or `forced ` or `auto + `. + """ + structured_config: StructuredConfig + """ + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + MemberInterfacesItem. + + + Subclass of AvdModel. + + Args: + name: + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + description: + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + peer: + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + peer_interface: The peer device interface. Used for description and documentation. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + structured_config: + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class MemberInterfaces(AvdIndexedList[str, MemberInterfacesItem]): + """Subclass of AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + MemberInterfaces._item_type = MemberInterfacesItem + + class Bgp(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "peer_as": {"type": str}, + "ipv4_prefix_list_in": {"type": str}, + "ipv4_prefix_list_out": {"type": str}, + "_custom_data": {"type": dict}, + } + peer_as: str + """ + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + """ + ipv4_prefix_list_in: str | None + """ + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + """ + ipv4_prefix_list_out: str | None + """ + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + peer_as: str | UndefinedType = Undefined, + ipv4_prefix_list_in: str | None | UndefinedType = Undefined, + ipv4_prefix_list_out: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + Bgp. + + + Subclass of AvdModel. + + Args: + peer_as: + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + ipv4_prefix_list_in: + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + _custom_data: _custom_data + + """ + + class StaticRoutesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"prefix": {"type": str}, "_custom_data": {"type": dict}} + prefix: str + """IPv4_network/Mask.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, prefix: str | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + StaticRoutesItem. + + + Subclass of AvdModel. + + Args: + prefix: IPv4_network/Mask. + _custom_data: _custom_data + + """ + + class StaticRoutes(AvdIndexedList[str, StaticRoutesItem]): + """Subclass of AvdIndexedList with `StaticRoutesItem` items. Primary key is `prefix` (`str`).""" + + _primary_key: ClassVar[str] = "prefix" + + StaticRoutes._item_type = StaticRoutesItem + + class CvPathfinderInternetExit(AvdModel): + """Subclass of AvdModel.""" + + class PoliciesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"name": {"type": str}, "tunnel_interface_numbers": {"type": str}, "_custom_data": {"type": dict}} + name: str + """Internet-exit policy name.""" + tunnel_interface_numbers: str | None + """ + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + tunnel_interface_numbers: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + PoliciesItem. + + + Subclass of AvdModel. + + Args: + name: Internet-exit policy name. + tunnel_interface_numbers: + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + _custom_data: _custom_data + + """ + + class Policies(AvdIndexedList[str, PoliciesItem]): + """Subclass of AvdIndexedList with `PoliciesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + Policies._item_type = PoliciesItem + + _fields: ClassVar[dict] = {"policies": {"type": Policies}, "_custom_data": {"type": dict}} + policies: Policies + """ + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, policies: Policies | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + CvPathfinderInternetExit. + + + Subclass of AvdModel. + + Args: + policies: + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + _custom_data: _custom_data + + """ + + class FlowTracking(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"enabled": {"type": bool}, "name": {"type": str}, "_custom_data": {"type": dict}} + enabled: bool | None + name: str | None + """Flow tracker name as defined in flow_tracking_settings.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + name: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + FlowTracking. + + + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class StructuredConfig(EosCliConfigGen.PortChannelInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "mode": {"type": str, "default": "active"}, + "member_interfaces": {"type": MemberInterfaces}, + "ip_address": {"type": str}, + "dhcp_ip": {"type": str}, + "public_ip": {"type": str}, + "encapsulation_dot1q_vlan": {"type": int}, + "dhcp_accept_default_route": {"type": bool, "default": True}, + "enabled": {"type": bool, "default": True}, + "peer": {"type": str}, + "peer_port_channel": {"type": str}, + "peer_ip": {"type": str}, + "bgp": {"type": Bgp}, + "ipv4_acl_in": {"type": str}, + "ipv4_acl_out": {"type": str}, + "static_routes": {"type": StaticRoutes}, + "qos_profile": {"type": str}, + "wan_carrier": {"type": str}, + "wan_circuit_id": {"type": str}, + "connected_to_pathfinder": {"type": bool, "default": True}, + "cv_pathfinder_internet_exit": {"type": CvPathfinderInternetExit}, + "raw_eos_cli": {"type": str}, + "flow_tracking": {"type": FlowTracking}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + For a + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + """ + description: str | None + """ + Interface description. + If not set a default description will be configured with '[[ + ]]'. + """ + mode: Literal["active", "passive", "on"] + """ + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + + Default value: `"active"` + """ + member_interfaces: MemberInterfaces + """ + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). + """ + ip_address: str | None + """Node IPv4 address/Mask or 'dhcp'.""" + dhcp_ip: str | None + """ + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + """ + public_ip: str | None + """ + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` + + The determined Public IP is + used by WAN routers when peering with this interface. + """ + encapsulation_dot1q_vlan: int | None + """ + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + """ + dhcp_accept_default_route: bool + """ + Accept a default route from DHCP if `ip_address` is set to `dhcp`. + + Default value: `True` + """ + enabled: bool + """ + Enable or Shutdown the interface. + + Default value: `True` + """ + peer: str | None + """The peer device name. Used for description and documentation.""" + peer_port_channel: str | None + """The peer device port-channel interface. Used for description and documentation.""" + peer_ip: str | None + """ + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + """ + bgp: Bgp + """ + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + """ + ipv4_acl_in: str | None + """ + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + """ + ipv4_acl_out: str | None + """ + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + """ + static_routes: StaticRoutes + """ + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). + """ + qos_profile: str | None + """QOS service profile.""" + wan_carrier: str | None + """ + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + """ + wan_circuit_id: str | None + """ + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + """ + connected_to_pathfinder: bool + """ + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + + Default value: `True` + """ + cv_pathfinder_internet_exit: CvPathfinderInternetExit + """ + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + """ + raw_eos_cli: str | None + """EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration.""" + flow_tracking: FlowTracking + """ + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + + Subclass of AvdModel. + """ + structured_config: StructuredConfig + """ + Custom structured config for the Port-Channel interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + mode: Literal["active", "passive", "on"] | UndefinedType = Undefined, + member_interfaces: MemberInterfaces | UndefinedType = Undefined, + ip_address: str | None | UndefinedType = Undefined, + dhcp_ip: str | None | UndefinedType = Undefined, + public_ip: str | None | UndefinedType = Undefined, + encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, + dhcp_accept_default_route: bool | UndefinedType = Undefined, + enabled: bool | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_port_channel: str | None | UndefinedType = Undefined, + peer_ip: str | None | UndefinedType = Undefined, + bgp: Bgp | UndefinedType = Undefined, + ipv4_acl_in: str | None | UndefinedType = Undefined, + ipv4_acl_out: str | None | UndefinedType = Undefined, + static_routes: StaticRoutes | UndefinedType = Undefined, + qos_profile: str | None | UndefinedType = Undefined, + wan_carrier: str | None | UndefinedType = Undefined, + wan_circuit_id: str | None | UndefinedType = Undefined, + connected_to_pathfinder: bool | UndefinedType = Undefined, + cv_pathfinder_internet_exit: CvPathfinderInternetExit | UndefinedType = Undefined, + raw_eos_cli: str | None | UndefinedType = Undefined, + flow_tracking: FlowTracking | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + L3PortChannelsItem. + + + Subclass of AvdModel. + + Args: + name: + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + For a + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + description: + Interface description. + If not set a default description will be configured with '[[ + ]]'. + mode: + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + member_interfaces: + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). + ip_address: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + public_ip: + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` + + The determined Public IP is + used by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: Enable or Shutdown the interface. + peer: The peer device name. Used for description and documentation. + peer_port_channel: The peer device port-channel interface. Used for description and documentation. + peer_ip: + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + bgp: + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + ipv4_acl_in: + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + ipv4_acl_out: + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + static_routes: + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). + qos_profile: QOS service profile. + wan_carrier: + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + connected_to_pathfinder: For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + raw_eos_cli: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. + flow_tracking: + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + + Subclass of AvdModel. + structured_config: + Custom structured config for the Port-Channel interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class L3PortChannels(AvdIndexedList[str, L3PortChannelsItem]): + """Subclass of AvdIndexedList with `L3PortChannelsItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + L3PortChannels._item_type = L3PortChannelsItem + _fields: ClassVar[dict] = { "id": {"type": int}, "platform": {"type": str}, @@ -21295,6 +21983,7 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): "wan_ha": {"type": WanHa}, "dps_mss_ipv4": {"type": str, "default": "auto"}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "data_plane_cpu_allocation_max": {"type": int}, "flow_tracker_type": {"type": str}, "_custom_data": {"type": dict}, @@ -22051,11 +22740,16 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): l3_interfaces: L3Interfaces """ L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + """ + l3_port_channels: L3PortChannels + """ + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). """ data_plane_cpu_allocation_max: int | None """ @@ -22180,6 +22874,7 @@ def __init__( wan_ha: WanHa | UndefinedType = Undefined, dps_mss_ipv4: str | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, data_plane_cpu_allocation_max: int | None | UndefinedType = Undefined, flow_tracker_type: Literal["sampled", "hardware"] | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -22715,11 +23410,14 @@ def __init__( dps_mss_ipv4: IPv4 MSS value configured under "router path-selection" on WAN Devices. l3_interfaces: L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + l3_port_channels: + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). data_plane_cpu_allocation_max: Set the maximum number of CPU used for the data plane. This setting is useful on virtual Route @@ -24021,70 +24719,510 @@ def __init__( """ _fields: ClassVar[dict] = { - "enabled": {"type": bool}, - "ipsec": {"type": bool, "default": True}, - "mtu": {"type": int, "default": 9194}, - "ha_interfaces": {"type": HaInterfaces}, - "ha_ipv4_pool": {"type": str}, - "max_ha_interfaces": {"type": int}, - "port_channel_id": {"type": int}, - "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "enabled": {"type": bool}, + "ipsec": {"type": bool, "default": True}, + "mtu": {"type": int, "default": 9194}, + "ha_interfaces": {"type": HaInterfaces}, + "ha_ipv4_pool": {"type": str}, + "max_ha_interfaces": {"type": int}, + "port_channel_id": {"type": int}, + "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "flow_tracking": {"type": FlowTracking}, + "_custom_data": {"type": dict}, + } + enabled: bool | None + """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" + ipsec: bool + """ + Enable / Disable IPsec over HA path-group when HA is enabled. + + Default value: `True` + """ + mtu: int + """ + Set MTU on WAN HA interfaces. + + Default value: `9194` + """ + ha_interfaces: HaInterfaces + """ + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + """ + ha_ipv4_pool: str | None + """ + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + """ + max_ha_interfaces: int | None + """ + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + """ + port_channel_id: int | None + """Port-channel ID to use for direct HA.""" + use_port_channel_for_direct_ha: bool + """ + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + + Default value: `True` + """ + flow_tracking: FlowTracking + """ + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + ipsec: bool | UndefinedType = Undefined, + mtu: int | UndefinedType = Undefined, + ha_interfaces: HaInterfaces | UndefinedType = Undefined, + ha_ipv4_pool: str | None | UndefinedType = Undefined, + max_ha_interfaces: int | None | UndefinedType = Undefined, + port_channel_id: int | None | UndefinedType = Undefined, + use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + flow_tracking: FlowTracking | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + WanHa. + + + Subclass of AvdModel. + + Args: + enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. + mtu: Set MTU on WAN HA interfaces. + ha_interfaces: + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + ha_ipv4_pool: + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + max_ha_interfaces: + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + port_channel_id: Port-channel ID to use for direct HA. + use_port_channel_for_direct_ha: + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + flow_tracking: + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class L3InterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class Bgp(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "peer_as": {"type": str}, + "ipv4_prefix_list_in": {"type": str}, + "ipv4_prefix_list_out": {"type": str}, + "_custom_data": {"type": dict}, + } + peer_as: str + """ + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + """ + ipv4_prefix_list_in: str | None + """ + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + """ + ipv4_prefix_list_out: str | None + """ + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + peer_as: str | UndefinedType = Undefined, + ipv4_prefix_list_in: str | None | UndefinedType = Undefined, + ipv4_prefix_list_out: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + Bgp. + + + Subclass of AvdModel. + + Args: + peer_as: + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + ipv4_prefix_list_in: + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + _custom_data: _custom_data + + """ + + class StaticRoutesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"prefix": {"type": str}, "_custom_data": {"type": dict}} + prefix: str + """IPv4_network/Mask.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, prefix: str | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + StaticRoutesItem. + + + Subclass of AvdModel. + + Args: + prefix: IPv4_network/Mask. + _custom_data: _custom_data + + """ + + class StaticRoutes(AvdList[StaticRoutesItem]): + """Subclass of AvdList with `StaticRoutesItem` items.""" + + StaticRoutes._item_type = StaticRoutesItem + + class CvPathfinderInternetExit(AvdModel): + """Subclass of AvdModel.""" + + class PoliciesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"name": {"type": str}, "tunnel_interface_numbers": {"type": str}, "_custom_data": {"type": dict}} + name: str + """Internet-exit policy name.""" + tunnel_interface_numbers: str | None + """ + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + tunnel_interface_numbers: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + PoliciesItem. + + + Subclass of AvdModel. + + Args: + name: Internet-exit policy name. + tunnel_interface_numbers: + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + _custom_data: _custom_data + + """ + + class Policies(AvdIndexedList[str, PoliciesItem]): + """Subclass of AvdIndexedList with `PoliciesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + Policies._item_type = PoliciesItem + + _fields: ClassVar[dict] = {"policies": {"type": Policies}, "_custom_data": {"type": dict}} + policies: Policies + """ + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, policies: Policies | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + CvPathfinderInternetExit. + + + Subclass of AvdModel. + + Args: + policies: + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + _custom_data: _custom_data + + """ + + class FlowTracking(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"enabled": {"type": bool}, "name": {"type": str}, "_custom_data": {"type": dict}} + enabled: bool | None + name: str | None + """Flow tracker name as defined in flow_tracking_settings.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + name: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + FlowTracking. + + + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "profile": {"type": str}, + "name": {"type": str}, + "description": {"type": str}, + "ip_address": {"type": str}, + "dhcp_ip": {"type": str}, + "public_ip": {"type": str}, + "encapsulation_dot1q_vlan": {"type": int}, + "dhcp_accept_default_route": {"type": bool, "default": True}, + "enabled": {"type": bool, "default": True}, + "speed": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "peer_ip": {"type": str}, + "bgp": {"type": Bgp}, + "ipv4_acl_in": {"type": str}, + "ipv4_acl_out": {"type": str}, + "static_routes": {"type": StaticRoutes}, + "qos_profile": {"type": str}, + "wan_carrier": {"type": str}, + "wan_circuit_id": {"type": str}, + "connected_to_pathfinder": {"type": bool, "default": True}, + "cv_pathfinder_internet_exit": {"type": CvPathfinderInternetExit}, + "raw_eos_cli": {"type": str}, "flow_tracking": {"type": FlowTracking}, + "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - enabled: bool | None - """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" - ipsec: bool + profile: str | None + """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" + name: str """ - Enable / Disable IPsec over HA path-group when HA is enabled. + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + """ + description: str | None + """ + Interface description. + If not set a default description will be configured with '[[ + ]]'. + """ + ip_address: str | None + """Node IPv4 address/Mask or 'dhcp'.""" + dhcp_ip: str | None + """ + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + """ + public_ip: str | None + """ + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + """ + encapsulation_dot1q_vlan: int | None + """ + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + """ + dhcp_accept_default_route: bool + """ + Accept a default route from DHCP if `ip_address` is set to `dhcp`. Default value: `True` """ - mtu: int + enabled: bool """ - Set MTU on WAN HA interfaces. + Enable or Shutdown the interface. - Default value: `9194` + Default value: `True` """ - ha_interfaces: HaInterfaces + speed: str | None """ - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + Speed should be set in the format `` or `forced ` or `auto + `. + """ + peer: str | None + """The peer device name. Used for description and documentation.""" + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + peer_ip: str | None + """ + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + """ + bgp: Bgp + """ + Enforce IPv4 BGP peering for the peer - Subclass of AvdList with `str` items. + Subclass of AvdModel. """ - ha_ipv4_pool: str | None + ipv4_acl_in: str | None """ - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. """ - max_ha_interfaces: int | None + ipv4_acl_out: str | None """ - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". """ - port_channel_id: int | None - """Port-channel ID to use for direct HA.""" - use_port_channel_for_direct_ha: bool + static_routes: StaticRoutes """ - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + """ + qos_profile: str | None + """QOS service profile.""" + wan_carrier: str | None + """ + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + """ + wan_circuit_id: str | None + """ + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + """ + connected_to_pathfinder: bool + """ + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. Default value: `True` """ + cv_pathfinder_internet_exit: CvPathfinderInternetExit + """ + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + """ + raw_eos_cli: str | None + """EOS CLI rendered directly on the interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + """ + structured_config: StructuredConfig + """ + Custom structured config for the Ethernet interface. Subclass of AvdModel. """ @@ -24095,63 +25233,240 @@ def __init__( def __init__( self, *, - enabled: bool | None | UndefinedType = Undefined, - ipsec: bool | UndefinedType = Undefined, - mtu: int | UndefinedType = Undefined, - ha_interfaces: HaInterfaces | UndefinedType = Undefined, - ha_ipv4_pool: str | None | UndefinedType = Undefined, - max_ha_interfaces: int | None | UndefinedType = Undefined, - port_channel_id: int | None | UndefinedType = Undefined, - use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + profile: str | None | UndefinedType = Undefined, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + ip_address: str | None | UndefinedType = Undefined, + dhcp_ip: str | None | UndefinedType = Undefined, + public_ip: str | None | UndefinedType = Undefined, + encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, + dhcp_accept_default_route: bool | UndefinedType = Undefined, + enabled: bool | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + peer_ip: str | None | UndefinedType = Undefined, + bgp: Bgp | UndefinedType = Undefined, + ipv4_acl_in: str | None | UndefinedType = Undefined, + ipv4_acl_out: str | None | UndefinedType = Undefined, + static_routes: StaticRoutes | UndefinedType = Undefined, + qos_profile: str | None | UndefinedType = Undefined, + wan_carrier: str | None | UndefinedType = Undefined, + wan_circuit_id: str | None | UndefinedType = Undefined, + connected_to_pathfinder: bool | UndefinedType = Undefined, + cv_pathfinder_internet_exit: CvPathfinderInternetExit | UndefinedType = Undefined, + raw_eos_cli: str | None | UndefinedType = Undefined, flow_tracking: FlowTracking | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - WanHa. + L3InterfacesItem. Subclass of AvdModel. Args: - enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. - ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. - mtu: Set MTU on WAN HA interfaces. - ha_interfaces: - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. + name: + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + description: + Interface description. + If not set a default description will be configured with '[[ + ]]'. + ip_address: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + public_ip: + Node IPv4 address (no mask). - Subclass of AvdList with `str` items. - ha_ipv4_pool: - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. - max_ha_interfaces: - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. - port_channel_id: Port-channel ID to use for direct HA. - use_port_channel_for_direct_ha: - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: Enable or Shutdown the interface. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + peer: The peer device name. Used for description and documentation. + peer_interface: The peer device interface. Used for description and documentation. + peer_ip: + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + bgp: + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + ipv4_acl_in: + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + ipv4_acl_out: + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + static_routes: + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + qos_profile: QOS service profile. + wan_carrier: + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + connected_to_pathfinder: For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + structured_config: + Custom structured config for the Ethernet interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3InterfacesItem(AvdModel): + class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): + """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + L3Interfaces._item_type = L3InterfacesItem + + class L3PortChannelsItem(AvdModel): """Subclass of AvdModel.""" + class MemberInterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "speed": {"type": str}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + """ + description: str | None + """ + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + """ + peer: str | None + """ + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + """ + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + speed: str | None + """ + Speed should be set in the format `` or `forced ` or `auto + `. + """ + structured_config: StructuredConfig + """ + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + MemberInterfacesItem. + + + Subclass of AvdModel. + + Args: + name: + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + description: + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + peer: + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + peer_interface: The peer device interface. Used for description and documentation. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + structured_config: + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class MemberInterfaces(AvdIndexedList[str, MemberInterfacesItem]): + """Subclass of AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + MemberInterfaces._item_type = MemberInterfacesItem + class Bgp(AvdModel): """Subclass of AvdModel.""" @@ -24239,8 +25554,10 @@ def __init__( """ - class StaticRoutes(AvdList[StaticRoutesItem]): - """Subclass of AvdList with `StaticRoutesItem` items.""" + class StaticRoutes(AvdIndexedList[str, StaticRoutesItem]): + """Subclass of AvdIndexedList with `StaticRoutesItem` items. Primary key is `prefix` (`str`).""" + + _primary_key: ClassVar[str] = "prefix" StaticRoutes._item_type = StaticRoutesItem @@ -24355,22 +25672,22 @@ def __init__( """ - class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + class StructuredConfig(EosCliConfigGen.PortChannelInterfacesItem): """Subclass of AvdModel.""" _fields: ClassVar[dict] = { - "profile": {"type": str}, "name": {"type": str}, "description": {"type": str}, + "mode": {"type": str, "default": "active"}, + "member_interfaces": {"type": MemberInterfaces}, "ip_address": {"type": str}, "dhcp_ip": {"type": str}, "public_ip": {"type": str}, "encapsulation_dot1q_vlan": {"type": int}, "dhcp_accept_default_route": {"type": bool, "default": True}, "enabled": {"type": bool, "default": True}, - "speed": {"type": str}, "peer": {"type": str}, - "peer_interface": {"type": str}, + "peer_port_channel": {"type": str}, "peer_ip": {"type": str}, "bgp": {"type": Bgp}, "ipv4_acl_in": {"type": str}, @@ -24386,19 +25703,32 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - profile: str | None - """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" name: str """ - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. """ description: str | None """ Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + """ + mode: Literal["active", "passive", "on"] + """ + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + + Default value: `"active"` + """ + member_interfaces: MemberInterfaces + """ + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). """ ip_address: str | None """Node IPv4 address/Mask or 'dhcp'.""" @@ -24422,11 +25752,11 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. """ encapsulation_dot1q_vlan: int | None """ @@ -24445,15 +25775,10 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Default value: `True` """ - speed: str | None - """ - Speed should be set in the format `` or `forced ` or `auto - `. - """ peer: str | None """The peer device name. Used for description and documentation.""" - peer_interface: str | None - """The peer device interface. Used for description and documentation.""" + peer_port_channel: str | None + """The peer device port-channel interface. Used for description and documentation.""" peer_ip: str | None """ The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true @@ -24484,8 +25809,8 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): """ Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). """ qos_profile: str | None """QOS service profile.""" @@ -24516,15 +25841,17 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Subclass of AvdModel. """ raw_eos_cli: str | None - """EOS CLI rendered directly on the interface in the final EOS configuration.""" + """EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. """ structured_config: StructuredConfig """ - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. """ @@ -24535,18 +25862,18 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): def __init__( self, *, - profile: str | None | UndefinedType = Undefined, name: str | UndefinedType = Undefined, description: str | None | UndefinedType = Undefined, + mode: Literal["active", "passive", "on"] | UndefinedType = Undefined, + member_interfaces: MemberInterfaces | UndefinedType = Undefined, ip_address: str | None | UndefinedType = Undefined, dhcp_ip: str | None | UndefinedType = Undefined, public_ip: str | None | UndefinedType = Undefined, encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, dhcp_accept_default_route: bool | UndefinedType = Undefined, enabled: bool | UndefinedType = Undefined, - speed: str | None | UndefinedType = Undefined, peer: str | None | UndefinedType = Undefined, - peer_interface: str | None | UndefinedType = Undefined, + peer_port_channel: str | None | UndefinedType = Undefined, peer_ip: str | None | UndefinedType = Undefined, bgp: Bgp | UndefinedType = Undefined, ipv4_acl_in: str | None | UndefinedType = Undefined, @@ -24563,21 +25890,29 @@ def __init__( _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - L3InterfacesItem. + L3PortChannelsItem. Subclass of AvdModel. Args: - profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. name: - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. description: Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + mode: + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + member_interfaces: + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). ip_address: Node IPv4 address/Mask or 'dhcp'. dhcp_ip: When the `ip_address` is `dhcp`, this optional field allows to indicate the expected @@ -24596,21 +25931,18 @@ def __init__( with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. encapsulation_dot1q_vlan: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. enabled: Enable or Shutdown the interface. - speed: - Speed should be set in the format `` or `forced ` or `auto - `. peer: The peer device name. Used for description and documentation. - peer_interface: The peer device interface. Used for description and documentation. + peer_port_channel: The peer device port-channel interface. Used for description and documentation. peer_ip: The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. @@ -24632,8 +25964,8 @@ def __init__( static_routes: Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). qos_profile: QOS service profile. wan_carrier: The WAN carrier this interface is connected to. @@ -24650,24 +25982,26 @@ def __init__( PREVIEW: This key is in preview mode Subclass of AvdModel. - raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. structured_config: - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): - """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + class L3PortChannels(AvdIndexedList[str, L3PortChannelsItem]): + """Subclass of AvdIndexedList with `L3PortChannelsItem` items. Primary key is `name` (`str`).""" _primary_key: ClassVar[str] = "name" - L3Interfaces._item_type = L3InterfacesItem + L3PortChannels._item_type = L3PortChannelsItem _fields: ClassVar[dict] = { "name": {"type": str}, @@ -24775,6 +26109,7 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): "wan_ha": {"type": WanHa}, "dps_mss_ipv4": {"type": str, "default": "auto"}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "data_plane_cpu_allocation_max": {"type": int}, "flow_tracker_type": {"type": str}, "_custom_data": {"type": dict}, @@ -25541,11 +26876,16 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): l3_interfaces: L3Interfaces """ L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + """ + l3_port_channels: L3PortChannels + """ + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). """ data_plane_cpu_allocation_max: int | None """ @@ -25672,6 +27012,7 @@ def __init__( wan_ha: WanHa | UndefinedType = Undefined, dps_mss_ipv4: str | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, data_plane_cpu_allocation_max: int | None | UndefinedType = Undefined, flow_tracker_type: Literal["sampled", "hardware"] | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -26214,11 +27555,14 @@ def __init__( dps_mss_ipv4: IPv4 MSS value configured under "router path-selection" on WAN Devices. l3_interfaces: L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + l3_port_channels: + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). data_plane_cpu_allocation_max: Set the maximum number of CPU used for the data plane. This setting is useful on virtual Route @@ -27462,70 +28806,510 @@ def __init__( """ _fields: ClassVar[dict] = { - "enabled": {"type": bool}, - "ipsec": {"type": bool, "default": True}, - "mtu": {"type": int, "default": 9194}, - "ha_interfaces": {"type": HaInterfaces}, - "ha_ipv4_pool": {"type": str}, - "max_ha_interfaces": {"type": int}, - "port_channel_id": {"type": int}, - "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "enabled": {"type": bool}, + "ipsec": {"type": bool, "default": True}, + "mtu": {"type": int, "default": 9194}, + "ha_interfaces": {"type": HaInterfaces}, + "ha_ipv4_pool": {"type": str}, + "max_ha_interfaces": {"type": int}, + "port_channel_id": {"type": int}, + "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "flow_tracking": {"type": FlowTracking}, + "_custom_data": {"type": dict}, + } + enabled: bool | None + """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" + ipsec: bool + """ + Enable / Disable IPsec over HA path-group when HA is enabled. + + Default value: `True` + """ + mtu: int + """ + Set MTU on WAN HA interfaces. + + Default value: `9194` + """ + ha_interfaces: HaInterfaces + """ + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + """ + ha_ipv4_pool: str | None + """ + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + """ + max_ha_interfaces: int | None + """ + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + """ + port_channel_id: int | None + """Port-channel ID to use for direct HA.""" + use_port_channel_for_direct_ha: bool + """ + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + + Default value: `True` + """ + flow_tracking: FlowTracking + """ + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + ipsec: bool | UndefinedType = Undefined, + mtu: int | UndefinedType = Undefined, + ha_interfaces: HaInterfaces | UndefinedType = Undefined, + ha_ipv4_pool: str | None | UndefinedType = Undefined, + max_ha_interfaces: int | None | UndefinedType = Undefined, + port_channel_id: int | None | UndefinedType = Undefined, + use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + flow_tracking: FlowTracking | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + WanHa. + + + Subclass of AvdModel. + + Args: + enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. + mtu: Set MTU on WAN HA interfaces. + ha_interfaces: + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + ha_ipv4_pool: + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + max_ha_interfaces: + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + port_channel_id: Port-channel ID to use for direct HA. + use_port_channel_for_direct_ha: + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + flow_tracking: + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class L3InterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class Bgp(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "peer_as": {"type": str}, + "ipv4_prefix_list_in": {"type": str}, + "ipv4_prefix_list_out": {"type": str}, + "_custom_data": {"type": dict}, + } + peer_as: str + """ + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + """ + ipv4_prefix_list_in: str | None + """ + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + """ + ipv4_prefix_list_out: str | None + """ + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + peer_as: str | UndefinedType = Undefined, + ipv4_prefix_list_in: str | None | UndefinedType = Undefined, + ipv4_prefix_list_out: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + Bgp. + + + Subclass of AvdModel. + + Args: + peer_as: + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + ipv4_prefix_list_in: + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + _custom_data: _custom_data + + """ + + class StaticRoutesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"prefix": {"type": str}, "_custom_data": {"type": dict}} + prefix: str + """IPv4_network/Mask.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, prefix: str | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + StaticRoutesItem. + + + Subclass of AvdModel. + + Args: + prefix: IPv4_network/Mask. + _custom_data: _custom_data + + """ + + class StaticRoutes(AvdList[StaticRoutesItem]): + """Subclass of AvdList with `StaticRoutesItem` items.""" + + StaticRoutes._item_type = StaticRoutesItem + + class CvPathfinderInternetExit(AvdModel): + """Subclass of AvdModel.""" + + class PoliciesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"name": {"type": str}, "tunnel_interface_numbers": {"type": str}, "_custom_data": {"type": dict}} + name: str + """Internet-exit policy name.""" + tunnel_interface_numbers: str | None + """ + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + tunnel_interface_numbers: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + PoliciesItem. + + + Subclass of AvdModel. + + Args: + name: Internet-exit policy name. + tunnel_interface_numbers: + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + _custom_data: _custom_data + + """ + + class Policies(AvdIndexedList[str, PoliciesItem]): + """Subclass of AvdIndexedList with `PoliciesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + Policies._item_type = PoliciesItem + + _fields: ClassVar[dict] = {"policies": {"type": Policies}, "_custom_data": {"type": dict}} + policies: Policies + """ + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, policies: Policies | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + CvPathfinderInternetExit. + + + Subclass of AvdModel. + + Args: + policies: + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + _custom_data: _custom_data + + """ + + class FlowTracking(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"enabled": {"type": bool}, "name": {"type": str}, "_custom_data": {"type": dict}} + enabled: bool | None + name: str | None + """Flow tracker name as defined in flow_tracking_settings.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + name: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + FlowTracking. + + + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "profile": {"type": str}, + "name": {"type": str}, + "description": {"type": str}, + "ip_address": {"type": str}, + "dhcp_ip": {"type": str}, + "public_ip": {"type": str}, + "encapsulation_dot1q_vlan": {"type": int}, + "dhcp_accept_default_route": {"type": bool, "default": True}, + "enabled": {"type": bool, "default": True}, + "speed": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "peer_ip": {"type": str}, + "bgp": {"type": Bgp}, + "ipv4_acl_in": {"type": str}, + "ipv4_acl_out": {"type": str}, + "static_routes": {"type": StaticRoutes}, + "qos_profile": {"type": str}, + "wan_carrier": {"type": str}, + "wan_circuit_id": {"type": str}, + "connected_to_pathfinder": {"type": bool, "default": True}, + "cv_pathfinder_internet_exit": {"type": CvPathfinderInternetExit}, + "raw_eos_cli": {"type": str}, "flow_tracking": {"type": FlowTracking}, + "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - enabled: bool | None - """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" - ipsec: bool + profile: str | None + """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" + name: str """ - Enable / Disable IPsec over HA path-group when HA is enabled. + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + """ + description: str | None + """ + Interface description. + If not set a default description will be configured with '[[ + ]]'. + """ + ip_address: str | None + """Node IPv4 address/Mask or 'dhcp'.""" + dhcp_ip: str | None + """ + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + """ + public_ip: str | None + """ + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + """ + encapsulation_dot1q_vlan: int | None + """ + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + """ + dhcp_accept_default_route: bool + """ + Accept a default route from DHCP if `ip_address` is set to `dhcp`. Default value: `True` """ - mtu: int + enabled: bool """ - Set MTU on WAN HA interfaces. + Enable or Shutdown the interface. - Default value: `9194` + Default value: `True` """ - ha_interfaces: HaInterfaces + speed: str | None """ - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + Speed should be set in the format `` or `forced ` or `auto + `. + """ + peer: str | None + """The peer device name. Used for description and documentation.""" + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + peer_ip: str | None + """ + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + """ + bgp: Bgp + """ + Enforce IPv4 BGP peering for the peer - Subclass of AvdList with `str` items. + Subclass of AvdModel. """ - ha_ipv4_pool: str | None + ipv4_acl_in: str | None """ - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. """ - max_ha_interfaces: int | None + ipv4_acl_out: str | None """ - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". """ - port_channel_id: int | None - """Port-channel ID to use for direct HA.""" - use_port_channel_for_direct_ha: bool + static_routes: StaticRoutes """ - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + """ + qos_profile: str | None + """QOS service profile.""" + wan_carrier: str | None + """ + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + """ + wan_circuit_id: str | None + """ + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + """ + connected_to_pathfinder: bool + """ + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. Default value: `True` """ + cv_pathfinder_internet_exit: CvPathfinderInternetExit + """ + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + """ + raw_eos_cli: str | None + """EOS CLI rendered directly on the interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + """ + structured_config: StructuredConfig + """ + Custom structured config for the Ethernet interface. Subclass of AvdModel. """ @@ -27536,63 +29320,240 @@ def __init__( def __init__( self, *, - enabled: bool | None | UndefinedType = Undefined, - ipsec: bool | UndefinedType = Undefined, - mtu: int | UndefinedType = Undefined, - ha_interfaces: HaInterfaces | UndefinedType = Undefined, - ha_ipv4_pool: str | None | UndefinedType = Undefined, - max_ha_interfaces: int | None | UndefinedType = Undefined, - port_channel_id: int | None | UndefinedType = Undefined, - use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + profile: str | None | UndefinedType = Undefined, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + ip_address: str | None | UndefinedType = Undefined, + dhcp_ip: str | None | UndefinedType = Undefined, + public_ip: str | None | UndefinedType = Undefined, + encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, + dhcp_accept_default_route: bool | UndefinedType = Undefined, + enabled: bool | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + peer_ip: str | None | UndefinedType = Undefined, + bgp: Bgp | UndefinedType = Undefined, + ipv4_acl_in: str | None | UndefinedType = Undefined, + ipv4_acl_out: str | None | UndefinedType = Undefined, + static_routes: StaticRoutes | UndefinedType = Undefined, + qos_profile: str | None | UndefinedType = Undefined, + wan_carrier: str | None | UndefinedType = Undefined, + wan_circuit_id: str | None | UndefinedType = Undefined, + connected_to_pathfinder: bool | UndefinedType = Undefined, + cv_pathfinder_internet_exit: CvPathfinderInternetExit | UndefinedType = Undefined, + raw_eos_cli: str | None | UndefinedType = Undefined, flow_tracking: FlowTracking | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - WanHa. + L3InterfacesItem. Subclass of AvdModel. Args: - enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. - ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. - mtu: Set MTU on WAN HA interfaces. - ha_interfaces: - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. + name: + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + description: + Interface description. + If not set a default description will be configured with '[[ + ]]'. + ip_address: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + public_ip: + Node IPv4 address (no mask). - Subclass of AvdList with `str` items. - ha_ipv4_pool: - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. - max_ha_interfaces: - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. - port_channel_id: Port-channel ID to use for direct HA. - use_port_channel_for_direct_ha: - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: Enable or Shutdown the interface. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + peer: The peer device name. Used for description and documentation. + peer_interface: The peer device interface. Used for description and documentation. + peer_ip: + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + bgp: + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + ipv4_acl_in: + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + ipv4_acl_out: + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + static_routes: + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + qos_profile: QOS service profile. + wan_carrier: + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + connected_to_pathfinder: For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + structured_config: + Custom structured config for the Ethernet interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3InterfacesItem(AvdModel): + class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): + """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + L3Interfaces._item_type = L3InterfacesItem + + class L3PortChannelsItem(AvdModel): """Subclass of AvdModel.""" + class MemberInterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "speed": {"type": str}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + """ + description: str | None + """ + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + """ + peer: str | None + """ + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + """ + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + speed: str | None + """ + Speed should be set in the format `` or `forced ` or `auto + `. + """ + structured_config: StructuredConfig + """ + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + MemberInterfacesItem. + + + Subclass of AvdModel. + + Args: + name: + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + description: + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + peer: + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + peer_interface: The peer device interface. Used for description and documentation. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + structured_config: + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class MemberInterfaces(AvdIndexedList[str, MemberInterfacesItem]): + """Subclass of AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + MemberInterfaces._item_type = MemberInterfacesItem + class Bgp(AvdModel): """Subclass of AvdModel.""" @@ -27680,8 +29641,10 @@ def __init__( """ - class StaticRoutes(AvdList[StaticRoutesItem]): - """Subclass of AvdList with `StaticRoutesItem` items.""" + class StaticRoutes(AvdIndexedList[str, StaticRoutesItem]): + """Subclass of AvdIndexedList with `StaticRoutesItem` items. Primary key is `prefix` (`str`).""" + + _primary_key: ClassVar[str] = "prefix" StaticRoutes._item_type = StaticRoutesItem @@ -27796,22 +29759,22 @@ def __init__( """ - class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + class StructuredConfig(EosCliConfigGen.PortChannelInterfacesItem): """Subclass of AvdModel.""" _fields: ClassVar[dict] = { - "profile": {"type": str}, "name": {"type": str}, "description": {"type": str}, + "mode": {"type": str, "default": "active"}, + "member_interfaces": {"type": MemberInterfaces}, "ip_address": {"type": str}, "dhcp_ip": {"type": str}, "public_ip": {"type": str}, "encapsulation_dot1q_vlan": {"type": int}, "dhcp_accept_default_route": {"type": bool, "default": True}, "enabled": {"type": bool, "default": True}, - "speed": {"type": str}, "peer": {"type": str}, - "peer_interface": {"type": str}, + "peer_port_channel": {"type": str}, "peer_ip": {"type": str}, "bgp": {"type": Bgp}, "ipv4_acl_in": {"type": str}, @@ -27827,19 +29790,32 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - profile: str | None - """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" name: str """ - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. """ description: str | None """ Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + """ + mode: Literal["active", "passive", "on"] + """ + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + + Default value: `"active"` + """ + member_interfaces: MemberInterfaces + """ + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). """ ip_address: str | None """Node IPv4 address/Mask or 'dhcp'.""" @@ -27863,11 +29839,11 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. """ encapsulation_dot1q_vlan: int | None """ @@ -27886,15 +29862,10 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Default value: `True` """ - speed: str | None - """ - Speed should be set in the format `` or `forced ` or `auto - `. - """ peer: str | None """The peer device name. Used for description and documentation.""" - peer_interface: str | None - """The peer device interface. Used for description and documentation.""" + peer_port_channel: str | None + """The peer device port-channel interface. Used for description and documentation.""" peer_ip: str | None """ The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true @@ -27925,8 +29896,8 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): """ Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). """ qos_profile: str | None """QOS service profile.""" @@ -27957,15 +29928,17 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Subclass of AvdModel. """ raw_eos_cli: str | None - """EOS CLI rendered directly on the interface in the final EOS configuration.""" + """EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. """ structured_config: StructuredConfig """ - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. """ @@ -27976,18 +29949,18 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): def __init__( self, *, - profile: str | None | UndefinedType = Undefined, name: str | UndefinedType = Undefined, description: str | None | UndefinedType = Undefined, + mode: Literal["active", "passive", "on"] | UndefinedType = Undefined, + member_interfaces: MemberInterfaces | UndefinedType = Undefined, ip_address: str | None | UndefinedType = Undefined, dhcp_ip: str | None | UndefinedType = Undefined, public_ip: str | None | UndefinedType = Undefined, encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, dhcp_accept_default_route: bool | UndefinedType = Undefined, enabled: bool | UndefinedType = Undefined, - speed: str | None | UndefinedType = Undefined, peer: str | None | UndefinedType = Undefined, - peer_interface: str | None | UndefinedType = Undefined, + peer_port_channel: str | None | UndefinedType = Undefined, peer_ip: str | None | UndefinedType = Undefined, bgp: Bgp | UndefinedType = Undefined, ipv4_acl_in: str | None | UndefinedType = Undefined, @@ -28004,21 +29977,29 @@ def __init__( _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - L3InterfacesItem. + L3PortChannelsItem. Subclass of AvdModel. Args: - profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. name: - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. description: Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + mode: + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + member_interfaces: + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). ip_address: Node IPv4 address/Mask or 'dhcp'. dhcp_ip: When the `ip_address` is `dhcp`, this optional field allows to indicate the expected @@ -28037,21 +30018,18 @@ def __init__( with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. encapsulation_dot1q_vlan: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. enabled: Enable or Shutdown the interface. - speed: - Speed should be set in the format `` or `forced ` or `auto - `. peer: The peer device name. Used for description and documentation. - peer_interface: The peer device interface. Used for description and documentation. + peer_port_channel: The peer device port-channel interface. Used for description and documentation. peer_ip: The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. @@ -28073,8 +30051,8 @@ def __init__( static_routes: Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). qos_profile: QOS service profile. wan_carrier: The WAN carrier this interface is connected to. @@ -28091,24 +30069,26 @@ def __init__( PREVIEW: This key is in preview mode Subclass of AvdModel. - raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. structured_config: - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): - """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + class L3PortChannels(AvdIndexedList[str, L3PortChannelsItem]): + """Subclass of AvdIndexedList with `L3PortChannelsItem` items. Primary key is `name` (`str`).""" _primary_key: ClassVar[str] = "name" - L3Interfaces._item_type = L3InterfacesItem + L3PortChannels._item_type = L3PortChannelsItem _fields: ClassVar[dict] = { "group": {"type": str}, @@ -28216,6 +30196,7 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): "wan_ha": {"type": WanHa}, "dps_mss_ipv4": {"type": str, "default": "auto"}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "data_plane_cpu_allocation_max": {"type": int}, "flow_tracker_type": {"type": str}, "_custom_data": {"type": dict}, @@ -28985,11 +30966,16 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): l3_interfaces: L3Interfaces """ L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + """ + l3_port_channels: L3PortChannels + """ + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). """ data_plane_cpu_allocation_max: int | None """ @@ -29116,6 +31102,7 @@ def __init__( wan_ha: WanHa | UndefinedType = Undefined, dps_mss_ipv4: str | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, data_plane_cpu_allocation_max: int | None | UndefinedType = Undefined, flow_tracker_type: Literal["sampled", "hardware"] | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -29660,11 +31647,14 @@ def __init__( dps_mss_ipv4: IPv4 MSS value configured under "router path-selection" on WAN Devices. l3_interfaces: L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + l3_port_channels: + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). data_plane_cpu_allocation_max: Set the maximum number of CPU used for the data plane. This setting is useful on virtual Route @@ -30968,70 +32958,510 @@ def __init__( """ _fields: ClassVar[dict] = { - "enabled": {"type": bool}, - "ipsec": {"type": bool, "default": True}, - "mtu": {"type": int, "default": 9194}, - "ha_interfaces": {"type": HaInterfaces}, - "ha_ipv4_pool": {"type": str}, - "max_ha_interfaces": {"type": int}, - "port_channel_id": {"type": int}, - "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "enabled": {"type": bool}, + "ipsec": {"type": bool, "default": True}, + "mtu": {"type": int, "default": 9194}, + "ha_interfaces": {"type": HaInterfaces}, + "ha_ipv4_pool": {"type": str}, + "max_ha_interfaces": {"type": int}, + "port_channel_id": {"type": int}, + "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "flow_tracking": {"type": FlowTracking}, + "_custom_data": {"type": dict}, + } + enabled: bool | None + """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" + ipsec: bool + """ + Enable / Disable IPsec over HA path-group when HA is enabled. + + Default value: `True` + """ + mtu: int + """ + Set MTU on WAN HA interfaces. + + Default value: `9194` + """ + ha_interfaces: HaInterfaces + """ + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + """ + ha_ipv4_pool: str | None + """ + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + """ + max_ha_interfaces: int | None + """ + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + """ + port_channel_id: int | None + """Port-channel ID to use for direct HA.""" + use_port_channel_for_direct_ha: bool + """ + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + + Default value: `True` + """ + flow_tracking: FlowTracking + """ + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + ipsec: bool | UndefinedType = Undefined, + mtu: int | UndefinedType = Undefined, + ha_interfaces: HaInterfaces | UndefinedType = Undefined, + ha_ipv4_pool: str | None | UndefinedType = Undefined, + max_ha_interfaces: int | None | UndefinedType = Undefined, + port_channel_id: int | None | UndefinedType = Undefined, + use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + flow_tracking: FlowTracking | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + WanHa. + + + Subclass of AvdModel. + + Args: + enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. + mtu: Set MTU on WAN HA interfaces. + ha_interfaces: + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + ha_ipv4_pool: + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + max_ha_interfaces: + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + port_channel_id: Port-channel ID to use for direct HA. + use_port_channel_for_direct_ha: + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + flow_tracking: + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class L3InterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class Bgp(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "peer_as": {"type": str}, + "ipv4_prefix_list_in": {"type": str}, + "ipv4_prefix_list_out": {"type": str}, + "_custom_data": {"type": dict}, + } + peer_as: str + """ + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + """ + ipv4_prefix_list_in: str | None + """ + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + """ + ipv4_prefix_list_out: str | None + """ + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + peer_as: str | UndefinedType = Undefined, + ipv4_prefix_list_in: str | None | UndefinedType = Undefined, + ipv4_prefix_list_out: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + Bgp. + + + Subclass of AvdModel. + + Args: + peer_as: + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + ipv4_prefix_list_in: + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + _custom_data: _custom_data + + """ + + class StaticRoutesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"prefix": {"type": str}, "_custom_data": {"type": dict}} + prefix: str + """IPv4_network/Mask.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, prefix: str | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + StaticRoutesItem. + + + Subclass of AvdModel. + + Args: + prefix: IPv4_network/Mask. + _custom_data: _custom_data + + """ + + class StaticRoutes(AvdList[StaticRoutesItem]): + """Subclass of AvdList with `StaticRoutesItem` items.""" + + StaticRoutes._item_type = StaticRoutesItem + + class CvPathfinderInternetExit(AvdModel): + """Subclass of AvdModel.""" + + class PoliciesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"name": {"type": str}, "tunnel_interface_numbers": {"type": str}, "_custom_data": {"type": dict}} + name: str + """Internet-exit policy name.""" + tunnel_interface_numbers: str | None + """ + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + tunnel_interface_numbers: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + PoliciesItem. + + + Subclass of AvdModel. + + Args: + name: Internet-exit policy name. + tunnel_interface_numbers: + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + _custom_data: _custom_data + + """ + + class Policies(AvdIndexedList[str, PoliciesItem]): + """Subclass of AvdIndexedList with `PoliciesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + Policies._item_type = PoliciesItem + + _fields: ClassVar[dict] = {"policies": {"type": Policies}, "_custom_data": {"type": dict}} + policies: Policies + """ + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, policies: Policies | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + CvPathfinderInternetExit. + + + Subclass of AvdModel. + + Args: + policies: + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + _custom_data: _custom_data + + """ + + class FlowTracking(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"enabled": {"type": bool}, "name": {"type": str}, "_custom_data": {"type": dict}} + enabled: bool | None + name: str | None + """Flow tracker name as defined in flow_tracking_settings.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + name: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + FlowTracking. + + + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "profile": {"type": str}, + "name": {"type": str}, + "description": {"type": str}, + "ip_address": {"type": str}, + "dhcp_ip": {"type": str}, + "public_ip": {"type": str}, + "encapsulation_dot1q_vlan": {"type": int}, + "dhcp_accept_default_route": {"type": bool, "default": True}, + "enabled": {"type": bool, "default": True}, + "speed": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "peer_ip": {"type": str}, + "bgp": {"type": Bgp}, + "ipv4_acl_in": {"type": str}, + "ipv4_acl_out": {"type": str}, + "static_routes": {"type": StaticRoutes}, + "qos_profile": {"type": str}, + "wan_carrier": {"type": str}, + "wan_circuit_id": {"type": str}, + "connected_to_pathfinder": {"type": bool, "default": True}, + "cv_pathfinder_internet_exit": {"type": CvPathfinderInternetExit}, + "raw_eos_cli": {"type": str}, "flow_tracking": {"type": FlowTracking}, + "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - enabled: bool | None - """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" - ipsec: bool + profile: str | None + """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" + name: str """ - Enable / Disable IPsec over HA path-group when HA is enabled. + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + """ + description: str | None + """ + Interface description. + If not set a default description will be configured with '[[ + ]]'. + """ + ip_address: str | None + """Node IPv4 address/Mask or 'dhcp'.""" + dhcp_ip: str | None + """ + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + """ + public_ip: str | None + """ + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + """ + encapsulation_dot1q_vlan: int | None + """ + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + """ + dhcp_accept_default_route: bool + """ + Accept a default route from DHCP if `ip_address` is set to `dhcp`. Default value: `True` """ - mtu: int + enabled: bool """ - Set MTU on WAN HA interfaces. + Enable or Shutdown the interface. - Default value: `9194` + Default value: `True` """ - ha_interfaces: HaInterfaces + speed: str | None """ - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + Speed should be set in the format `` or `forced ` or `auto + `. + """ + peer: str | None + """The peer device name. Used for description and documentation.""" + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + peer_ip: str | None + """ + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + """ + bgp: Bgp + """ + Enforce IPv4 BGP peering for the peer - Subclass of AvdList with `str` items. + Subclass of AvdModel. """ - ha_ipv4_pool: str | None + ipv4_acl_in: str | None """ - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. """ - max_ha_interfaces: int | None + ipv4_acl_out: str | None """ - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". """ - port_channel_id: int | None - """Port-channel ID to use for direct HA.""" - use_port_channel_for_direct_ha: bool + static_routes: StaticRoutes """ - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + """ + qos_profile: str | None + """QOS service profile.""" + wan_carrier: str | None + """ + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + """ + wan_circuit_id: str | None + """ + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + """ + connected_to_pathfinder: bool + """ + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. Default value: `True` """ + cv_pathfinder_internet_exit: CvPathfinderInternetExit + """ + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + """ + raw_eos_cli: str | None + """EOS CLI rendered directly on the interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + """ + structured_config: StructuredConfig + """ + Custom structured config for the Ethernet interface. Subclass of AvdModel. """ @@ -31042,63 +33472,240 @@ def __init__( def __init__( self, *, - enabled: bool | None | UndefinedType = Undefined, - ipsec: bool | UndefinedType = Undefined, - mtu: int | UndefinedType = Undefined, - ha_interfaces: HaInterfaces | UndefinedType = Undefined, - ha_ipv4_pool: str | None | UndefinedType = Undefined, - max_ha_interfaces: int | None | UndefinedType = Undefined, - port_channel_id: int | None | UndefinedType = Undefined, - use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + profile: str | None | UndefinedType = Undefined, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + ip_address: str | None | UndefinedType = Undefined, + dhcp_ip: str | None | UndefinedType = Undefined, + public_ip: str | None | UndefinedType = Undefined, + encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, + dhcp_accept_default_route: bool | UndefinedType = Undefined, + enabled: bool | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + peer_ip: str | None | UndefinedType = Undefined, + bgp: Bgp | UndefinedType = Undefined, + ipv4_acl_in: str | None | UndefinedType = Undefined, + ipv4_acl_out: str | None | UndefinedType = Undefined, + static_routes: StaticRoutes | UndefinedType = Undefined, + qos_profile: str | None | UndefinedType = Undefined, + wan_carrier: str | None | UndefinedType = Undefined, + wan_circuit_id: str | None | UndefinedType = Undefined, + connected_to_pathfinder: bool | UndefinedType = Undefined, + cv_pathfinder_internet_exit: CvPathfinderInternetExit | UndefinedType = Undefined, + raw_eos_cli: str | None | UndefinedType = Undefined, flow_tracking: FlowTracking | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - WanHa. + L3InterfacesItem. Subclass of AvdModel. Args: - enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. - ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. - mtu: Set MTU on WAN HA interfaces. - ha_interfaces: - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. + name: + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + description: + Interface description. + If not set a default description will be configured with '[[ + ]]'. + ip_address: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + public_ip: + Node IPv4 address (no mask). - Subclass of AvdList with `str` items. - ha_ipv4_pool: - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. - max_ha_interfaces: - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. - port_channel_id: Port-channel ID to use for direct HA. - use_port_channel_for_direct_ha: - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: Enable or Shutdown the interface. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + peer: The peer device name. Used for description and documentation. + peer_interface: The peer device interface. Used for description and documentation. + peer_ip: + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + bgp: + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + ipv4_acl_in: + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + ipv4_acl_out: + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + static_routes: + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + qos_profile: QOS service profile. + wan_carrier: + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + connected_to_pathfinder: For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + structured_config: + Custom structured config for the Ethernet interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3InterfacesItem(AvdModel): + class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): + """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + L3Interfaces._item_type = L3InterfacesItem + + class L3PortChannelsItem(AvdModel): """Subclass of AvdModel.""" + class MemberInterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "speed": {"type": str}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + """ + description: str | None + """ + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + """ + peer: str | None + """ + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + """ + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + speed: str | None + """ + Speed should be set in the format `` or `forced ` or `auto + `. + """ + structured_config: StructuredConfig + """ + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + MemberInterfacesItem. + + + Subclass of AvdModel. + + Args: + name: + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + description: + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + peer: + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + peer_interface: The peer device interface. Used for description and documentation. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + structured_config: + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class MemberInterfaces(AvdIndexedList[str, MemberInterfacesItem]): + """Subclass of AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + MemberInterfaces._item_type = MemberInterfacesItem + class Bgp(AvdModel): """Subclass of AvdModel.""" @@ -31186,8 +33793,10 @@ def __init__( """ - class StaticRoutes(AvdList[StaticRoutesItem]): - """Subclass of AvdList with `StaticRoutesItem` items.""" + class StaticRoutes(AvdIndexedList[str, StaticRoutesItem]): + """Subclass of AvdIndexedList with `StaticRoutesItem` items. Primary key is `prefix` (`str`).""" + + _primary_key: ClassVar[str] = "prefix" StaticRoutes._item_type = StaticRoutesItem @@ -31302,22 +33911,22 @@ def __init__( """ - class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + class StructuredConfig(EosCliConfigGen.PortChannelInterfacesItem): """Subclass of AvdModel.""" _fields: ClassVar[dict] = { - "profile": {"type": str}, "name": {"type": str}, "description": {"type": str}, + "mode": {"type": str, "default": "active"}, + "member_interfaces": {"type": MemberInterfaces}, "ip_address": {"type": str}, "dhcp_ip": {"type": str}, "public_ip": {"type": str}, "encapsulation_dot1q_vlan": {"type": int}, "dhcp_accept_default_route": {"type": bool, "default": True}, "enabled": {"type": bool, "default": True}, - "speed": {"type": str}, "peer": {"type": str}, - "peer_interface": {"type": str}, + "peer_port_channel": {"type": str}, "peer_ip": {"type": str}, "bgp": {"type": Bgp}, "ipv4_acl_in": {"type": str}, @@ -31333,19 +33942,32 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - profile: str | None - """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" name: str """ - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. """ description: str | None """ Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + """ + mode: Literal["active", "passive", "on"] + """ + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + + Default value: `"active"` + """ + member_interfaces: MemberInterfaces + """ + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). """ ip_address: str | None """Node IPv4 address/Mask or 'dhcp'.""" @@ -31369,11 +33991,11 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. """ encapsulation_dot1q_vlan: int | None """ @@ -31392,15 +34014,10 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Default value: `True` """ - speed: str | None - """ - Speed should be set in the format `` or `forced ` or `auto - `. - """ peer: str | None """The peer device name. Used for description and documentation.""" - peer_interface: str | None - """The peer device interface. Used for description and documentation.""" + peer_port_channel: str | None + """The peer device port-channel interface. Used for description and documentation.""" peer_ip: str | None """ The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true @@ -31431,8 +34048,8 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): """ Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). """ qos_profile: str | None """QOS service profile.""" @@ -31463,15 +34080,17 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Subclass of AvdModel. """ raw_eos_cli: str | None - """EOS CLI rendered directly on the interface in the final EOS configuration.""" + """EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. """ structured_config: StructuredConfig """ - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. """ @@ -31482,18 +34101,18 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): def __init__( self, *, - profile: str | None | UndefinedType = Undefined, name: str | UndefinedType = Undefined, description: str | None | UndefinedType = Undefined, + mode: Literal["active", "passive", "on"] | UndefinedType = Undefined, + member_interfaces: MemberInterfaces | UndefinedType = Undefined, ip_address: str | None | UndefinedType = Undefined, dhcp_ip: str | None | UndefinedType = Undefined, public_ip: str | None | UndefinedType = Undefined, encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, dhcp_accept_default_route: bool | UndefinedType = Undefined, enabled: bool | UndefinedType = Undefined, - speed: str | None | UndefinedType = Undefined, peer: str | None | UndefinedType = Undefined, - peer_interface: str | None | UndefinedType = Undefined, + peer_port_channel: str | None | UndefinedType = Undefined, peer_ip: str | None | UndefinedType = Undefined, bgp: Bgp | UndefinedType = Undefined, ipv4_acl_in: str | None | UndefinedType = Undefined, @@ -31510,21 +34129,29 @@ def __init__( _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - L3InterfacesItem. + L3PortChannelsItem. Subclass of AvdModel. Args: - profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. name: - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. description: Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + mode: + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + member_interfaces: + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). ip_address: Node IPv4 address/Mask or 'dhcp'. dhcp_ip: When the `ip_address` is `dhcp`, this optional field allows to indicate the expected @@ -31543,21 +34170,18 @@ def __init__( with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. encapsulation_dot1q_vlan: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. enabled: Enable or Shutdown the interface. - speed: - Speed should be set in the format `` or `forced ` or `auto - `. peer: The peer device name. Used for description and documentation. - peer_interface: The peer device interface. Used for description and documentation. + peer_port_channel: The peer device port-channel interface. Used for description and documentation. peer_ip: The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. @@ -31579,8 +34203,8 @@ def __init__( static_routes: Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). qos_profile: QOS service profile. wan_carrier: The WAN carrier this interface is connected to. @@ -31597,24 +34221,26 @@ def __init__( PREVIEW: This key is in preview mode Subclass of AvdModel. - raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. structured_config: - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): - """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + class L3PortChannels(AvdIndexedList[str, L3PortChannelsItem]): + """Subclass of AvdIndexedList with `L3PortChannelsItem` items. Primary key is `name` (`str`).""" _primary_key: ClassVar[str] = "name" - L3Interfaces._item_type = L3InterfacesItem + L3PortChannels._item_type = L3PortChannelsItem _fields: ClassVar[dict] = { "name": {"type": str}, @@ -31722,6 +34348,7 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): "wan_ha": {"type": WanHa}, "dps_mss_ipv4": {"type": str, "default": "auto"}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "data_plane_cpu_allocation_max": {"type": int}, "flow_tracker_type": {"type": str}, "_custom_data": {"type": dict}, @@ -32488,11 +35115,16 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): l3_interfaces: L3Interfaces """ L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + """ + l3_port_channels: L3PortChannels + """ + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). """ data_plane_cpu_allocation_max: int | None """ @@ -32619,6 +35251,7 @@ def __init__( wan_ha: WanHa | UndefinedType = Undefined, dps_mss_ipv4: str | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, data_plane_cpu_allocation_max: int | None | UndefinedType = Undefined, flow_tracker_type: Literal["sampled", "hardware"] | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -33161,11 +35794,14 @@ def __init__( dps_mss_ipv4: IPv4 MSS value configured under "router path-selection" on WAN Devices. l3_interfaces: L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + l3_port_channels: + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). data_plane_cpu_allocation_max: Set the maximum number of CPU used for the data plane. This setting is useful on virtual Route @@ -41213,70 +43849,510 @@ def __init__( """ _fields: ClassVar[dict] = { - "enabled": {"type": bool}, - "ipsec": {"type": bool, "default": True}, - "mtu": {"type": int, "default": 9194}, - "ha_interfaces": {"type": HaInterfaces}, - "ha_ipv4_pool": {"type": str}, - "max_ha_interfaces": {"type": int}, - "port_channel_id": {"type": int}, - "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "enabled": {"type": bool}, + "ipsec": {"type": bool, "default": True}, + "mtu": {"type": int, "default": 9194}, + "ha_interfaces": {"type": HaInterfaces}, + "ha_ipv4_pool": {"type": str}, + "max_ha_interfaces": {"type": int}, + "port_channel_id": {"type": int}, + "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "flow_tracking": {"type": FlowTracking}, + "_custom_data": {"type": dict}, + } + enabled: bool | None + """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" + ipsec: bool + """ + Enable / Disable IPsec over HA path-group when HA is enabled. + + Default value: `True` + """ + mtu: int + """ + Set MTU on WAN HA interfaces. + + Default value: `9194` + """ + ha_interfaces: HaInterfaces + """ + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + """ + ha_ipv4_pool: str | None + """ + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + """ + max_ha_interfaces: int | None + """ + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + """ + port_channel_id: int | None + """Port-channel ID to use for direct HA.""" + use_port_channel_for_direct_ha: bool + """ + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + + Default value: `True` + """ + flow_tracking: FlowTracking + """ + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + ipsec: bool | UndefinedType = Undefined, + mtu: int | UndefinedType = Undefined, + ha_interfaces: HaInterfaces | UndefinedType = Undefined, + ha_ipv4_pool: str | None | UndefinedType = Undefined, + max_ha_interfaces: int | None | UndefinedType = Undefined, + port_channel_id: int | None | UndefinedType = Undefined, + use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + flow_tracking: FlowTracking | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + WanHa. + + + Subclass of AvdModel. + + Args: + enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. + mtu: Set MTU on WAN HA interfaces. + ha_interfaces: + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + ha_ipv4_pool: + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + max_ha_interfaces: + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + port_channel_id: Port-channel ID to use for direct HA. + use_port_channel_for_direct_ha: + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + flow_tracking: + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class L3InterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class Bgp(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "peer_as": {"type": str}, + "ipv4_prefix_list_in": {"type": str}, + "ipv4_prefix_list_out": {"type": str}, + "_custom_data": {"type": dict}, + } + peer_as: str + """ + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + """ + ipv4_prefix_list_in: str | None + """ + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + """ + ipv4_prefix_list_out: str | None + """ + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + peer_as: str | UndefinedType = Undefined, + ipv4_prefix_list_in: str | None | UndefinedType = Undefined, + ipv4_prefix_list_out: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + Bgp. + + + Subclass of AvdModel. + + Args: + peer_as: + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + ipv4_prefix_list_in: + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + _custom_data: _custom_data + + """ + + class StaticRoutesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"prefix": {"type": str}, "_custom_data": {"type": dict}} + prefix: str + """IPv4_network/Mask.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, prefix: str | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + StaticRoutesItem. + + + Subclass of AvdModel. + + Args: + prefix: IPv4_network/Mask. + _custom_data: _custom_data + + """ + + class StaticRoutes(AvdList[StaticRoutesItem]): + """Subclass of AvdList with `StaticRoutesItem` items.""" + + StaticRoutes._item_type = StaticRoutesItem + + class CvPathfinderInternetExit(AvdModel): + """Subclass of AvdModel.""" + + class PoliciesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"name": {"type": str}, "tunnel_interface_numbers": {"type": str}, "_custom_data": {"type": dict}} + name: str + """Internet-exit policy name.""" + tunnel_interface_numbers: str | None + """ + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + tunnel_interface_numbers: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + PoliciesItem. + + + Subclass of AvdModel. + + Args: + name: Internet-exit policy name. + tunnel_interface_numbers: + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + _custom_data: _custom_data + + """ + + class Policies(AvdIndexedList[str, PoliciesItem]): + """Subclass of AvdIndexedList with `PoliciesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + Policies._item_type = PoliciesItem + + _fields: ClassVar[dict] = {"policies": {"type": Policies}, "_custom_data": {"type": dict}} + policies: Policies + """ + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, policies: Policies | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + CvPathfinderInternetExit. + + + Subclass of AvdModel. + + Args: + policies: + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + _custom_data: _custom_data + + """ + + class FlowTracking(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"enabled": {"type": bool}, "name": {"type": str}, "_custom_data": {"type": dict}} + enabled: bool | None + name: str | None + """Flow tracker name as defined in flow_tracking_settings.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + name: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + FlowTracking. + + + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "profile": {"type": str}, + "name": {"type": str}, + "description": {"type": str}, + "ip_address": {"type": str}, + "dhcp_ip": {"type": str}, + "public_ip": {"type": str}, + "encapsulation_dot1q_vlan": {"type": int}, + "dhcp_accept_default_route": {"type": bool, "default": True}, + "enabled": {"type": bool, "default": True}, + "speed": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "peer_ip": {"type": str}, + "bgp": {"type": Bgp}, + "ipv4_acl_in": {"type": str}, + "ipv4_acl_out": {"type": str}, + "static_routes": {"type": StaticRoutes}, + "qos_profile": {"type": str}, + "wan_carrier": {"type": str}, + "wan_circuit_id": {"type": str}, + "connected_to_pathfinder": {"type": bool, "default": True}, + "cv_pathfinder_internet_exit": {"type": CvPathfinderInternetExit}, + "raw_eos_cli": {"type": str}, "flow_tracking": {"type": FlowTracking}, + "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - enabled: bool | None - """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" - ipsec: bool + profile: str | None + """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" + name: str """ - Enable / Disable IPsec over HA path-group when HA is enabled. + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + """ + description: str | None + """ + Interface description. + If not set a default description will be configured with '[[ + ]]'. + """ + ip_address: str | None + """Node IPv4 address/Mask or 'dhcp'.""" + dhcp_ip: str | None + """ + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + """ + public_ip: str | None + """ + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + """ + encapsulation_dot1q_vlan: int | None + """ + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + """ + dhcp_accept_default_route: bool + """ + Accept a default route from DHCP if `ip_address` is set to `dhcp`. Default value: `True` """ - mtu: int + enabled: bool """ - Set MTU on WAN HA interfaces. + Enable or Shutdown the interface. - Default value: `9194` + Default value: `True` """ - ha_interfaces: HaInterfaces + speed: str | None """ - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + Speed should be set in the format `` or `forced ` or `auto + `. + """ + peer: str | None + """The peer device name. Used for description and documentation.""" + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + peer_ip: str | None + """ + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + """ + bgp: Bgp + """ + Enforce IPv4 BGP peering for the peer - Subclass of AvdList with `str` items. + Subclass of AvdModel. """ - ha_ipv4_pool: str | None + ipv4_acl_in: str | None """ - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. """ - max_ha_interfaces: int | None + ipv4_acl_out: str | None """ - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". """ - port_channel_id: int | None - """Port-channel ID to use for direct HA.""" - use_port_channel_for_direct_ha: bool + static_routes: StaticRoutes """ - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + """ + qos_profile: str | None + """QOS service profile.""" + wan_carrier: str | None + """ + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + """ + wan_circuit_id: str | None + """ + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + """ + connected_to_pathfinder: bool + """ + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. Default value: `True` """ + cv_pathfinder_internet_exit: CvPathfinderInternetExit + """ + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + """ + raw_eos_cli: str | None + """EOS CLI rendered directly on the interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + """ + structured_config: StructuredConfig + """ + Custom structured config for the Ethernet interface. Subclass of AvdModel. """ @@ -41287,63 +44363,240 @@ def __init__( def __init__( self, *, - enabled: bool | None | UndefinedType = Undefined, - ipsec: bool | UndefinedType = Undefined, - mtu: int | UndefinedType = Undefined, - ha_interfaces: HaInterfaces | UndefinedType = Undefined, - ha_ipv4_pool: str | None | UndefinedType = Undefined, - max_ha_interfaces: int | None | UndefinedType = Undefined, - port_channel_id: int | None | UndefinedType = Undefined, - use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + profile: str | None | UndefinedType = Undefined, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + ip_address: str | None | UndefinedType = Undefined, + dhcp_ip: str | None | UndefinedType = Undefined, + public_ip: str | None | UndefinedType = Undefined, + encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, + dhcp_accept_default_route: bool | UndefinedType = Undefined, + enabled: bool | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + peer_ip: str | None | UndefinedType = Undefined, + bgp: Bgp | UndefinedType = Undefined, + ipv4_acl_in: str | None | UndefinedType = Undefined, + ipv4_acl_out: str | None | UndefinedType = Undefined, + static_routes: StaticRoutes | UndefinedType = Undefined, + qos_profile: str | None | UndefinedType = Undefined, + wan_carrier: str | None | UndefinedType = Undefined, + wan_circuit_id: str | None | UndefinedType = Undefined, + connected_to_pathfinder: bool | UndefinedType = Undefined, + cv_pathfinder_internet_exit: CvPathfinderInternetExit | UndefinedType = Undefined, + raw_eos_cli: str | None | UndefinedType = Undefined, flow_tracking: FlowTracking | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - WanHa. + L3InterfacesItem. Subclass of AvdModel. Args: - enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. - ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. - mtu: Set MTU on WAN HA interfaces. - ha_interfaces: - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. + name: + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + description: + Interface description. + If not set a default description will be configured with '[[ + ]]'. + ip_address: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + public_ip: + Node IPv4 address (no mask). - Subclass of AvdList with `str` items. - ha_ipv4_pool: - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. - max_ha_interfaces: - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. - port_channel_id: Port-channel ID to use for direct HA. - use_port_channel_for_direct_ha: - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: Enable or Shutdown the interface. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + peer: The peer device name. Used for description and documentation. + peer_interface: The peer device interface. Used for description and documentation. + peer_ip: + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + bgp: + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + ipv4_acl_in: + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + ipv4_acl_out: + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + static_routes: + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + qos_profile: QOS service profile. + wan_carrier: + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + connected_to_pathfinder: For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + structured_config: + Custom structured config for the Ethernet interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3InterfacesItem(AvdModel): + class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): + """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + L3Interfaces._item_type = L3InterfacesItem + + class L3PortChannelsItem(AvdModel): """Subclass of AvdModel.""" + class MemberInterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "speed": {"type": str}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + """ + description: str | None + """ + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + """ + peer: str | None + """ + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + """ + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + speed: str | None + """ + Speed should be set in the format `` or `forced ` or `auto + `. + """ + structured_config: StructuredConfig + """ + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + MemberInterfacesItem. + + + Subclass of AvdModel. + + Args: + name: + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + description: + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + peer: + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + peer_interface: The peer device interface. Used for description and documentation. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + structured_config: + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class MemberInterfaces(AvdIndexedList[str, MemberInterfacesItem]): + """Subclass of AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + MemberInterfaces._item_type = MemberInterfacesItem + class Bgp(AvdModel): """Subclass of AvdModel.""" @@ -41431,8 +44684,10 @@ def __init__( """ - class StaticRoutes(AvdList[StaticRoutesItem]): - """Subclass of AvdList with `StaticRoutesItem` items.""" + class StaticRoutes(AvdIndexedList[str, StaticRoutesItem]): + """Subclass of AvdIndexedList with `StaticRoutesItem` items. Primary key is `prefix` (`str`).""" + + _primary_key: ClassVar[str] = "prefix" StaticRoutes._item_type = StaticRoutesItem @@ -41547,22 +44802,22 @@ def __init__( """ - class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + class StructuredConfig(EosCliConfigGen.PortChannelInterfacesItem): """Subclass of AvdModel.""" _fields: ClassVar[dict] = { - "profile": {"type": str}, "name": {"type": str}, "description": {"type": str}, + "mode": {"type": str, "default": "active"}, + "member_interfaces": {"type": MemberInterfaces}, "ip_address": {"type": str}, "dhcp_ip": {"type": str}, "public_ip": {"type": str}, "encapsulation_dot1q_vlan": {"type": int}, "dhcp_accept_default_route": {"type": bool, "default": True}, "enabled": {"type": bool, "default": True}, - "speed": {"type": str}, "peer": {"type": str}, - "peer_interface": {"type": str}, + "peer_port_channel": {"type": str}, "peer_ip": {"type": str}, "bgp": {"type": Bgp}, "ipv4_acl_in": {"type": str}, @@ -41578,19 +44833,32 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - profile: str | None - """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" name: str """ - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. """ description: str | None """ Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + """ + mode: Literal["active", "passive", "on"] + """ + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + + Default value: `"active"` + """ + member_interfaces: MemberInterfaces + """ + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). """ ip_address: str | None """Node IPv4 address/Mask or 'dhcp'.""" @@ -41614,11 +44882,11 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. """ encapsulation_dot1q_vlan: int | None """ @@ -41637,15 +44905,10 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Default value: `True` """ - speed: str | None - """ - Speed should be set in the format `` or `forced ` or `auto - `. - """ peer: str | None """The peer device name. Used for description and documentation.""" - peer_interface: str | None - """The peer device interface. Used for description and documentation.""" + peer_port_channel: str | None + """The peer device port-channel interface. Used for description and documentation.""" peer_ip: str | None """ The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true @@ -41676,8 +44939,8 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): """ Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). """ qos_profile: str | None """QOS service profile.""" @@ -41708,15 +44971,17 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Subclass of AvdModel. """ raw_eos_cli: str | None - """EOS CLI rendered directly on the interface in the final EOS configuration.""" + """EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. """ structured_config: StructuredConfig """ - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. """ @@ -41727,18 +44992,18 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): def __init__( self, *, - profile: str | None | UndefinedType = Undefined, name: str | UndefinedType = Undefined, description: str | None | UndefinedType = Undefined, + mode: Literal["active", "passive", "on"] | UndefinedType = Undefined, + member_interfaces: MemberInterfaces | UndefinedType = Undefined, ip_address: str | None | UndefinedType = Undefined, dhcp_ip: str | None | UndefinedType = Undefined, public_ip: str | None | UndefinedType = Undefined, encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, dhcp_accept_default_route: bool | UndefinedType = Undefined, enabled: bool | UndefinedType = Undefined, - speed: str | None | UndefinedType = Undefined, peer: str | None | UndefinedType = Undefined, - peer_interface: str | None | UndefinedType = Undefined, + peer_port_channel: str | None | UndefinedType = Undefined, peer_ip: str | None | UndefinedType = Undefined, bgp: Bgp | UndefinedType = Undefined, ipv4_acl_in: str | None | UndefinedType = Undefined, @@ -41755,21 +45020,29 @@ def __init__( _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - L3InterfacesItem. + L3PortChannelsItem. Subclass of AvdModel. Args: - profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. name: - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. description: Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + mode: + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + member_interfaces: + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). ip_address: Node IPv4 address/Mask or 'dhcp'. dhcp_ip: When the `ip_address` is `dhcp`, this optional field allows to indicate the expected @@ -41788,21 +45061,18 @@ def __init__( with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. encapsulation_dot1q_vlan: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. enabled: Enable or Shutdown the interface. - speed: - Speed should be set in the format `` or `forced ` or `auto - `. peer: The peer device name. Used for description and documentation. - peer_interface: The peer device interface. Used for description and documentation. + peer_port_channel: The peer device port-channel interface. Used for description and documentation. peer_ip: The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. @@ -41824,8 +45094,8 @@ def __init__( static_routes: Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). qos_profile: QOS service profile. wan_carrier: The WAN carrier this interface is connected to. @@ -41842,24 +45112,26 @@ def __init__( PREVIEW: This key is in preview mode Subclass of AvdModel. - raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. structured_config: - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): - """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + class L3PortChannels(AvdIndexedList[str, L3PortChannelsItem]): + """Subclass of AvdIndexedList with `L3PortChannelsItem` items. Primary key is `name` (`str`).""" _primary_key: ClassVar[str] = "name" - L3Interfaces._item_type = L3InterfacesItem + L3PortChannels._item_type = L3PortChannelsItem _fields: ClassVar[dict] = { "id": {"type": int}, @@ -41965,6 +45237,7 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): "wan_ha": {"type": WanHa}, "dps_mss_ipv4": {"type": str, "default": "auto"}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "data_plane_cpu_allocation_max": {"type": int}, "flow_tracker_type": {"type": str}, "_custom_data": {"type": dict}, @@ -42721,11 +45994,16 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): l3_interfaces: L3Interfaces """ L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + """ + l3_port_channels: L3PortChannels + """ + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). """ data_plane_cpu_allocation_max: int | None """ @@ -42850,6 +46128,7 @@ def __init__( wan_ha: WanHa | UndefinedType = Undefined, dps_mss_ipv4: str | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, data_plane_cpu_allocation_max: int | None | UndefinedType = Undefined, flow_tracker_type: Literal["sampled", "hardware"] | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -43385,11 +46664,14 @@ def __init__( dps_mss_ipv4: IPv4 MSS value configured under "router path-selection" on WAN Devices. l3_interfaces: L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + l3_port_channels: + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). data_plane_cpu_allocation_max: Set the maximum number of CPU used for the data plane. This setting is useful on virtual Route @@ -44691,70 +47973,510 @@ def __init__( """ _fields: ClassVar[dict] = { - "enabled": {"type": bool}, - "ipsec": {"type": bool, "default": True}, - "mtu": {"type": int, "default": 9194}, - "ha_interfaces": {"type": HaInterfaces}, - "ha_ipv4_pool": {"type": str}, - "max_ha_interfaces": {"type": int}, - "port_channel_id": {"type": int}, - "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "enabled": {"type": bool}, + "ipsec": {"type": bool, "default": True}, + "mtu": {"type": int, "default": 9194}, + "ha_interfaces": {"type": HaInterfaces}, + "ha_ipv4_pool": {"type": str}, + "max_ha_interfaces": {"type": int}, + "port_channel_id": {"type": int}, + "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "flow_tracking": {"type": FlowTracking}, + "_custom_data": {"type": dict}, + } + enabled: bool | None + """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" + ipsec: bool + """ + Enable / Disable IPsec over HA path-group when HA is enabled. + + Default value: `True` + """ + mtu: int + """ + Set MTU on WAN HA interfaces. + + Default value: `9194` + """ + ha_interfaces: HaInterfaces + """ + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + """ + ha_ipv4_pool: str | None + """ + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + """ + max_ha_interfaces: int | None + """ + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + """ + port_channel_id: int | None + """Port-channel ID to use for direct HA.""" + use_port_channel_for_direct_ha: bool + """ + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + + Default value: `True` + """ + flow_tracking: FlowTracking + """ + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + ipsec: bool | UndefinedType = Undefined, + mtu: int | UndefinedType = Undefined, + ha_interfaces: HaInterfaces | UndefinedType = Undefined, + ha_ipv4_pool: str | None | UndefinedType = Undefined, + max_ha_interfaces: int | None | UndefinedType = Undefined, + port_channel_id: int | None | UndefinedType = Undefined, + use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + flow_tracking: FlowTracking | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + WanHa. + + + Subclass of AvdModel. + + Args: + enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. + mtu: Set MTU on WAN HA interfaces. + ha_interfaces: + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + ha_ipv4_pool: + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + max_ha_interfaces: + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + port_channel_id: Port-channel ID to use for direct HA. + use_port_channel_for_direct_ha: + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + flow_tracking: + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class L3InterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class Bgp(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "peer_as": {"type": str}, + "ipv4_prefix_list_in": {"type": str}, + "ipv4_prefix_list_out": {"type": str}, + "_custom_data": {"type": dict}, + } + peer_as: str + """ + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + """ + ipv4_prefix_list_in: str | None + """ + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + """ + ipv4_prefix_list_out: str | None + """ + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + peer_as: str | UndefinedType = Undefined, + ipv4_prefix_list_in: str | None | UndefinedType = Undefined, + ipv4_prefix_list_out: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + Bgp. + + + Subclass of AvdModel. + + Args: + peer_as: + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + ipv4_prefix_list_in: + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + _custom_data: _custom_data + + """ + + class StaticRoutesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"prefix": {"type": str}, "_custom_data": {"type": dict}} + prefix: str + """IPv4_network/Mask.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, prefix: str | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + StaticRoutesItem. + + + Subclass of AvdModel. + + Args: + prefix: IPv4_network/Mask. + _custom_data: _custom_data + + """ + + class StaticRoutes(AvdList[StaticRoutesItem]): + """Subclass of AvdList with `StaticRoutesItem` items.""" + + StaticRoutes._item_type = StaticRoutesItem + + class CvPathfinderInternetExit(AvdModel): + """Subclass of AvdModel.""" + + class PoliciesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"name": {"type": str}, "tunnel_interface_numbers": {"type": str}, "_custom_data": {"type": dict}} + name: str + """Internet-exit policy name.""" + tunnel_interface_numbers: str | None + """ + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + tunnel_interface_numbers: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + PoliciesItem. + + + Subclass of AvdModel. + + Args: + name: Internet-exit policy name. + tunnel_interface_numbers: + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + _custom_data: _custom_data + + """ + + class Policies(AvdIndexedList[str, PoliciesItem]): + """Subclass of AvdIndexedList with `PoliciesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + Policies._item_type = PoliciesItem + + _fields: ClassVar[dict] = {"policies": {"type": Policies}, "_custom_data": {"type": dict}} + policies: Policies + """ + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, policies: Policies | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + CvPathfinderInternetExit. + + + Subclass of AvdModel. + + Args: + policies: + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + _custom_data: _custom_data + + """ + + class FlowTracking(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"enabled": {"type": bool}, "name": {"type": str}, "_custom_data": {"type": dict}} + enabled: bool | None + name: str | None + """Flow tracker name as defined in flow_tracking_settings.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + name: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + FlowTracking. + + + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "profile": {"type": str}, + "name": {"type": str}, + "description": {"type": str}, + "ip_address": {"type": str}, + "dhcp_ip": {"type": str}, + "public_ip": {"type": str}, + "encapsulation_dot1q_vlan": {"type": int}, + "dhcp_accept_default_route": {"type": bool, "default": True}, + "enabled": {"type": bool, "default": True}, + "speed": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "peer_ip": {"type": str}, + "bgp": {"type": Bgp}, + "ipv4_acl_in": {"type": str}, + "ipv4_acl_out": {"type": str}, + "static_routes": {"type": StaticRoutes}, + "qos_profile": {"type": str}, + "wan_carrier": {"type": str}, + "wan_circuit_id": {"type": str}, + "connected_to_pathfinder": {"type": bool, "default": True}, + "cv_pathfinder_internet_exit": {"type": CvPathfinderInternetExit}, + "raw_eos_cli": {"type": str}, "flow_tracking": {"type": FlowTracking}, + "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - enabled: bool | None - """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" - ipsec: bool + profile: str | None + """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" + name: str """ - Enable / Disable IPsec over HA path-group when HA is enabled. + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + """ + description: str | None + """ + Interface description. + If not set a default description will be configured with '[[ + ]]'. + """ + ip_address: str | None + """Node IPv4 address/Mask or 'dhcp'.""" + dhcp_ip: str | None + """ + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + """ + public_ip: str | None + """ + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + """ + encapsulation_dot1q_vlan: int | None + """ + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + """ + dhcp_accept_default_route: bool + """ + Accept a default route from DHCP if `ip_address` is set to `dhcp`. Default value: `True` """ - mtu: int + enabled: bool """ - Set MTU on WAN HA interfaces. + Enable or Shutdown the interface. - Default value: `9194` + Default value: `True` """ - ha_interfaces: HaInterfaces + speed: str | None """ - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + Speed should be set in the format `` or `forced ` or `auto + `. + """ + peer: str | None + """The peer device name. Used for description and documentation.""" + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + peer_ip: str | None + """ + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + """ + bgp: Bgp + """ + Enforce IPv4 BGP peering for the peer - Subclass of AvdList with `str` items. + Subclass of AvdModel. """ - ha_ipv4_pool: str | None + ipv4_acl_in: str | None """ - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. """ - max_ha_interfaces: int | None + ipv4_acl_out: str | None """ - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". """ - port_channel_id: int | None - """Port-channel ID to use for direct HA.""" - use_port_channel_for_direct_ha: bool + static_routes: StaticRoutes """ - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + """ + qos_profile: str | None + """QOS service profile.""" + wan_carrier: str | None + """ + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + """ + wan_circuit_id: str | None + """ + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + """ + connected_to_pathfinder: bool + """ + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. Default value: `True` """ + cv_pathfinder_internet_exit: CvPathfinderInternetExit + """ + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + """ + raw_eos_cli: str | None + """EOS CLI rendered directly on the interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + """ + structured_config: StructuredConfig + """ + Custom structured config for the Ethernet interface. Subclass of AvdModel. """ @@ -44765,63 +48487,240 @@ def __init__( def __init__( self, *, - enabled: bool | None | UndefinedType = Undefined, - ipsec: bool | UndefinedType = Undefined, - mtu: int | UndefinedType = Undefined, - ha_interfaces: HaInterfaces | UndefinedType = Undefined, - ha_ipv4_pool: str | None | UndefinedType = Undefined, - max_ha_interfaces: int | None | UndefinedType = Undefined, - port_channel_id: int | None | UndefinedType = Undefined, - use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + profile: str | None | UndefinedType = Undefined, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + ip_address: str | None | UndefinedType = Undefined, + dhcp_ip: str | None | UndefinedType = Undefined, + public_ip: str | None | UndefinedType = Undefined, + encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, + dhcp_accept_default_route: bool | UndefinedType = Undefined, + enabled: bool | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + peer_ip: str | None | UndefinedType = Undefined, + bgp: Bgp | UndefinedType = Undefined, + ipv4_acl_in: str | None | UndefinedType = Undefined, + ipv4_acl_out: str | None | UndefinedType = Undefined, + static_routes: StaticRoutes | UndefinedType = Undefined, + qos_profile: str | None | UndefinedType = Undefined, + wan_carrier: str | None | UndefinedType = Undefined, + wan_circuit_id: str | None | UndefinedType = Undefined, + connected_to_pathfinder: bool | UndefinedType = Undefined, + cv_pathfinder_internet_exit: CvPathfinderInternetExit | UndefinedType = Undefined, + raw_eos_cli: str | None | UndefinedType = Undefined, flow_tracking: FlowTracking | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - WanHa. + L3InterfacesItem. Subclass of AvdModel. Args: - enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. - ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. - mtu: Set MTU on WAN HA interfaces. - ha_interfaces: - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. + name: + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + description: + Interface description. + If not set a default description will be configured with '[[ + ]]'. + ip_address: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + public_ip: + Node IPv4 address (no mask). - Subclass of AvdList with `str` items. - ha_ipv4_pool: - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. - max_ha_interfaces: - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. - port_channel_id: Port-channel ID to use for direct HA. - use_port_channel_for_direct_ha: - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: Enable or Shutdown the interface. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + peer: The peer device name. Used for description and documentation. + peer_interface: The peer device interface. Used for description and documentation. + peer_ip: + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + bgp: + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + ipv4_acl_in: + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + ipv4_acl_out: + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + static_routes: + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + qos_profile: QOS service profile. + wan_carrier: + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + connected_to_pathfinder: For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + structured_config: + Custom structured config for the Ethernet interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3InterfacesItem(AvdModel): + class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): + """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + L3Interfaces._item_type = L3InterfacesItem + + class L3PortChannelsItem(AvdModel): """Subclass of AvdModel.""" + class MemberInterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "speed": {"type": str}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + """ + description: str | None + """ + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + """ + peer: str | None + """ + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + """ + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + speed: str | None + """ + Speed should be set in the format `` or `forced ` or `auto + `. + """ + structured_config: StructuredConfig + """ + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + MemberInterfacesItem. + + + Subclass of AvdModel. + + Args: + name: + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + description: + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + peer: + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + peer_interface: The peer device interface. Used for description and documentation. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + structured_config: + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class MemberInterfaces(AvdIndexedList[str, MemberInterfacesItem]): + """Subclass of AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + MemberInterfaces._item_type = MemberInterfacesItem + class Bgp(AvdModel): """Subclass of AvdModel.""" @@ -44909,8 +48808,10 @@ def __init__( """ - class StaticRoutes(AvdList[StaticRoutesItem]): - """Subclass of AvdList with `StaticRoutesItem` items.""" + class StaticRoutes(AvdIndexedList[str, StaticRoutesItem]): + """Subclass of AvdIndexedList with `StaticRoutesItem` items. Primary key is `prefix` (`str`).""" + + _primary_key: ClassVar[str] = "prefix" StaticRoutes._item_type = StaticRoutesItem @@ -45025,22 +48926,22 @@ def __init__( """ - class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + class StructuredConfig(EosCliConfigGen.PortChannelInterfacesItem): """Subclass of AvdModel.""" _fields: ClassVar[dict] = { - "profile": {"type": str}, "name": {"type": str}, "description": {"type": str}, + "mode": {"type": str, "default": "active"}, + "member_interfaces": {"type": MemberInterfaces}, "ip_address": {"type": str}, "dhcp_ip": {"type": str}, "public_ip": {"type": str}, "encapsulation_dot1q_vlan": {"type": int}, "dhcp_accept_default_route": {"type": bool, "default": True}, "enabled": {"type": bool, "default": True}, - "speed": {"type": str}, "peer": {"type": str}, - "peer_interface": {"type": str}, + "peer_port_channel": {"type": str}, "peer_ip": {"type": str}, "bgp": {"type": Bgp}, "ipv4_acl_in": {"type": str}, @@ -45056,19 +48957,32 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - profile: str | None - """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" name: str """ - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. """ description: str | None """ Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + """ + mode: Literal["active", "passive", "on"] + """ + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + + Default value: `"active"` + """ + member_interfaces: MemberInterfaces + """ + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). """ ip_address: str | None """Node IPv4 address/Mask or 'dhcp'.""" @@ -45092,11 +49006,11 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. """ encapsulation_dot1q_vlan: int | None """ @@ -45115,15 +49029,10 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Default value: `True` """ - speed: str | None - """ - Speed should be set in the format `` or `forced ` or `auto - `. - """ peer: str | None """The peer device name. Used for description and documentation.""" - peer_interface: str | None - """The peer device interface. Used for description and documentation.""" + peer_port_channel: str | None + """The peer device port-channel interface. Used for description and documentation.""" peer_ip: str | None """ The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true @@ -45154,8 +49063,8 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): """ Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). """ qos_profile: str | None """QOS service profile.""" @@ -45186,15 +49095,17 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Subclass of AvdModel. """ raw_eos_cli: str | None - """EOS CLI rendered directly on the interface in the final EOS configuration.""" + """EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. """ structured_config: StructuredConfig """ - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. """ @@ -45205,18 +49116,18 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): def __init__( self, *, - profile: str | None | UndefinedType = Undefined, name: str | UndefinedType = Undefined, description: str | None | UndefinedType = Undefined, + mode: Literal["active", "passive", "on"] | UndefinedType = Undefined, + member_interfaces: MemberInterfaces | UndefinedType = Undefined, ip_address: str | None | UndefinedType = Undefined, dhcp_ip: str | None | UndefinedType = Undefined, public_ip: str | None | UndefinedType = Undefined, encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, dhcp_accept_default_route: bool | UndefinedType = Undefined, enabled: bool | UndefinedType = Undefined, - speed: str | None | UndefinedType = Undefined, peer: str | None | UndefinedType = Undefined, - peer_interface: str | None | UndefinedType = Undefined, + peer_port_channel: str | None | UndefinedType = Undefined, peer_ip: str | None | UndefinedType = Undefined, bgp: Bgp | UndefinedType = Undefined, ipv4_acl_in: str | None | UndefinedType = Undefined, @@ -45233,21 +49144,29 @@ def __init__( _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - L3InterfacesItem. + L3PortChannelsItem. Subclass of AvdModel. Args: - profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. name: - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. description: Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + mode: + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + member_interfaces: + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). ip_address: Node IPv4 address/Mask or 'dhcp'. dhcp_ip: When the `ip_address` is `dhcp`, this optional field allows to indicate the expected @@ -45266,21 +49185,18 @@ def __init__( with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. encapsulation_dot1q_vlan: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. enabled: Enable or Shutdown the interface. - speed: - Speed should be set in the format `` or `forced ` or `auto - `. peer: The peer device name. Used for description and documentation. - peer_interface: The peer device interface. Used for description and documentation. + peer_port_channel: The peer device port-channel interface. Used for description and documentation. peer_ip: The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. @@ -45302,8 +49218,8 @@ def __init__( static_routes: Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). qos_profile: QOS service profile. wan_carrier: The WAN carrier this interface is connected to. @@ -45320,24 +49236,26 @@ def __init__( PREVIEW: This key is in preview mode Subclass of AvdModel. - raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. structured_config: - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): - """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + class L3PortChannels(AvdIndexedList[str, L3PortChannelsItem]): + """Subclass of AvdIndexedList with `L3PortChannelsItem` items. Primary key is `name` (`str`).""" _primary_key: ClassVar[str] = "name" - L3Interfaces._item_type = L3InterfacesItem + L3PortChannels._item_type = L3PortChannelsItem _fields: ClassVar[dict] = { "name": {"type": str}, @@ -45445,6 +49363,7 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): "wan_ha": {"type": WanHa}, "dps_mss_ipv4": {"type": str, "default": "auto"}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "data_plane_cpu_allocation_max": {"type": int}, "flow_tracker_type": {"type": str}, "_custom_data": {"type": dict}, @@ -46211,11 +50130,16 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): l3_interfaces: L3Interfaces """ L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + """ + l3_port_channels: L3PortChannels + """ + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). """ data_plane_cpu_allocation_max: int | None """ @@ -46342,6 +50266,7 @@ def __init__( wan_ha: WanHa | UndefinedType = Undefined, dps_mss_ipv4: str | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, data_plane_cpu_allocation_max: int | None | UndefinedType = Undefined, flow_tracker_type: Literal["sampled", "hardware"] | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -46884,11 +50809,14 @@ def __init__( dps_mss_ipv4: IPv4 MSS value configured under "router path-selection" on WAN Devices. l3_interfaces: L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + l3_port_channels: + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). data_plane_cpu_allocation_max: Set the maximum number of CPU used for the data plane. This setting is useful on virtual Route @@ -48132,70 +52060,510 @@ def __init__( """ _fields: ClassVar[dict] = { - "enabled": {"type": bool}, - "ipsec": {"type": bool, "default": True}, - "mtu": {"type": int, "default": 9194}, - "ha_interfaces": {"type": HaInterfaces}, - "ha_ipv4_pool": {"type": str}, - "max_ha_interfaces": {"type": int}, - "port_channel_id": {"type": int}, - "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "enabled": {"type": bool}, + "ipsec": {"type": bool, "default": True}, + "mtu": {"type": int, "default": 9194}, + "ha_interfaces": {"type": HaInterfaces}, + "ha_ipv4_pool": {"type": str}, + "max_ha_interfaces": {"type": int}, + "port_channel_id": {"type": int}, + "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "flow_tracking": {"type": FlowTracking}, + "_custom_data": {"type": dict}, + } + enabled: bool | None + """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" + ipsec: bool + """ + Enable / Disable IPsec over HA path-group when HA is enabled. + + Default value: `True` + """ + mtu: int + """ + Set MTU on WAN HA interfaces. + + Default value: `9194` + """ + ha_interfaces: HaInterfaces + """ + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + """ + ha_ipv4_pool: str | None + """ + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + """ + max_ha_interfaces: int | None + """ + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + """ + port_channel_id: int | None + """Port-channel ID to use for direct HA.""" + use_port_channel_for_direct_ha: bool + """ + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + + Default value: `True` + """ + flow_tracking: FlowTracking + """ + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + ipsec: bool | UndefinedType = Undefined, + mtu: int | UndefinedType = Undefined, + ha_interfaces: HaInterfaces | UndefinedType = Undefined, + ha_ipv4_pool: str | None | UndefinedType = Undefined, + max_ha_interfaces: int | None | UndefinedType = Undefined, + port_channel_id: int | None | UndefinedType = Undefined, + use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + flow_tracking: FlowTracking | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + WanHa. + + + Subclass of AvdModel. + + Args: + enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. + mtu: Set MTU on WAN HA interfaces. + ha_interfaces: + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + ha_ipv4_pool: + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + max_ha_interfaces: + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + port_channel_id: Port-channel ID to use for direct HA. + use_port_channel_for_direct_ha: + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + flow_tracking: + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class L3InterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class Bgp(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "peer_as": {"type": str}, + "ipv4_prefix_list_in": {"type": str}, + "ipv4_prefix_list_out": {"type": str}, + "_custom_data": {"type": dict}, + } + peer_as: str + """ + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + """ + ipv4_prefix_list_in: str | None + """ + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + """ + ipv4_prefix_list_out: str | None + """ + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + peer_as: str | UndefinedType = Undefined, + ipv4_prefix_list_in: str | None | UndefinedType = Undefined, + ipv4_prefix_list_out: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + Bgp. + + + Subclass of AvdModel. + + Args: + peer_as: + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + ipv4_prefix_list_in: + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + _custom_data: _custom_data + + """ + + class StaticRoutesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"prefix": {"type": str}, "_custom_data": {"type": dict}} + prefix: str + """IPv4_network/Mask.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, prefix: str | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + StaticRoutesItem. + + + Subclass of AvdModel. + + Args: + prefix: IPv4_network/Mask. + _custom_data: _custom_data + + """ + + class StaticRoutes(AvdList[StaticRoutesItem]): + """Subclass of AvdList with `StaticRoutesItem` items.""" + + StaticRoutes._item_type = StaticRoutesItem + + class CvPathfinderInternetExit(AvdModel): + """Subclass of AvdModel.""" + + class PoliciesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"name": {"type": str}, "tunnel_interface_numbers": {"type": str}, "_custom_data": {"type": dict}} + name: str + """Internet-exit policy name.""" + tunnel_interface_numbers: str | None + """ + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + tunnel_interface_numbers: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + PoliciesItem. + + + Subclass of AvdModel. + + Args: + name: Internet-exit policy name. + tunnel_interface_numbers: + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + _custom_data: _custom_data + + """ + + class Policies(AvdIndexedList[str, PoliciesItem]): + """Subclass of AvdIndexedList with `PoliciesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + Policies._item_type = PoliciesItem + + _fields: ClassVar[dict] = {"policies": {"type": Policies}, "_custom_data": {"type": dict}} + policies: Policies + """ + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, policies: Policies | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + CvPathfinderInternetExit. + + + Subclass of AvdModel. + + Args: + policies: + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + _custom_data: _custom_data + + """ + + class FlowTracking(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"enabled": {"type": bool}, "name": {"type": str}, "_custom_data": {"type": dict}} + enabled: bool | None + name: str | None + """Flow tracker name as defined in flow_tracking_settings.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + name: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + FlowTracking. + + + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "profile": {"type": str}, + "name": {"type": str}, + "description": {"type": str}, + "ip_address": {"type": str}, + "dhcp_ip": {"type": str}, + "public_ip": {"type": str}, + "encapsulation_dot1q_vlan": {"type": int}, + "dhcp_accept_default_route": {"type": bool, "default": True}, + "enabled": {"type": bool, "default": True}, + "speed": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "peer_ip": {"type": str}, + "bgp": {"type": Bgp}, + "ipv4_acl_in": {"type": str}, + "ipv4_acl_out": {"type": str}, + "static_routes": {"type": StaticRoutes}, + "qos_profile": {"type": str}, + "wan_carrier": {"type": str}, + "wan_circuit_id": {"type": str}, + "connected_to_pathfinder": {"type": bool, "default": True}, + "cv_pathfinder_internet_exit": {"type": CvPathfinderInternetExit}, + "raw_eos_cli": {"type": str}, "flow_tracking": {"type": FlowTracking}, + "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - enabled: bool | None - """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" - ipsec: bool + profile: str | None + """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" + name: str """ - Enable / Disable IPsec over HA path-group when HA is enabled. + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + """ + description: str | None + """ + Interface description. + If not set a default description will be configured with '[[ + ]]'. + """ + ip_address: str | None + """Node IPv4 address/Mask or 'dhcp'.""" + dhcp_ip: str | None + """ + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + """ + public_ip: str | None + """ + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + """ + encapsulation_dot1q_vlan: int | None + """ + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + """ + dhcp_accept_default_route: bool + """ + Accept a default route from DHCP if `ip_address` is set to `dhcp`. Default value: `True` """ - mtu: int + enabled: bool """ - Set MTU on WAN HA interfaces. + Enable or Shutdown the interface. - Default value: `9194` + Default value: `True` """ - ha_interfaces: HaInterfaces + speed: str | None """ - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + Speed should be set in the format `` or `forced ` or `auto + `. + """ + peer: str | None + """The peer device name. Used for description and documentation.""" + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + peer_ip: str | None + """ + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + """ + bgp: Bgp + """ + Enforce IPv4 BGP peering for the peer - Subclass of AvdList with `str` items. + Subclass of AvdModel. """ - ha_ipv4_pool: str | None + ipv4_acl_in: str | None """ - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. """ - max_ha_interfaces: int | None + ipv4_acl_out: str | None """ - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". """ - port_channel_id: int | None - """Port-channel ID to use for direct HA.""" - use_port_channel_for_direct_ha: bool + static_routes: StaticRoutes """ - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + """ + qos_profile: str | None + """QOS service profile.""" + wan_carrier: str | None + """ + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + """ + wan_circuit_id: str | None + """ + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + """ + connected_to_pathfinder: bool + """ + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. Default value: `True` """ + cv_pathfinder_internet_exit: CvPathfinderInternetExit + """ + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + """ + raw_eos_cli: str | None + """EOS CLI rendered directly on the interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + """ + structured_config: StructuredConfig + """ + Custom structured config for the Ethernet interface. Subclass of AvdModel. """ @@ -48206,63 +52574,240 @@ def __init__( def __init__( self, *, - enabled: bool | None | UndefinedType = Undefined, - ipsec: bool | UndefinedType = Undefined, - mtu: int | UndefinedType = Undefined, - ha_interfaces: HaInterfaces | UndefinedType = Undefined, - ha_ipv4_pool: str | None | UndefinedType = Undefined, - max_ha_interfaces: int | None | UndefinedType = Undefined, - port_channel_id: int | None | UndefinedType = Undefined, - use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + profile: str | None | UndefinedType = Undefined, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + ip_address: str | None | UndefinedType = Undefined, + dhcp_ip: str | None | UndefinedType = Undefined, + public_ip: str | None | UndefinedType = Undefined, + encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, + dhcp_accept_default_route: bool | UndefinedType = Undefined, + enabled: bool | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + peer_ip: str | None | UndefinedType = Undefined, + bgp: Bgp | UndefinedType = Undefined, + ipv4_acl_in: str | None | UndefinedType = Undefined, + ipv4_acl_out: str | None | UndefinedType = Undefined, + static_routes: StaticRoutes | UndefinedType = Undefined, + qos_profile: str | None | UndefinedType = Undefined, + wan_carrier: str | None | UndefinedType = Undefined, + wan_circuit_id: str | None | UndefinedType = Undefined, + connected_to_pathfinder: bool | UndefinedType = Undefined, + cv_pathfinder_internet_exit: CvPathfinderInternetExit | UndefinedType = Undefined, + raw_eos_cli: str | None | UndefinedType = Undefined, flow_tracking: FlowTracking | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - WanHa. + L3InterfacesItem. Subclass of AvdModel. Args: - enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. - ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. - mtu: Set MTU on WAN HA interfaces. - ha_interfaces: - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. + name: + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + description: + Interface description. + If not set a default description will be configured with '[[ + ]]'. + ip_address: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + public_ip: + Node IPv4 address (no mask). - Subclass of AvdList with `str` items. - ha_ipv4_pool: - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. - max_ha_interfaces: - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. - port_channel_id: Port-channel ID to use for direct HA. - use_port_channel_for_direct_ha: - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: Enable or Shutdown the interface. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + peer: The peer device name. Used for description and documentation. + peer_interface: The peer device interface. Used for description and documentation. + peer_ip: + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + bgp: + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + ipv4_acl_in: + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + ipv4_acl_out: + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + static_routes: + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + qos_profile: QOS service profile. + wan_carrier: + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + connected_to_pathfinder: For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + structured_config: + Custom structured config for the Ethernet interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3InterfacesItem(AvdModel): + class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): + """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + L3Interfaces._item_type = L3InterfacesItem + + class L3PortChannelsItem(AvdModel): """Subclass of AvdModel.""" + class MemberInterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "speed": {"type": str}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + """ + description: str | None + """ + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + """ + peer: str | None + """ + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + """ + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + speed: str | None + """ + Speed should be set in the format `` or `forced ` or `auto + `. + """ + structured_config: StructuredConfig + """ + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + MemberInterfacesItem. + + + Subclass of AvdModel. + + Args: + name: + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + description: + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + peer: + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + peer_interface: The peer device interface. Used for description and documentation. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + structured_config: + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class MemberInterfaces(AvdIndexedList[str, MemberInterfacesItem]): + """Subclass of AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + MemberInterfaces._item_type = MemberInterfacesItem + class Bgp(AvdModel): """Subclass of AvdModel.""" @@ -48350,8 +52895,10 @@ def __init__( """ - class StaticRoutes(AvdList[StaticRoutesItem]): - """Subclass of AvdList with `StaticRoutesItem` items.""" + class StaticRoutes(AvdIndexedList[str, StaticRoutesItem]): + """Subclass of AvdIndexedList with `StaticRoutesItem` items. Primary key is `prefix` (`str`).""" + + _primary_key: ClassVar[str] = "prefix" StaticRoutes._item_type = StaticRoutesItem @@ -48466,22 +53013,22 @@ def __init__( """ - class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + class StructuredConfig(EosCliConfigGen.PortChannelInterfacesItem): """Subclass of AvdModel.""" _fields: ClassVar[dict] = { - "profile": {"type": str}, "name": {"type": str}, "description": {"type": str}, + "mode": {"type": str, "default": "active"}, + "member_interfaces": {"type": MemberInterfaces}, "ip_address": {"type": str}, "dhcp_ip": {"type": str}, "public_ip": {"type": str}, "encapsulation_dot1q_vlan": {"type": int}, "dhcp_accept_default_route": {"type": bool, "default": True}, "enabled": {"type": bool, "default": True}, - "speed": {"type": str}, "peer": {"type": str}, - "peer_interface": {"type": str}, + "peer_port_channel": {"type": str}, "peer_ip": {"type": str}, "bgp": {"type": Bgp}, "ipv4_acl_in": {"type": str}, @@ -48497,19 +53044,32 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - profile: str | None - """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" name: str """ - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. """ description: str | None """ Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + """ + mode: Literal["active", "passive", "on"] + """ + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + + Default value: `"active"` + """ + member_interfaces: MemberInterfaces + """ + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). """ ip_address: str | None """Node IPv4 address/Mask or 'dhcp'.""" @@ -48533,11 +53093,11 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. """ encapsulation_dot1q_vlan: int | None """ @@ -48556,15 +53116,10 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Default value: `True` """ - speed: str | None - """ - Speed should be set in the format `` or `forced ` or `auto - `. - """ peer: str | None """The peer device name. Used for description and documentation.""" - peer_interface: str | None - """The peer device interface. Used for description and documentation.""" + peer_port_channel: str | None + """The peer device port-channel interface. Used for description and documentation.""" peer_ip: str | None """ The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true @@ -48595,8 +53150,8 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): """ Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). """ qos_profile: str | None """QOS service profile.""" @@ -48627,15 +53182,17 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Subclass of AvdModel. """ raw_eos_cli: str | None - """EOS CLI rendered directly on the interface in the final EOS configuration.""" + """EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. """ structured_config: StructuredConfig """ - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. """ @@ -48646,18 +53203,18 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): def __init__( self, *, - profile: str | None | UndefinedType = Undefined, name: str | UndefinedType = Undefined, description: str | None | UndefinedType = Undefined, + mode: Literal["active", "passive", "on"] | UndefinedType = Undefined, + member_interfaces: MemberInterfaces | UndefinedType = Undefined, ip_address: str | None | UndefinedType = Undefined, dhcp_ip: str | None | UndefinedType = Undefined, public_ip: str | None | UndefinedType = Undefined, encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, dhcp_accept_default_route: bool | UndefinedType = Undefined, enabled: bool | UndefinedType = Undefined, - speed: str | None | UndefinedType = Undefined, peer: str | None | UndefinedType = Undefined, - peer_interface: str | None | UndefinedType = Undefined, + peer_port_channel: str | None | UndefinedType = Undefined, peer_ip: str | None | UndefinedType = Undefined, bgp: Bgp | UndefinedType = Undefined, ipv4_acl_in: str | None | UndefinedType = Undefined, @@ -48674,21 +53231,29 @@ def __init__( _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - L3InterfacesItem. + L3PortChannelsItem. Subclass of AvdModel. Args: - profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. name: - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. description: Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + mode: + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + member_interfaces: + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). ip_address: Node IPv4 address/Mask or 'dhcp'. dhcp_ip: When the `ip_address` is `dhcp`, this optional field allows to indicate the expected @@ -48707,21 +53272,18 @@ def __init__( with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. encapsulation_dot1q_vlan: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. enabled: Enable or Shutdown the interface. - speed: - Speed should be set in the format `` or `forced ` or `auto - `. peer: The peer device name. Used for description and documentation. - peer_interface: The peer device interface. Used for description and documentation. + peer_port_channel: The peer device port-channel interface. Used for description and documentation. peer_ip: The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. @@ -48743,8 +53305,8 @@ def __init__( static_routes: Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). qos_profile: QOS service profile. wan_carrier: The WAN carrier this interface is connected to. @@ -48761,24 +53323,26 @@ def __init__( PREVIEW: This key is in preview mode Subclass of AvdModel. - raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. structured_config: - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): - """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + class L3PortChannels(AvdIndexedList[str, L3PortChannelsItem]): + """Subclass of AvdIndexedList with `L3PortChannelsItem` items. Primary key is `name` (`str`).""" _primary_key: ClassVar[str] = "name" - L3Interfaces._item_type = L3InterfacesItem + L3PortChannels._item_type = L3PortChannelsItem _fields: ClassVar[dict] = { "group": {"type": str}, @@ -48886,6 +53450,7 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): "wan_ha": {"type": WanHa}, "dps_mss_ipv4": {"type": str, "default": "auto"}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "data_plane_cpu_allocation_max": {"type": int}, "flow_tracker_type": {"type": str}, "_custom_data": {"type": dict}, @@ -49655,11 +54220,16 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): l3_interfaces: L3Interfaces """ L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + """ + l3_port_channels: L3PortChannels + """ + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). """ data_plane_cpu_allocation_max: int | None """ @@ -49786,6 +54356,7 @@ def __init__( wan_ha: WanHa | UndefinedType = Undefined, dps_mss_ipv4: str | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, data_plane_cpu_allocation_max: int | None | UndefinedType = Undefined, flow_tracker_type: Literal["sampled", "hardware"] | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -50330,11 +54901,14 @@ def __init__( dps_mss_ipv4: IPv4 MSS value configured under "router path-selection" on WAN Devices. l3_interfaces: L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + l3_port_channels: + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). data_plane_cpu_allocation_max: Set the maximum number of CPU used for the data plane. This setting is useful on virtual Route @@ -51638,70 +56212,510 @@ def __init__( """ _fields: ClassVar[dict] = { - "enabled": {"type": bool}, - "ipsec": {"type": bool, "default": True}, - "mtu": {"type": int, "default": 9194}, - "ha_interfaces": {"type": HaInterfaces}, - "ha_ipv4_pool": {"type": str}, - "max_ha_interfaces": {"type": int}, - "port_channel_id": {"type": int}, - "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "enabled": {"type": bool}, + "ipsec": {"type": bool, "default": True}, + "mtu": {"type": int, "default": 9194}, + "ha_interfaces": {"type": HaInterfaces}, + "ha_ipv4_pool": {"type": str}, + "max_ha_interfaces": {"type": int}, + "port_channel_id": {"type": int}, + "use_port_channel_for_direct_ha": {"type": bool, "default": True}, + "flow_tracking": {"type": FlowTracking}, + "_custom_data": {"type": dict}, + } + enabled: bool | None + """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" + ipsec: bool + """ + Enable / Disable IPsec over HA path-group when HA is enabled. + + Default value: `True` + """ + mtu: int + """ + Set MTU on WAN HA interfaces. + + Default value: `9194` + """ + ha_interfaces: HaInterfaces + """ + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + """ + ha_ipv4_pool: str | None + """ + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + """ + max_ha_interfaces: int | None + """ + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + """ + port_channel_id: int | None + """Port-channel ID to use for direct HA.""" + use_port_channel_for_direct_ha: bool + """ + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + + Default value: `True` + """ + flow_tracking: FlowTracking + """ + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + ipsec: bool | UndefinedType = Undefined, + mtu: int | UndefinedType = Undefined, + ha_interfaces: HaInterfaces | UndefinedType = Undefined, + ha_ipv4_pool: str | None | UndefinedType = Undefined, + max_ha_interfaces: int | None | UndefinedType = Undefined, + port_channel_id: int | None | UndefinedType = Undefined, + use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + flow_tracking: FlowTracking | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + WanHa. + + + Subclass of AvdModel. + + Args: + enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. + mtu: Set MTU on WAN HA interfaces. + ha_interfaces: + Local WAN HA interfaces + Overwrite the default behavior which is to pick all the `uplink_interfaces`. + Can be used to filter uplink interfaces when there are multiple uplinks. + Limitations: + Either all + interfaces must be uplinks or all interfaces must not be uplinks. + Only one interface is supported + for non uplinks. + + Subclass of AvdList with `str` items. + ha_ipv4_pool: + IP address pool used for WAN HA connectivity. + IP is derived from the node ID. + Not used for uplink + interfaces. + max_ha_interfaces: + Number of parallel links towards HA switches. + Can be used to reserve IP addresses for future + parallel HA links. + port_channel_id: Port-channel ID to use for direct HA. + use_port_channel_for_direct_ha: + Enable or disable using a port-channel interface for direct HA when there is only one interface. + This feature was introduced in EOS 4.33.0F. + flow_tracking: + Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` + setting. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class L3InterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class Bgp(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "peer_as": {"type": str}, + "ipv4_prefix_list_in": {"type": str}, + "ipv4_prefix_list_out": {"type": str}, + "_custom_data": {"type": dict}, + } + peer_as: str + """ + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + """ + ipv4_prefix_list_in: str | None + """ + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + """ + ipv4_prefix_list_out: str | None + """ + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + peer_as: str | UndefinedType = Undefined, + ipv4_prefix_list_in: str | None | UndefinedType = Undefined, + ipv4_prefix_list_out: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + Bgp. + + + Subclass of AvdModel. + + Args: + peer_as: + BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + For asdot notation in + YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float + number. + ipv4_prefix_list_in: + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be + advertised. + _custom_data: _custom_data + + """ + + class StaticRoutesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"prefix": {"type": str}, "_custom_data": {"type": dict}} + prefix: str + """IPv4_network/Mask.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, prefix: str | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + StaticRoutesItem. + + + Subclass of AvdModel. + + Args: + prefix: IPv4_network/Mask. + _custom_data: _custom_data + + """ + + class StaticRoutes(AvdList[StaticRoutesItem]): + """Subclass of AvdList with `StaticRoutesItem` items.""" + + StaticRoutes._item_type = StaticRoutesItem + + class CvPathfinderInternetExit(AvdModel): + """Subclass of AvdModel.""" + + class PoliciesItem(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"name": {"type": str}, "tunnel_interface_numbers": {"type": str}, "_custom_data": {"type": dict}} + name: str + """Internet-exit policy name.""" + tunnel_interface_numbers: str | None + """ + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + tunnel_interface_numbers: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + PoliciesItem. + + + Subclass of AvdModel. + + Args: + name: Internet-exit policy name. + tunnel_interface_numbers: + Number range to use for Tunnel interfaces to an internet-exit service provider using this local + interface. + Examples: '1-3' or '100,200,300' + _custom_data: _custom_data + + """ + + class Policies(AvdIndexedList[str, PoliciesItem]): + """Subclass of AvdIndexedList with `PoliciesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + Policies._item_type = PoliciesItem + + _fields: ClassVar[dict] = {"policies": {"type": Policies}, "_custom_data": {"type": dict}} + policies: Policies + """ + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, *, policies: Policies | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined + ) -> None: + """ + CvPathfinderInternetExit. + + + Subclass of AvdModel. + + Args: + policies: + List of Internet-exit policies using this interface as exit. + + Subclass of AvdIndexedList with + `PoliciesItem` items. Primary key is `name` (`str`). + _custom_data: _custom_data + + """ + + class FlowTracking(AvdModel): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = {"enabled": {"type": bool}, "name": {"type": str}, "_custom_data": {"type": dict}} + enabled: bool | None + name: str | None + """Flow tracker name as defined in flow_tracking_settings.""" + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + enabled: bool | None | UndefinedType = Undefined, + name: str | None | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + FlowTracking. + + + Subclass of AvdModel. + + Args: + enabled: enabled + name: Flow tracker name as defined in flow_tracking_settings. + _custom_data: _custom_data + + """ + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "profile": {"type": str}, + "name": {"type": str}, + "description": {"type": str}, + "ip_address": {"type": str}, + "dhcp_ip": {"type": str}, + "public_ip": {"type": str}, + "encapsulation_dot1q_vlan": {"type": int}, + "dhcp_accept_default_route": {"type": bool, "default": True}, + "enabled": {"type": bool, "default": True}, + "speed": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "peer_ip": {"type": str}, + "bgp": {"type": Bgp}, + "ipv4_acl_in": {"type": str}, + "ipv4_acl_out": {"type": str}, + "static_routes": {"type": StaticRoutes}, + "qos_profile": {"type": str}, + "wan_carrier": {"type": str}, + "wan_circuit_id": {"type": str}, + "connected_to_pathfinder": {"type": bool, "default": True}, + "cv_pathfinder_internet_exit": {"type": CvPathfinderInternetExit}, + "raw_eos_cli": {"type": str}, "flow_tracking": {"type": FlowTracking}, + "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - enabled: bool | None - """Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group.""" - ipsec: bool + profile: str | None + """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" + name: str """ - Enable / Disable IPsec over HA path-group when HA is enabled. + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + """ + description: str | None + """ + Interface description. + If not set a default description will be configured with '[[ + ]]'. + """ + ip_address: str | None + """Node IPv4 address/Mask or 'dhcp'.""" + dhcp_ip: str | None + """ + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + """ + public_ip: str | None + """ + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + """ + encapsulation_dot1q_vlan: int | None + """ + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + """ + dhcp_accept_default_route: bool + """ + Accept a default route from DHCP if `ip_address` is set to `dhcp`. Default value: `True` """ - mtu: int + enabled: bool """ - Set MTU on WAN HA interfaces. + Enable or Shutdown the interface. - Default value: `9194` + Default value: `True` """ - ha_interfaces: HaInterfaces + speed: str | None """ - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + Speed should be set in the format `` or `forced ` or `auto + `. + """ + peer: str | None + """The peer device name. Used for description and documentation.""" + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + peer_ip: str | None + """ + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + """ + bgp: Bgp + """ + Enforce IPv4 BGP peering for the peer - Subclass of AvdList with `str` items. + Subclass of AvdModel. """ - ha_ipv4_pool: str | None + ipv4_acl_in: str | None """ - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. """ - max_ha_interfaces: int | None + ipv4_acl_out: str | None """ - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". """ - port_channel_id: int | None - """Port-channel ID to use for direct HA.""" - use_port_channel_for_direct_ha: bool + static_routes: StaticRoutes """ - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + """ + qos_profile: str | None + """QOS service profile.""" + wan_carrier: str | None + """ + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + """ + wan_circuit_id: str | None + """ + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + """ + connected_to_pathfinder: bool + """ + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. Default value: `True` """ + cv_pathfinder_internet_exit: CvPathfinderInternetExit + """ + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + """ + raw_eos_cli: str | None + """EOS CLI rendered directly on the interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + """ + structured_config: StructuredConfig + """ + Custom structured config for the Ethernet interface. Subclass of AvdModel. """ @@ -51712,63 +56726,240 @@ def __init__( def __init__( self, *, - enabled: bool | None | UndefinedType = Undefined, - ipsec: bool | UndefinedType = Undefined, - mtu: int | UndefinedType = Undefined, - ha_interfaces: HaInterfaces | UndefinedType = Undefined, - ha_ipv4_pool: str | None | UndefinedType = Undefined, - max_ha_interfaces: int | None | UndefinedType = Undefined, - port_channel_id: int | None | UndefinedType = Undefined, - use_port_channel_for_direct_ha: bool | UndefinedType = Undefined, + profile: str | None | UndefinedType = Undefined, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + ip_address: str | None | UndefinedType = Undefined, + dhcp_ip: str | None | UndefinedType = Undefined, + public_ip: str | None | UndefinedType = Undefined, + encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, + dhcp_accept_default_route: bool | UndefinedType = Undefined, + enabled: bool | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + peer_ip: str | None | UndefinedType = Undefined, + bgp: Bgp | UndefinedType = Undefined, + ipv4_acl_in: str | None | UndefinedType = Undefined, + ipv4_acl_out: str | None | UndefinedType = Undefined, + static_routes: StaticRoutes | UndefinedType = Undefined, + qos_profile: str | None | UndefinedType = Undefined, + wan_carrier: str | None | UndefinedType = Undefined, + wan_circuit_id: str | None | UndefinedType = Undefined, + connected_to_pathfinder: bool | UndefinedType = Undefined, + cv_pathfinder_internet_exit: CvPathfinderInternetExit | UndefinedType = Undefined, + raw_eos_cli: str | None | UndefinedType = Undefined, flow_tracking: FlowTracking | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - WanHa. + L3InterfacesItem. Subclass of AvdModel. Args: - enabled: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. - ipsec: Enable / Disable IPsec over HA path-group when HA is enabled. - mtu: Set MTU on WAN HA interfaces. - ha_interfaces: - Local WAN HA interfaces - Overwrite the default behavior which is to pick all the `uplink_interfaces`. - Can be used to filter uplink interfaces when there are multiple uplinks. - Limitations: - Either all - interfaces must be uplinks or all interfaces must not be uplinks. - Only one interface is supported - for non uplinks. + profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. + name: + Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + For a + subinterface, the parent physical interface is automatically created. + description: + Interface description. + If not set a default description will be configured with '[[ + ]]'. + ip_address: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address + (without mask) to be allocated on the interface if known. + This is not rendered in the configuration + but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and + `ipv4_acl_out`. + public_ip: + Node IPv4 address (no mask). - Subclass of AvdList with `str` items. - ha_ipv4_pool: - IP address pool used for WAN HA connectivity. - IP is derived from the node ID. - Not used for uplink - interfaces. - max_ha_interfaces: - Number of parallel links towards HA switches. - Can be used to reserve IP addresses for future - parallel HA links. - port_channel_id: Port-channel ID to use for direct HA. - use_port_channel_for_direct_ha: - Enable or disable using a port-channel interface for direct HA when there is only one interface. - This feature was introduced in EOS 4.33.0F. + This is used to get the public IP (if known) when the device is behind + NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> + `l3_interfaces.public_ip` + -> `l3_interfaces.ip_address` + + The determined Public IP is used + by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be + specified. + dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: Enable or Shutdown the interface. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + peer: The peer device name. Used for description and documentation. + peer_interface: The peer device interface. Used for description and documentation. + peer_ip: + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true + and `ip` is an IP address. + bgp: + Enforce IPv4 BGP peering for the peer + + Subclass of AvdModel. + ipv4_acl_in: + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be + defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required + for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under + `wan_carriers`. + ipv4_acl_out: + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined + under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + static_routes: + Configure IPv4 static routes pointing to `peer_ip`. + + Subclass of AvdList with `StaticRoutesItem` + items. + qos_profile: QOS service profile. + wan_carrier: + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this + interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, + `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN + designs. + connected_to_pathfinder: For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + PREVIEW: This key is in preview mode + + Subclass of AvdModel. + raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` - setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Subclass of AvdModel. + structured_config: + Custom structured config for the Ethernet interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3InterfacesItem(AvdModel): + class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): + """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + L3Interfaces._item_type = L3InterfacesItem + + class L3PortChannelsItem(AvdModel): """Subclass of AvdModel.""" + class MemberInterfacesItem(AvdModel): + """Subclass of AvdModel.""" + + class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + """Subclass of AvdModel.""" + + _fields: ClassVar[dict] = { + "name": {"type": str}, + "description": {"type": str}, + "peer": {"type": str}, + "peer_interface": {"type": str}, + "speed": {"type": str}, + "structured_config": {"type": StructuredConfig}, + "_custom_data": {"type": dict}, + } + name: str + """ + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + """ + description: str | None + """ + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + """ + peer: str | None + """ + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + """ + peer_interface: str | None + """The peer device interface. Used for description and documentation.""" + speed: str | None + """ + Speed should be set in the format `` or `forced ` or `auto + `. + """ + structured_config: StructuredConfig + """ + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + """ + _custom_data: dict[str, Any] + + if TYPE_CHECKING: + + def __init__( + self, + *, + name: str | UndefinedType = Undefined, + description: str | None | UndefinedType = Undefined, + peer: str | None | UndefinedType = Undefined, + peer_interface: str | None | UndefinedType = Undefined, + speed: str | None | UndefinedType = Undefined, + structured_config: StructuredConfig | UndefinedType = Undefined, + _custom_data: dict[str, Any] | UndefinedType = Undefined, + ) -> None: + """ + MemberInterfacesItem. + + + Subclass of AvdModel. + + Args: + name: + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + description: + Interface description for this member. + If not set a default description will be configured with + '[[ ]]'. + peer: + The peer device name. Used for description and documentation. + If not set, this inherits the peer + setting on the port-channel interface. + peer_interface: The peer device interface. Used for description and documentation. + speed: + Speed should be set in the format `` or `forced ` or `auto + `. + structured_config: + Custom structured config for the member ethernet interface. + + Subclass of AvdModel. + _custom_data: _custom_data + + """ + + class MemberInterfaces(AvdIndexedList[str, MemberInterfacesItem]): + """Subclass of AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`).""" + + _primary_key: ClassVar[str] = "name" + + MemberInterfaces._item_type = MemberInterfacesItem + class Bgp(AvdModel): """Subclass of AvdModel.""" @@ -51856,8 +57047,10 @@ def __init__( """ - class StaticRoutes(AvdList[StaticRoutesItem]): - """Subclass of AvdList with `StaticRoutesItem` items.""" + class StaticRoutes(AvdIndexedList[str, StaticRoutesItem]): + """Subclass of AvdIndexedList with `StaticRoutesItem` items. Primary key is `prefix` (`str`).""" + + _primary_key: ClassVar[str] = "prefix" StaticRoutes._item_type = StaticRoutesItem @@ -51972,22 +57165,22 @@ def __init__( """ - class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): + class StructuredConfig(EosCliConfigGen.PortChannelInterfacesItem): """Subclass of AvdModel.""" _fields: ClassVar[dict] = { - "profile": {"type": str}, "name": {"type": str}, "description": {"type": str}, + "mode": {"type": str, "default": "active"}, + "member_interfaces": {"type": MemberInterfaces}, "ip_address": {"type": str}, "dhcp_ip": {"type": str}, "public_ip": {"type": str}, "encapsulation_dot1q_vlan": {"type": int}, "dhcp_accept_default_route": {"type": bool, "default": True}, "enabled": {"type": bool, "default": True}, - "speed": {"type": str}, "peer": {"type": str}, - "peer_interface": {"type": str}, + "peer_port_channel": {"type": str}, "peer_ip": {"type": str}, "bgp": {"type": Bgp}, "ipv4_acl_in": {"type": str}, @@ -52003,19 +57196,32 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): "structured_config": {"type": StructuredConfig}, "_custom_data": {"type": dict}, } - profile: str | None - """L3 interface profile name. Profile defined under `l3_interface_profiles`.""" name: str """ - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. """ description: str | None """ Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + """ + mode: Literal["active", "passive", "on"] + """ + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + + Default value: `"active"` + """ + member_interfaces: MemberInterfaces + """ + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). """ ip_address: str | None """Node IPv4 address/Mask or 'dhcp'.""" @@ -52039,11 +57245,11 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. """ encapsulation_dot1q_vlan: int | None """ @@ -52062,15 +57268,10 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Default value: `True` """ - speed: str | None - """ - Speed should be set in the format `` or `forced ` or `auto - `. - """ peer: str | None """The peer device name. Used for description and documentation.""" - peer_interface: str | None - """The peer device interface. Used for description and documentation.""" + peer_port_channel: str | None + """The peer device port-channel interface. Used for description and documentation.""" peer_ip: str | None """ The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true @@ -52101,8 +57302,8 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): """ Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). """ qos_profile: str | None """QOS service profile.""" @@ -52133,15 +57334,17 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): Subclass of AvdModel. """ raw_eos_cli: str | None - """EOS CLI rendered directly on the interface in the final EOS configuration.""" + """EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration.""" flow_tracking: FlowTracking """ - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. """ structured_config: StructuredConfig """ - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. """ @@ -52152,18 +57355,18 @@ class StructuredConfig(EosCliConfigGen.EthernetInterfacesItem): def __init__( self, *, - profile: str | None | UndefinedType = Undefined, name: str | UndefinedType = Undefined, description: str | None | UndefinedType = Undefined, + mode: Literal["active", "passive", "on"] | UndefinedType = Undefined, + member_interfaces: MemberInterfaces | UndefinedType = Undefined, ip_address: str | None | UndefinedType = Undefined, dhcp_ip: str | None | UndefinedType = Undefined, public_ip: str | None | UndefinedType = Undefined, encapsulation_dot1q_vlan: int | None | UndefinedType = Undefined, dhcp_accept_default_route: bool | UndefinedType = Undefined, enabled: bool | UndefinedType = Undefined, - speed: str | None | UndefinedType = Undefined, peer: str | None | UndefinedType = Undefined, - peer_interface: str | None | UndefinedType = Undefined, + peer_port_channel: str | None | UndefinedType = Undefined, peer_ip: str | None | UndefinedType = Undefined, bgp: Bgp | UndefinedType = Undefined, ipv4_acl_in: str | None | UndefinedType = Undefined, @@ -52180,21 +57383,29 @@ def __init__( _custom_data: dict[str, Any] | UndefinedType = Undefined, ) -> None: """ - L3InterfacesItem. + L3PortChannelsItem. Subclass of AvdModel. Args: - profile: L3 interface profile name. Profile defined under `l3_interface_profiles`. name: - Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'. + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. For a - subinterface, the parent physical interface is automatically created. + Port-Channel subinterface, the parent Port-Channel interface must be defined as well. description: Interface description. If not set a default description will be configured with '[[ - ]]'. + ]]'. + mode: + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + member_interfaces: + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + + Subclass of + AvdIndexedList with `MemberInterfacesItem` items. Primary key is `name` (`str`). ip_address: Node IPv4 address/Mask or 'dhcp'. dhcp_ip: When the `ip_address` is `dhcp`, this optional field allows to indicate the expected @@ -52213,21 +57424,18 @@ def __init__( with the following preference: `wan_route_servers.path_groups.interfaces.ip_address` -> - `l3_interfaces.public_ip` - -> `l3_interfaces.ip_address` + `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` - The determined Public IP is used - by WAN routers when peering with this interface. + The determined Public IP is + used by WAN routers when peering with this interface. encapsulation_dot1q_vlan: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. dhcp_accept_default_route: Accept a default route from DHCP if `ip_address` is set to `dhcp`. enabled: Enable or Shutdown the interface. - speed: - Speed should be set in the format `` or `forced ` or `auto - `. peer: The peer device name. Used for description and documentation. - peer_interface: The peer device interface. Used for description and documentation. + peer_port_channel: The peer device port-channel interface. Used for description and documentation. peer_ip: The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. @@ -52249,8 +57457,8 @@ def __init__( static_routes: Configure IPv4 static routes pointing to `peer_ip`. - Subclass of AvdList with `StaticRoutesItem` - items. + Subclass of AvdIndexedList with + `StaticRoutesItem` items. Primary key is `prefix` (`str`). qos_profile: QOS service profile. wan_carrier: The WAN carrier this interface is connected to. @@ -52267,24 +57475,26 @@ def __init__( PREVIEW: This key is in preview mode Subclass of AvdModel. - raw_eos_cli: EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. flow_tracking: - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` + setting. + Subclass of AvdModel. structured_config: - Custom structured config for the Ethernet interface. + Custom structured config for the Port-Channel interface. Subclass of AvdModel. _custom_data: _custom_data """ - class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): - """Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is `name` (`str`).""" + class L3PortChannels(AvdIndexedList[str, L3PortChannelsItem]): + """Subclass of AvdIndexedList with `L3PortChannelsItem` items. Primary key is `name` (`str`).""" _primary_key: ClassVar[str] = "name" - L3Interfaces._item_type = L3InterfacesItem + L3PortChannels._item_type = L3PortChannelsItem _fields: ClassVar[dict] = { "name": {"type": str}, @@ -52392,6 +57602,7 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): "wan_ha": {"type": WanHa}, "dps_mss_ipv4": {"type": str, "default": "auto"}, "l3_interfaces": {"type": L3Interfaces}, + "l3_port_channels": {"type": L3PortChannels}, "data_plane_cpu_allocation_max": {"type": int}, "flow_tracker_type": {"type": str}, "_custom_data": {"type": dict}, @@ -53158,11 +58369,16 @@ class L3Interfaces(AvdIndexedList[str, L3InterfacesItem]): l3_interfaces: L3Interfaces """ L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + """ + l3_port_channels: L3PortChannels + """ + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). """ data_plane_cpu_allocation_max: int | None """ @@ -53289,6 +58505,7 @@ def __init__( wan_ha: WanHa | UndefinedType = Undefined, dps_mss_ipv4: str | UndefinedType = Undefined, l3_interfaces: L3Interfaces | UndefinedType = Undefined, + l3_port_channels: L3PortChannels | UndefinedType = Undefined, data_plane_cpu_allocation_max: int | None | UndefinedType = Undefined, flow_tracker_type: Literal["sampled", "hardware"] | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined, @@ -53831,11 +59048,14 @@ def __init__( dps_mss_ipv4: IPv4 MSS value configured under "router path-selection" on WAN Devices. l3_interfaces: L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when - `wan_carrier` is set. - Subclass of AvdIndexedList with `L3InterfacesItem` items. Primary key is - `name` (`str`). + Subclass of AvdIndexedList with `L3InterfacesItem` items. + Primary key is `name` (`str`). + l3_port_channels: + L3 Port-Channel interfaces to configure on the node. + + Subclass of AvdIndexedList with + `L3PortChannelsItem` items. Primary key is `name` (`str`). data_plane_cpu_allocation_max: Set the maximum number of CPU used for the data plane. This setting is useful on virtual Route diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml index df00851d787..80488e289ab 100644 --- a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml @@ -1434,6 +1434,10 @@ keys: tenants.vrfs.l3_interfaces. type: dict $ref: eos_designs#/keys/fabric_flow_tracking/keys/uplinks + l3_port_channels: + description: Enable flow-tracking on all node.l3_port_channels. + type: dict + $ref: eos_designs#/keys/fabric_flow_tracking/keys/uplinks dps_interfaces: description: Enable flow-tracking on all dps_interfaces. type: dict @@ -9222,9 +9226,7 @@ $defs: $ref: eos_designs#/$defs/node_type_l3_interfaces documentation_options: table: node-type-l3-interfaces-configuration - description: 'L3 Interfaces to configure on the node. - - Used to define the node for WAN interfaces when `wan_carrier` is set.' + description: L3 Interfaces to configure on the node. items: type: dict keys: @@ -9238,9 +9240,7 @@ $defs: $ref: eos_designs#/$defs/node_type_l3_port_channels documentation_options: table: node-type-l3-port-channels-configuration - description: 'L3 Port-Channel interfaces to configure on the node. - - Used to define the node for WAN interfaces when `wan_carrier` is set.' + description: L3 Port-Channel interfaces to configure on the node. data_plane_cpu_allocation_max: documentation_options: table: system-settings @@ -9549,7 +9549,7 @@ $defs: - active - passive - 'on' - default: 'on' + default: active member_interfaces: description: 'Port-Channel member interfaces. @@ -9584,6 +9584,12 @@ $defs: type: str description: Speed should be set in the format `` or `forced ` or `auto `. + structured_config: + type: dict + documentation_options: + hide_keys: true + description: Custom structured config for the member ethernet interface. + $ref: eos_cli_config_gen#/keys/ethernet_interfaces/items ip_address: type: str description: Node IPv4 address/Mask or 'dhcp'. @@ -9683,12 +9689,12 @@ $defs: description: Configure IPv4 static routes pointing to `peer_ip`. type: list min_length: 1 + primary_key: prefix items: type: dict keys: prefix: type: str - required: true description: IPv4_network/Mask. qos_profile: type: str @@ -9737,12 +9743,12 @@ $defs: Examples: ''1-3'' or ''100,200,300''' raw_eos_cli: type: str - description: EOS CLI rendered directly on the interface in the final EOS - configuration. + description: EOS CLI rendered directly on the Port-Channel interface in + the final EOS configuration. flow_tracking: type: dict $ref: eos_designs#/$defs/flow_tracking_link - description: Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` + description: Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. structured_config: type: dict diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml index 3d3eb02d7e4..9488df292bf 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml @@ -1376,7 +1376,6 @@ $defs: table: node-type-l3-interfaces-configuration description: |- L3 Interfaces to configure on the node. - Used to define the node for WAN interfaces when `wan_carrier` is set. items: type: dict keys: @@ -1391,7 +1390,6 @@ $defs: table: node-type-l3-port-channels-configuration description: |- L3 Port-Channel interfaces to configure on the node. - Used to define the node for WAN interfaces when `wan_carrier` is set. data_plane_cpu_allocation_max: documentation_options: table: system-settings diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml index 2478adf2783..99e26ebb9c8 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml @@ -33,7 +33,7 @@ $defs: - "active" - "passive" - "on" - default: "on" + default: "active" member_interfaces: description: |- Port-Channel member interfaces. @@ -68,6 +68,13 @@ $defs: type: str description: |- Speed should be set in the format `` or `forced ` or `auto `. + structured_config: + type: dict + documentation_options: + hide_keys: true + description: |- + Custom structured config for the member ethernet interface. + $ref: "eos_cli_config_gen#/keys/ethernet_interfaces/items" ip_address: type: str description: Node IPv4 address/Mask or 'dhcp'. @@ -162,12 +169,12 @@ $defs: description: Configure IPv4 static routes pointing to `peer_ip`. type: list min_length: 1 + primary_key: prefix items: type: dict keys: prefix: type: str - required: true description: IPv4_network/Mask. qos_profile: type: str @@ -212,12 +219,12 @@ $defs: Examples: '1-3' or '100,200,300' raw_eos_cli: type: str - description: EOS CLI rendered directly on the interface in the final EOS configuration. + description: EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. flow_tracking: type: dict $ref: "eos_designs#/$defs/flow_tracking_link" description: |- - Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. structured_config: type: dict documentation_options: diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/fabric_flow_tracking.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/fabric_flow_tracking.schema.yml index 5b25f4a1e1d..fa4af77d0ba 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/fabric_flow_tracking.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/fabric_flow_tracking.schema.yml @@ -50,6 +50,10 @@ keys: description: Enable flow-tracking on all node.l3_interfaces and network-services tenants.vrfs.l3_interfaces. type: dict $ref: eos_designs#/keys/fabric_flow_tracking/keys/uplinks + l3_port_channels: + description: Enable flow-tracking on all node.l3_port_channels. + type: dict + $ref: eos_designs#/keys/fabric_flow_tracking/keys/uplinks dps_interfaces: description: Enable flow-tracking on all dps_interfaces. type: dict diff --git a/python-avd/pyavd/_eos_designs/shared_utils/flow_tracking.py b/python-avd/pyavd/_eos_designs/shared_utils/flow_tracking.py index aeb043eb602..b7edb0648ee 100644 --- a/python-avd/pyavd/_eos_designs/shared_utils/flow_tracking.py +++ b/python-avd/pyavd/_eos_designs/shared_utils/flow_tracking.py @@ -19,6 +19,7 @@ | EosDesigns.L3Edge.P2pLinksItem.FlowTracking | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.WanHa.FlowTracking | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3InterfacesItem.FlowTracking + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannelsItem.FlowTracking | EosDesigns.FabricFlowTracking.MlagInterfaces | EosDesigns.FabricFlowTracking.DpsInterfaces | EosDesigns.FabricFlowTracking.Uplinks @@ -60,6 +61,9 @@ def get_flow_tracker(self: SharedUtils, flow_tracking: FlowTracking) -> dict[str case EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3InterfacesItem.FlowTracking(): enabled: bool = default(flow_tracking.enabled, self.inputs.fabric_flow_tracking.l3_interfaces.enabled) name: str = default(flow_tracking.name, self.inputs.fabric_flow_tracking.l3_interfaces.name) + case EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannelsItem.FlowTracking(): + enabled: bool = default(flow_tracking.enabled, self.inputs.fabric_flow_tracking.l3_port_channels.enabled) + name: str = default(flow_tracking.name, self.inputs.fabric_flow_tracking.l3_port_channels.name) case ( EosDesigns.FabricFlowTracking.MlagInterfaces() | EosDesigns.FabricFlowTracking.DpsInterfaces() diff --git a/python-avd/pyavd/_eos_designs/shared_utils/l3_interfaces.py b/python-avd/pyavd/_eos_designs/shared_utils/l3_interfaces.py index 61537193d91..954ce876303 100644 --- a/python-avd/pyavd/_eos_designs/shared_utils/l3_interfaces.py +++ b/python-avd/pyavd/_eos_designs/shared_utils/l3_interfaces.py @@ -8,7 +8,6 @@ from pyavd._eos_designs.schema import EosDesigns from pyavd._errors import AristaAvdInvalidInputsError -from pyavd.api.interface_descriptions import InterfaceDescriptionData if TYPE_CHECKING: from . import SharedUtils @@ -57,51 +56,4 @@ def l3_interfaces(self: SharedUtils) -> EosDesigns._DynamicKeys.DynamicNodeTypes @cached_property def l3_interfaces_bgp_neighbors(self: SharedUtils) -> list: - neighbors = [] - for interface in self.l3_interfaces: - if not (interface.peer_ip and interface.bgp): - continue - - peer_as = interface.bgp.peer_as - if peer_as is None: - msg = f"'l3_interfaces[{interface.name}].bgp.peer_as' needs to be set to enable BGP." - raise AristaAvdInvalidInputsError(msg) - - is_intf_wan = bool(interface.wan_carrier) - - if not interface.bgp.ipv4_prefix_list_in and is_intf_wan: - msg = f"BGP is enabled but 'bgp.ipv4_prefix_list_in' is not configured for l3_interfaces[{interface.name}]" - raise AristaAvdInvalidInputsError(msg) - - description = interface.description - if not description: - description = self.interface_descriptions.underlay_ethernet_interface( - InterfaceDescriptionData( - shared_utils=self, - interface=interface.name, - peer=interface.peer, - peer_interface=interface.peer_interface, - wan_carrier=interface.wan_carrier, - wan_circuit_id=interface.wan_circuit_id, - ), - ) - - neighbor = { - "ip_address": interface.peer_ip, - "remote_as": peer_as, - "description": description, - } - - neighbor["ipv4_prefix_list_in"] = interface.bgp.ipv4_prefix_list_in - neighbor["ipv4_prefix_list_out"] = interface.bgp.ipv4_prefix_list_out - if is_intf_wan: - neighbor["set_no_advertise"] = True - - # The inbound route-map is only used if there is a prefix list or no-advertise - if neighbor["ipv4_prefix_list_in"] or neighbor.get("set_no_advertise") is True: - neighbor["route_map_in"] = f"RM-BGP-{neighbor['ip_address']}-IN" - neighbor["route_map_out"] = f"RM-BGP-{neighbor['ip_address']}-OUT" - - neighbors.append(neighbor) - - return neighbors + return self.get_l3_generic_interface_bgp_neighbors(self.l3_interfaces) diff --git a/python-avd/pyavd/_eos_designs/shared_utils/misc.py b/python-avd/pyavd/_eos_designs/shared_utils/misc.py index bf7a7b88ac7..abd2611956a 100644 --- a/python-avd/pyavd/_eos_designs/shared_utils/misc.py +++ b/python-avd/pyavd/_eos_designs/shared_utils/misc.py @@ -6,13 +6,14 @@ from functools import cached_property from typing import TYPE_CHECKING, Any +from pyavd._eos_designs.schema import EosDesigns from pyavd._errors import AristaAvdError, AristaAvdInvalidInputsError, AristaAvdMissingVariableError from pyavd._utils import default, get +from pyavd.api.interface_descriptions import InterfaceDescriptionData from pyavd.j2filters import range_expand if TYPE_CHECKING: from pyavd._eos_designs.eos_designs_facts import EosDesignsFacts - from pyavd._eos_designs.schema import EosDesigns from . import SharedUtils @@ -233,3 +234,93 @@ def _get_ipv4_acl_field_with_substitution(field_value: str, replacements: dict[s return value return field_value + + def get_l3_generic_interface_bgp_neighbors( + self: SharedUtils, + l3_generic_interfaces: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels + ), + ) -> list: + """ + Fetches bgp neighbors for given L3 interface placeholder. + + Fetches bgp neighbors (list of dict) for all interfaces under given interface type. + 'l3_generic_interfaces' is expected to be set to either property - self.l3_interfaces or self.l3_port_channels. + """ + neighbors = [] + is_l3_interface = False + if isinstance(l3_generic_interfaces, EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces): + is_l3_interface = True + schema_key = "l3_interfaces" + else: + # implies we intend to query all L3 Port-Channels + schema_key = "l3_port_channels" + + for interface in l3_generic_interfaces: + if not (interface.peer_ip and interface.bgp): + continue + + peer_as = interface.bgp.peer_as + if peer_as is None: + msg = f"'{schema_key}[{interface.name}].bgp.peer_as' needs to be set to enable BGP." + raise AristaAvdInvalidInputsError(msg) + + is_intf_wan = bool(interface.wan_carrier) + + if not interface.bgp.ipv4_prefix_list_in and is_intf_wan: + msg = f"BGP is enabled but 'bgp.ipv4_prefix_list_in' is not configured for {schema_key}[{interface.name}]" + raise AristaAvdInvalidInputsError(msg) + + description = interface.description + if not description: + if is_l3_interface: + description = self.interface_descriptions.underlay_ethernet_interface( + InterfaceDescriptionData( + shared_utils=self, + interface=interface.name, + peer=interface.peer, + peer_interface=interface.peer_interface, + wan_carrier=interface.wan_carrier, + wan_circuit_id=interface.wan_circuit_id, + ), + ) + else: + # build description for L3 Port-Channel interface + description = self.interface_descriptions.underlay_port_channel_interface( + InterfaceDescriptionData( + shared_utils=self, + interface=interface.name, + peer=interface.peer, + peer_interface=interface.peer_port_channel, + wan_carrier=interface.wan_carrier, + wan_circuit_id=interface.wan_circuit_id, + ), + ) + + neighbor = { + "ip_address": interface.peer_ip, + "remote_as": peer_as, + "description": description, + } + + neighbor["ipv4_prefix_list_in"] = interface.bgp.ipv4_prefix_list_in + neighbor["ipv4_prefix_list_out"] = interface.bgp.ipv4_prefix_list_out + if is_intf_wan: + neighbor["set_no_advertise"] = True + + # The inbound route-map is only used if there is a prefix list or no-advertise + if neighbor["ipv4_prefix_list_in"] or neighbor.get("set_no_advertise") is True: + neighbor["route_map_in"] = f"RM-BGP-{neighbor['ip_address']}-IN" + neighbor["route_map_out"] = f"RM-BGP-{neighbor['ip_address']}-OUT" + + neighbors.append(neighbor) + + return neighbors + + @cached_property + def l3_bgp_neighbors(self: SharedUtils) -> list: + """Returns the consolidated list of L3 bgp neighbors referenced by L3 Interfaces and L3 Port-Channels.""" + l3_bgp_neighbors = self.get_l3_generic_interface_bgp_neighbors(self.l3_interfaces) + l3_bgp_neighbors.extend(self.get_l3_generic_interface_bgp_neighbors(self.node_config.l3_port_channels)) + return l3_bgp_neighbors diff --git a/python-avd/pyavd/_eos_designs/shared_utils/routing.py b/python-avd/pyavd/_eos_designs/shared_utils/routing.py index 8fb3d9f523a..01f68bb0c92 100644 --- a/python-avd/pyavd/_eos_designs/shared_utils/routing.py +++ b/python-avd/pyavd/_eos_designs/shared_utils/routing.py @@ -54,7 +54,7 @@ def bgp(self: SharedUtils) -> bool: ) or self.bgp_in_network_services ) - ) or bool(self.l3_interfaces_bgp_neighbors) + ) or bool(self.l3_bgp_neighbors) @cached_property def router_id(self: SharedUtils) -> str | None: diff --git a/python-avd/pyavd/_eos_designs/shared_utils/wan.py b/python-avd/pyavd/_eos_designs/shared_utils/wan.py index 578cea015f5..6ad1175cb3b 100644 --- a/python-avd/pyavd/_eos_designs/shared_utils/wan.py +++ b/python-avd/pyavd/_eos_designs/shared_utils/wan.py @@ -80,18 +80,24 @@ def wan_interfaces(self: SharedUtils) -> EosDesigns._DynamicKeys.DynamicNodeType if not self.is_wan_router: return EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces() - wan_interfaces = EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces( + return EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces( [interface for interface in self.l3_interfaces if interface.wan_carrier] ) - if not wan_interfaces: - msg = "At least one WAN interface must be configured on a WAN router. Add WAN interfaces under `l3_interfaces` node setting with `wan_carrier` set." - raise AristaAvdError(msg) - return wan_interfaces + + @cached_property + def wan_port_channels(self: SharedUtils) -> EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels: + """Interfaces under node config l3_port_channels can be considered as WAN-facing port-channel interfaces.""" + if not self.is_wan_router: + return EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels() + + return EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels( + [port_channel for port_channel in self.node_config.l3_port_channels if port_channel.wan_carrier] + ) @cached_property def wan_local_carriers(self: SharedUtils) -> list: """ - List of carriers present on this router based on the wan_interfaces with the associated WAN interfaces. + List of carriers present on this router based on the wan_interfaces and wan_port_channels with the associated WAN interfaces. interfaces: - name: ... @@ -99,9 +105,37 @@ def wan_local_carriers(self: SharedUtils) -> list: """ if not self.is_wan_router: return [] - - local_carriers_dict = {} - for interface in self.wan_interfaces: + # We would like to combine carrier info from both L3 Interfaces and L3 Port-Channels configured as wan interfaces + if not self.wan_interfaces and (not self.wan_port_channels): + msg = ( + "At least one WAN interface must be configured on a WAN router." + " Add WAN interfaces under `l3_interfaces` or `l3_port_channels` node setting with `wan_carrier` set." + ) + raise AristaAvdError(msg) + carriers_dict = {} + self.get_wan_local_carriers(carriers_dict, self.wan_interfaces) + # modify carriers dictionary from above step with carrier info for L3 port-channel based wan interfaces + self.get_wan_local_carriers(carriers_dict, self.wan_port_channels) + return list(carriers_dict.values()) + + def get_wan_local_carriers( + self: SharedUtils, + local_carriers_dict: dict, + l3_generic_interfaces: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels + ), + ) -> None: + """ + In-place update the dictionary of carriers relevant to this router. + + Such update is done for either `wan_interfaces` or `wan_port_channels` representing WAN interfaces. + carrier: + interfaces: + - name: ... + public_ip: ... (for route-servers the IP may come from wan_route_servers) and so on. + """ + for interface in l3_generic_interfaces: interface_carrier: str = interface.wan_carrier if interface_carrier not in local_carriers_dict: if interface_carrier not in self.inputs.wan_carriers: @@ -120,8 +154,7 @@ def wan_local_carriers(self: SharedUtils) -> list: }, ), ) - - return list(local_carriers_dict.values()) + return local_carriers_dict @cached_property def wan_local_path_groups(self: SharedUtils) -> EosDesigns.WanPathGroups: @@ -170,10 +203,14 @@ def wan_ha_peer_path_group_names(self: SharedUtils) -> list: """Return a list of wan_ha_peer_path_group names.""" return [path_group["name"] for path_group in self.wan_ha_peer_path_groups] - def get_public_ip_for_wan_interface(self: SharedUtils, interface: EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3InterfacesItem) -> str: + def get_public_ip_for_wan_interface( + self: SharedUtils, + interface: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3InterfacesItem + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannelsItem + ), + ) -> str: """ - Takes a dict which looks like `l3_interface` from node config. - If not a WAN route-server this returns public IP and if not found then the interface IP without a mask. For WAN route-servers we try to find the IP under wan_route_servers.path_groups.interfaces. diff --git a/python-avd/pyavd/_eos_designs/structured_config/base/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/base/__init__.py index 315abd2340d..d67d754d61c 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/base/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/base/__init__.py @@ -101,7 +101,7 @@ def router_bgp(self) -> dict | None: ) l3_interfaces_neighbors = [] - for neighbor_info in self.shared_utils.l3_interfaces_bgp_neighbors: + for neighbor_info in self.shared_utils.l3_bgp_neighbors: neighbor = { "ip_address": neighbor_info["ip_address"], "remote_as": neighbor_info["remote_as"], @@ -712,7 +712,7 @@ def ip_http_client_source_interfaces(self) -> list | None: def prefix_lists(self) -> list | None: prefix_lists = [] prefix_lists_in_use = set() - for neighbor in self.shared_utils.l3_interfaces_bgp_neighbors: + for neighbor in self.shared_utils.l3_bgp_neighbors: if (prefix_list_in := get(neighbor, "ipv4_prefix_list_in")) and prefix_list_in not in prefix_lists_in_use: pfx_list = self._get_prefix_list(prefix_list_in)._as_dict() prefix_lists.append(pfx_list) @@ -734,7 +734,7 @@ def _get_prefix_list(self, name: str) -> EosDesigns.Ipv4PrefixListCatalogItem: @cached_property def route_maps(self) -> list | None: route_maps = [] - for neighbor in self.shared_utils.l3_interfaces_bgp_neighbors: + for neighbor in self.shared_utils.l3_bgp_neighbors: # RM-BGP--IN if prefix_list_in := get(neighbor, "ipv4_prefix_list_in"): sequence_numbers = [ diff --git a/python-avd/pyavd/_eos_designs/structured_config/base/utils.py b/python-avd/pyavd/_eos_designs/structured_config/base/utils.py index 6117ce47511..a00a9b8a47e 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/base/utils.py +++ b/python-avd/pyavd/_eos_designs/structured_config/base/utils.py @@ -63,7 +63,7 @@ def _build_source_interfaces(self: AvdStructuredConfigBase, include_mgmt_interfa @cached_property def _router_bgp_redistribute_routes(self: AvdStructuredConfigBase) -> dict | None: """Return structured config for router_bgp.redistribute.""" - if not (self.shared_utils.underlay_bgp or self.shared_utils.is_wan_router or self.shared_utils.l3_interfaces_bgp_neighbors): + if not (self.shared_utils.underlay_bgp or self.shared_utils.is_wan_router or self.shared_utils.l3_bgp_neighbors): return None if self.shared_utils.overlay_routing_protocol != "none" and self.inputs.underlay_filter_redistribute_connected: diff --git a/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_tags.py b/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_tags.py index 14c2e9741a3..449bfbe5412 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_tags.py +++ b/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_tags.py @@ -9,6 +9,8 @@ from pyavd._utils import default, get, strip_empties_from_dict, strip_empties_from_list if TYPE_CHECKING: + from pyavd._eos_designs.schema import EosDesigns + from . import AvdStructuredConfigMetadata INVALID_CUSTOM_DEVICE_TAGS = [ @@ -182,11 +184,21 @@ def _get_interface_tags(self: AvdStructuredConfigMetadata) -> list: if tags: interface_tags.append({"interface": ethernet_interface["name"], "tags": tags}) + # handle tags for port-channel interfaces + for port_channel_intf in get(self._hostvars, "port_channel_interfaces", default=[]): + tags = [] + if self.shared_utils.is_cv_pathfinder_router: + tags.extend(self._get_cv_pathfinder_interface_tags(port_channel_intf)) + if tags: + interface_tags.append({"interface": port_channel_intf["name"], "tags": tags}) + return interface_tags - def _get_cv_pathfinder_interface_tags(self: AvdStructuredConfigMetadata, ethernet_interface: dict) -> list: + def _get_cv_pathfinder_interface_tags(self: AvdStructuredConfigMetadata, generic_interface: dict) -> list: """ - Return list of device_tags for cv_pathfinder solution. + Return list of interface tags for cv_pathfinder solution. + + generic_interface could be either ethernet or port-channel interface. Example: [ {"name": "Type", <"lan" or "wan">}, @@ -194,14 +206,34 @@ def _get_cv_pathfinder_interface_tags(self: AvdStructuredConfigMetadata, etherne {"name": "Circuit", } ]. """ - if ethernet_interface["name"] in self.shared_utils.wan_interfaces: - wan_interface = self.shared_utils.wan_interfaces[ethernet_interface["name"]] - return strip_empties_from_list( - [ - self._tag_dict("Type", "wan"), - self._tag_dict("Carrier", wan_interface.wan_carrier), - self._tag_dict("Circuit", wan_interface.wan_circuit_id), - ], - ) + if generic_interface["name"] in self.shared_utils.wan_interfaces: + wan_interface = self.shared_utils.wan_interfaces[generic_interface["name"]] + return self._get_cv_pathfinder_wan_interface_tags(wan_interface) + if generic_interface["name"] in self.shared_utils.wan_port_channels: + wan_port_channel_intf = self.shared_utils.wan_port_channels[generic_interface["name"]] + return self._get_cv_pathfinder_wan_interface_tags(wan_port_channel_intf) + # Check if input eth interface is a member of L3 Port-Channel wan interface + # If so, treat member interface same as wan interface + # For now, let interface tags inherit values from their parent L3 Port-Channel interface. + for port_channel_intf in self.shared_utils.wan_port_channels: + for member_eth_intf in port_channel_intf.member_interfaces: + if generic_interface["name"] == member_eth_intf.name: + return self._get_cv_pathfinder_wan_interface_tags(port_channel_intf) return [self._tag_dict("Type", "lan")] + + def _get_cv_pathfinder_wan_interface_tags( + self: AvdStructuredConfigMetadata, + wan_interface: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3InterfacesItem + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannelsItem + ), + ) -> list: + """Return list of wan interface tags for cv_pathfinder solution for a given wan interface.""" + return strip_empties_from_list( + [ + self._tag_dict("Type", "wan"), + self._tag_dict("Carrier", wan_interface.wan_carrier), + self._tag_dict("Circuit", wan_interface.wan_circuit_id), + ], + ) diff --git a/python-avd/pyavd/_eos_designs/structured_config/network_services/utils_wan.py b/python-avd/pyavd/_eos_designs/structured_config/network_services/utils_wan.py index daeca8ddd79..88005d0af1f 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/network_services/utils_wan.py +++ b/python-avd/pyavd/_eos_designs/structured_config/network_services/utils_wan.py @@ -631,11 +631,21 @@ def _filtered_internet_exit_policies_and_connections( if internet_exit_policy.name in wan_interface.cv_pathfinder_internet_exit.policies ] ) + local_interfaces.extend( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels( + [ + wan_port_channel + for wan_port_channel in self.shared_utils.wan_port_channels + if internet_exit_policy.name in wan_port_channel.cv_pathfinder_internet_exit.policies + ] + ) + ) if not local_interfaces: # No local interface for this policy # TODO: Decide if we should raise here instead continue - + # fetch connections associated with given internet exit policy that + # applies to one or more wan interfaces (L3 interfaces, L3 Port-Channels type) connections = self.get_internet_exit_connections(internet_exit_policy, local_interfaces) internet_exit_policies.append((internet_exit_policy, connections)) @@ -644,7 +654,10 @@ def _filtered_internet_exit_policies_and_connections( def get_internet_exit_connections( self: AvdStructuredConfigNetworkServices, internet_exit_policy: EosDesigns.CvPathfinderInternetExitPoliciesItem, - local_interfaces: EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces, + local_interfaces: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels + ), ) -> list: """ Return a list of connections (dicts) for the given internet_exit_policy. @@ -663,12 +676,20 @@ def get_internet_exit_connections( def get_direct_internet_exit_connections( self: AvdStructuredConfigNetworkServices, internet_exit_policy: EosDesigns.CvPathfinderInternetExitPoliciesItem, - local_interfaces: EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces, + local_interfaces: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels + ), ) -> list[dict]: """Return a list of connections (dicts) for the given internet_exit_policy of type direct.""" if internet_exit_policy.type != "direct": return [] + # bool to check if the input `local_interafces` is of type L3 Port-Channels v/s L3 Interfaces + is_port_channel = False + if isinstance(local_interfaces, EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels): + is_port_channel = True + connections = [] # Build internet exit connection for each local interface (wan_interface) @@ -694,7 +715,7 @@ def get_direct_internet_exit_connections( sanitized_interface_name = self.shared_utils.sanitize_interface_name(wan_interface.name) connections.append( { - "type": "ethernet", + "type": "port_channel" if is_port_channel else "ethernet", "name": f"IE-{sanitized_interface_name}", "source_interface_ip_address": ip_address, "monitor_name": f"IE-{sanitized_interface_name}", @@ -710,7 +731,10 @@ def get_direct_internet_exit_connections( def get_zscaler_internet_exit_connections( self: AvdStructuredConfigNetworkServices, internet_exit_policy: EosDesigns.CvPathfinderInternetExitPoliciesItem, - local_interfaces: EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces, + local_interfaces: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels + ), ) -> list: """Return a list of connections (dicts) for the given internet_exit_policy of type zscaler.""" if internet_exit_policy.type != "zscaler": diff --git a/python-avd/pyavd/_eos_designs/structured_config/overlay/stun.py b/python-avd/pyavd/_eos_designs/structured_config/overlay/stun.py index c393563ba2f..3178034f82f 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/overlay/stun.py +++ b/python-avd/pyavd/_eos_designs/structured_config/overlay/stun.py @@ -31,6 +31,8 @@ def stun(self: AvdStructuredConfigOverlay) -> dict | None: stun = {} if self.shared_utils.is_wan_server: local_interfaces = [wan_interface.name for wan_interface in self.shared_utils.wan_interfaces] + local_wan_port_channels = [wan_port_channel.name for wan_port_channel in self.shared_utils.wan_port_channels] + local_interfaces.extend(local_wan_port_channels) stun["server"] = { "local_interfaces": local_interfaces, "ssl_profile": self.shared_utils.wan_stun_dtls_profile_name, diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py index b082ff69790..a19ff776f62 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py @@ -303,6 +303,18 @@ def ethernet_interfaces(self: AvdStructuredConfigUnderlay) -> list | None: context_keys=["name", "peer", "peer_interface"], ) + # Member ethernet ports for Port-Channel interface + for l3_port_channel in self.shared_utils.node_config.l3_port_channels: + member_eth_intfs = self._get_l3_port_channel_member_ports_cfg(l3_port_channel) + for member_eth_intf in member_eth_intfs: + append_if_not_duplicate( + list_of_dicts=ethernet_interfaces, + primary_key="name", + new_dict=member_eth_intf, + context=f"Ethernet interface defined under 'member_interfaces' for {self.shared_utils.node_type_key_data.key} l3_port_channels", + context_keys=["name", "peer", "peer_interface"], + ) + if ethernet_interfaces: return ethernet_interfaces diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/ip_access_lists.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/ip_access_lists.py index 549b4855b52..20697566aa5 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/ip_access_lists.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/ip_access_lists.py @@ -27,15 +27,16 @@ def ip_access_lists(self: AvdStructuredConfigUnderlay) -> list | None: """ Return structured config for ip_access_lists. - Covers ipv4_acl_in/out defined under node l3_interfaces. + Covers ipv4_acl_in/out defined under node l3_interfaces or l3_port_channels. """ - if not self._l3_interface_acls: + if not self._l3_interface_acls and not self._l3_port_channel_acls: return None ip_access_lists = [] - - for interface_acls in self._l3_interface_acls.values(): + merged_l3_interface_acls = {**self._l3_interface_acls, **self._l3_port_channel_acls} + context_str = "IPv4 Access lists for node l3_interfaces or l3_port_channels" + for interface_acls in merged_l3_interface_acls.values(): for acl in interface_acls.values(): - append_if_not_duplicate(ip_access_lists, "name", acl, context="IPv4 Access lists for node l3_interfaces", context_keys=["name"]) + append_if_not_duplicate(ip_access_lists, "name", acl, context=context_str, context_keys=["name"]) return natural_sort(ip_access_lists, "name") diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py index a9264779d2a..b2c92905c90 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py @@ -6,6 +6,7 @@ from functools import cached_property from typing import TYPE_CHECKING +from pyavd._errors import AristaAvdInvalidInputsError from pyavd._utils import append_if_not_duplicate, get, short_esi_to_route_target, strip_null_from_data from pyavd.api.interface_descriptions import InterfaceDescriptionData @@ -109,6 +110,47 @@ def port_channel_interfaces(self: AvdStructuredConfigUnderlay) -> list | None: port_channel_interfaces.append(port_channel_interface) + # Support l3_port_channels including sub-interfaces + subif_parent_port_channel_names = set() + regular_l3_port_channel_names = set() + for l3_port_channel in self.shared_utils.node_config.l3_port_channels: + interface_name = l3_port_channel.name + if "." in interface_name: + # This is a subinterface for a port-channel interface. + # We need to ensure that parent port-channel interface is also included explicitly + # within list of Port-Channel interfaces. + parent_port_channel_name = interface_name.split(".", maxsplit=1)[0] + subif_parent_port_channel_names.add(parent_port_channel_name) + # TODO: Unable to add validation for 'mode' setting for Port-Channel sub-interface. + # Since we have default value specified in schema for this, + # we end up finding default value even when no explicit value is specified. + if l3_port_channel.member_interfaces: + msg = f"Port-Channel sub-interface '{l3_port_channel}' has 'member_interfaces' set.This is not a valid setting." + raise AristaAvdInvalidInputsError(msg) + else: + # This is a regular Port-Channel (not sub-interface) + regular_l3_port_channel_names.add(interface_name) + + # Sanity check if the parent Port-channel for sub-interface is specified + for parent_port_channel in subif_parent_port_channel_names: + if parent_port_channel not in regular_l3_port_channel_names: + msg = "At least one L3 Port-Channel subinterface does not have parent Port-Channel interface specified." + raise AristaAvdInvalidInputsError(msg) + + # Now that validation is complete, we can make another pass at all l3_port_channels + # (subinterfaces or otherwise) and generate their structured config. + # Note: structured config for individual member ethernet ports of each port-channel + # would be generated by logic within EthernetInterfacesMixin class. + for l3_port_channel in self.shared_utils.node_config.l3_port_channels: + port_channel_interface = self._get_l3_port_channel_cfg(l3_port_channel) + append_if_not_duplicate( + list_of_dicts=port_channel_interfaces, + primary_key="name", + new_dict=port_channel_interface, + context=f"L3 Port-Channel interfaces defined under {self.shared_utils.node_type_key_data.key} l3_port_channels", + context_keys=["name", "peer", "peer_port_channel"], + ) + # WAN HA interface for direct connection if (port_channel_interface := self._get_direct_ha_port_channel_interface()) is not None: append_if_not_duplicate( diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/static_routes.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/static_routes.py index e54f53638de..91e89541b9e 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/static_routes.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/static_routes.py @@ -27,21 +27,21 @@ def static_routes(self: AvdStructuredConfigUnderlay) -> list[dict] | None: Returns structured config for static_routes. Consist of - - static_routes configured under node type l3 interfaces + - static_routes configured under node type l3_interfaces and l3_port_channels """ static_routes = [] - for l3_interface in self.shared_utils.l3_interfaces: - if not l3_interface.static_routes: + for l3_generic_interface in [*self.shared_utils.l3_interfaces, *self.shared_utils.node_config.l3_port_channels]: + if not l3_generic_interface.static_routes: continue - if not l3_interface.peer_ip: - msg = f"Cannot set a static_route route for interface {l3_interface.name} because 'peer_ip' is missing." + if not l3_generic_interface.peer_ip: + msg = f"Cannot set a static_route route for interface {l3_generic_interface.name} because 'peer_ip' is missing." raise AristaAvdInvalidInputsError(msg) static_routes.extend( - {"destination_address_prefix": l3_interface_static_route.prefix, "gateway": l3_interface.peer_ip} - for l3_interface_static_route in l3_interface.static_routes + {"destination_address_prefix": l3_generic_interface_static_route.prefix, "gateway": l3_generic_interface.peer_ip} + for l3_generic_interface_static_route in l3_generic_interface.static_routes ) if static_routes: diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/utils.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/utils.py index 556bc1d8dc9..30d807c10d3 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/utils.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/utils.py @@ -6,14 +6,13 @@ from functools import cached_property from typing import TYPE_CHECKING +from pyavd._eos_designs.schema import EosDesigns from pyavd._errors import AristaAvdError, AristaAvdMissingVariableError from pyavd._utils import default, get, get_ip_from_ip_prefix, get_item, strip_empties_from_dict from pyavd.api.interface_descriptions import InterfaceDescriptionData from pyavd.j2filters import natural_sort, range_expand if TYPE_CHECKING: - from pyavd._eos_designs.schema import EosDesigns - from . import AvdStructuredConfigUnderlay @@ -150,65 +149,157 @@ def _get_l3_interface_cfg( self: AvdStructuredConfigUnderlay, l3_interface: EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3InterfacesItem ) -> dict | None: """Returns structured_configuration for one L3 interface.""" - interface_description = l3_interface.description - if not interface_description: - interface_description = self.shared_utils.interface_descriptions.underlay_ethernet_interface( - InterfaceDescriptionData( - shared_utils=self.shared_utils, - interface=l3_interface.name, - peer=l3_interface.peer, - peer_interface=l3_interface.peer_interface, - wan_carrier=l3_interface.wan_carrier, - wan_circuit_id=l3_interface.wan_circuit_id, - ), - ) + return self._get_l3_generic_interface_cfg(l3_interface) + + def _get_l3_port_channel_cfg( + self: AvdStructuredConfigUnderlay, l3_port_channel: EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannelsItem + ) -> dict | None: + """Returns structured_configuration for one L3 Port-Channel.""" + return self._get_l3_generic_interface_cfg(l3_port_channel) + def _get_l3_generic_interface_cfg( + self: AvdStructuredConfigUnderlay, + l3_generic_interface: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3InterfacesItem + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannelsItem + ), + ) -> dict | None: + """Returns structured_configuration for one L3 interface or L3 Port-Channel.""" + is_l3_interface = False + if isinstance(l3_generic_interface, EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3InterfacesItem): + is_l3_interface = True + node_type_in_schema = "l3_interfaces" + intf_ref_in_msg = "L3 interface" + interface_type = "l3_interface" + else: + # implies interface is "L3 Port-Channel" + node_type_in_schema = "l3_port_channels" + intf_ref_in_msg = "L3 Port-Channel" + interface_type = "l3_port_channel" + + interface_description = l3_generic_interface.description + if not interface_description: + if is_l3_interface: + interface_description = self.shared_utils.interface_descriptions.underlay_ethernet_interface( + InterfaceDescriptionData( + shared_utils=self.shared_utils, + interface=l3_generic_interface.name, + peer=l3_generic_interface.peer, + peer_interface=l3_generic_interface.peer_interface, + wan_carrier=l3_generic_interface.wan_carrier, + wan_circuit_id=l3_generic_interface.wan_circuit_id, + ), + ) + else: + interface_description = self.shared_utils.interface_descriptions.underlay_port_channel_interface( + InterfaceDescriptionData( + shared_utils=self.shared_utils, + interface=l3_generic_interface.name, + peer=l3_generic_interface.peer, + peer_interface=l3_generic_interface.peer_port_channel, + wan_carrier=l3_generic_interface.wan_carrier, + wan_circuit_id=l3_generic_interface.wan_circuit_id, + ), + ) # TODO: catch if ip_address is not valid or not dhcp - if not l3_interface.ip_address: - msg = f"{self.shared_utils.node_type_key_data.key}.nodes[name={self.shared_utils.hostname}].l3_interfaces[name={l3_interface.name}].ip_address" + if not l3_generic_interface.ip_address: + msg = f"{self.shared_utils.node_type_key_data.key}.nodes[name={self.shared_utils.hostname}].{node_type_in_schema}" + msg += f"[name={l3_generic_interface.name}].ip_address" raise AristaAvdMissingVariableError(msg) interface = { - "name": l3_interface.name, - "peer_type": "l3_interface", - "peer": l3_interface.peer, - "peer_interface": l3_interface.peer_interface, - "ip_address": l3_interface.ip_address, - "shutdown": not l3_interface.enabled, - "switchport": {"enabled": False if "." not in l3_interface.name else None}, + "name": l3_generic_interface.name, + "peer_type": interface_type, + "peer": l3_generic_interface.peer, + "peer_interface": l3_generic_interface.peer_interface if is_l3_interface else l3_generic_interface.peer_port_channel, + "ip_address": l3_generic_interface.ip_address, + "shutdown": not l3_generic_interface.enabled, + "switchport": {"enabled": False if "." not in l3_generic_interface.name else None}, "description": interface_description, - "speed": l3_interface.speed, - "service_profile": l3_interface.qos_profile, - "access_group_in": get(self._l3_interface_acls, f"{l3_interface.name}..ipv4_acl_in..name", separator=".."), - "access_group_out": get(self._l3_interface_acls, f"{l3_interface.name}..ipv4_acl_out..name", separator=".."), - "eos_cli": l3_interface.raw_eos_cli, - "struct_cfg": l3_interface.structured_config._as_dict(strip_values=()), - "flow_tracker": self.shared_utils.get_flow_tracker(l3_interface.flow_tracking), + "speed": l3_generic_interface.speed if is_l3_interface else None, + "service_profile": l3_generic_interface.qos_profile, + "eos_cli": l3_generic_interface.raw_eos_cli, + "struct_cfg": l3_generic_interface.structured_config._as_dict(strip_values=()), + "flow_tracker": self.shared_utils.get_flow_tracker(l3_generic_interface.flow_tracking), } - - if self.inputs.fabric_sflow.l3_interfaces is not None: - interface["sflow"] = {"enable": self.inputs.fabric_sflow.l3_interfaces} - - if "." in l3_interface.name: - interface["encapsulation_dot1q"] = {"vlan": default(l3_interface.encapsulation_dot1q_vlan, int(l3_interface.name.split(".", maxsplit=1)[-1]))} - - if l3_interface.ip_address == "dhcp" and l3_interface.dhcp_accept_default_route: + # deal with logic specific to interface type + if is_l3_interface: + if self.inputs.fabric_sflow.l3_interfaces is not None: + interface["sflow"] = {"enable": self.inputs.fabric_sflow.l3_interfaces} + interface["access_group_in"] = get(self._l3_interface_acls, f"{l3_generic_interface.name}..ipv4_acl_in..name", separator="..") + interface["access_group_out"] = get(self._l3_interface_acls, f"{l3_generic_interface.name}..ipv4_acl_out..name", separator="..") + else: + # case when handling L3 Port-Channel + interface["access_group_in"] = get(self._l3_port_channel_acls, f"{l3_generic_interface.name}..ipv4_acl_in..name", separator="..") + interface["access_group_out"] = get(self._l3_port_channel_acls, f"{l3_generic_interface.name}..ipv4_acl_out..name", separator="..") + + # logic common to all interface types being handled + if "." in l3_generic_interface.name: + interface["encapsulation_dot1q"] = { + "vlan": default(l3_generic_interface.encapsulation_dot1q_vlan, int(l3_generic_interface.name.split(".", maxsplit=1)[-1])) + } + if l3_generic_interface.ip_address == "dhcp" and l3_generic_interface.dhcp_accept_default_route: interface["dhcp_client_accept_default_route"] = True if ( self.shared_utils.is_wan_router - and (wan_carrier_name := l3_interface.wan_carrier) is not None + and (wan_carrier_name := l3_generic_interface.wan_carrier) is not None and interface["access_group_in"] is None and (wan_carrier_name not in self.inputs.wan_carriers or not self.inputs.wan_carriers[wan_carrier_name].trusted) ): msg = ( "'ipv4_acl_in' must be set on WAN interfaces where 'wan_carrier' is set, unless the carrier is configured as 'trusted' " - f"under 'wan_carriers'. 'ipv4_acl_in' is missing on interface '{l3_interface.name}'." + f"under 'wan_carriers'. 'ipv4_acl_in' is missing on {intf_ref_in_msg} '{l3_generic_interface.name}'." ) raise AristaAvdError(msg) return strip_empties_from_dict(interface) + def _get_l3_port_channel_member_ports_cfg( + self: AvdStructuredConfigUnderlay, l3_port_channel: EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannelsItem + ) -> list: + """Returns structured_configuration (list of ethernet interfaces) representing member ports for one L3 Port-Channel.""" + ethernet_interfaces = [] + # sub-interface for l3_port_channel cannot have member eth ports. + # skip any logic to generate member port config for such sub-interfaces + if "." in l3_port_channel.name: + return ethernet_interfaces + channel_group_id = l3_port_channel.name.split("Port-Channel")[-1] + for member_intf in l3_port_channel.member_interfaces: + interface_description = member_intf.description + # derive values for peer from parent L3 port-channel + # if not defined explicitly for member interface + peer = member_intf.peer if member_intf.peer else l3_port_channel.peer + if not interface_description: + interface_description = self.shared_utils.interface_descriptions.underlay_ethernet_interface( + InterfaceDescriptionData( + shared_utils=self.shared_utils, + interface=member_intf.name, + peer=peer, + peer_interface=member_intf.peer_interface, + wan_carrier=l3_port_channel.wan_carrier, + wan_circuit_id=l3_port_channel.wan_circuit_id, + ), + ) + ethernet_interface = { + "name": member_intf.name, + "description": interface_description, + # TODO: Do we set `peer_type` as `l3_port_channel` for eth member port + # OR leave this unset? + "peer": peer, + "peer_interface": member_intf.peer_interface, + "shutdown": not l3_port_channel.enabled, + "switchport": {"enabled": False}, + "speed": member_intf.speed if member_intf.speed else None, + "channel_group": { + "id": int(channel_group_id), + "mode": l3_port_channel.mode, + }, + "struct_cfg": member_intf.structured_config._as_dict(strip_values=()), + } + ethernet_interfaces.append(strip_empties_from_dict(ethernet_interface)) + return ethernet_interfaces + def _get_l3_uplink_with_l2_as_subint(self: AvdStructuredConfigUnderlay, link: dict) -> tuple[dict, list[dict]]: """Return a tuple with main uplink interface, list of subinterfaces representing each SVI.""" vlans = [int(vlan) for vlan in range_expand(link["vlans"])] @@ -304,33 +395,67 @@ def _l3_interface_acls(self: AvdStructuredConfigUnderlay) -> dict[str, dict[str, "ipv4_acl_out": , } + Only contains L3 interfaces with ACLs and only the ACLs that are set. + """ + return self._get_l3_generic_interface_acls(self.shared_utils.l3_interfaces) + + @cached_property + def _l3_port_channel_acls(self: AvdStructuredConfigUnderlay) -> dict[str, dict[str, dict]]: + """ + Return dict of l3 Port-Channel ACLs. + + : { + "ipv4_acl_in": , + "ipv4_acl_out": , + } + + Only contains L3 Port-Channel with ACLs and only the ACLs that are set. + """ + return self._get_l3_generic_interface_acls(self.shared_utils.node_config.l3_port_channels) + + def _get_l3_generic_interface_acls( + self: AvdStructuredConfigUnderlay, + l3_generic_interfaces: ( + EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3Interfaces + | EosDesigns._DynamicKeys.DynamicNodeTypesItem.NodeTypes.NodesItem.L3PortChannels + ), + ) -> dict[str, dict[str, dict]]: + """ + Return dict of l3 interface ACLs referenced by either L3 interfaces or L3 Port-Channels. + + : { + "ipv4_acl_in": , + "ipv4_acl_out": , + } + Only contains interfaces with ACLs and only the ACLs that are set, - so use `get(self._l3_interface_acls, f"{interface_name}.ipv4_acl_in")` to get the value. + so use `get(self._get_l3_generic_interface_acls(), f"{interface_name}.ipv4_acl_in")` to get the value. + where ` is either 'self.shared_utils.l3_interfaces' or 'self.shared_utils.l3_port_channels'` """ l3_interface_acls = {} - for l3_interface in self.shared_utils.l3_interfaces: - ipv4_acl_in = l3_interface.ipv4_acl_in - ipv4_acl_out = l3_interface.ipv4_acl_out + for l3_generic_interface in l3_generic_interfaces: + ipv4_acl_in = l3_generic_interface.ipv4_acl_in + ipv4_acl_out = l3_generic_interface.ipv4_acl_out if ipv4_acl_in is None and ipv4_acl_out is None: continue - interface_ip = l3_interface.dhcp_ip if (ip_address := l3_interface.ip_address) == "dhcp" else ip_address + interface_ip = l3_generic_interface.dhcp_ip if (ip_address := l3_generic_interface.ip_address) == "dhcp" else ip_address if interface_ip is not None and "/" in interface_ip: interface_ip = get_ip_from_ip_prefix(interface_ip) if ipv4_acl_in is not None: - l3_interface_acls.setdefault(l3_interface.name, {})["ipv4_acl_in"] = self.shared_utils.get_ipv4_acl( + l3_interface_acls.setdefault(l3_generic_interface.name, {})["ipv4_acl_in"] = self.shared_utils.get_ipv4_acl( name=ipv4_acl_in, - interface_name=l3_interface.name, + interface_name=l3_generic_interface.name, interface_ip=interface_ip, - peer_ip=l3_interface.peer_ip, + peer_ip=l3_generic_interface.peer_ip, )._as_dict() if ipv4_acl_out is not None: - l3_interface_acls.setdefault(l3_interface.name, {})["ipv4_acl_out"] = self.shared_utils.get_ipv4_acl( + l3_interface_acls.setdefault(l3_generic_interface.name, {})["ipv4_acl_out"] = self.shared_utils.get_ipv4_acl( name=ipv4_acl_out, - interface_name=l3_interface.name, + interface_name=l3_generic_interface.name, interface_ip=interface_ip, - peer_ip=l3_interface.peer_ip, + peer_ip=l3_generic_interface.peer_ip, )._as_dict() return l3_interface_acls diff --git a/python-avd/pyavd/api/interface_descriptions/__init__.py b/python-avd/pyavd/api/interface_descriptions/__init__.py index 0b0e082cac0..402d67486d4 100644 --- a/python-avd/pyavd/api/interface_descriptions/__init__.py +++ b/python-avd/pyavd/api/interface_descriptions/__init__.py @@ -105,7 +105,9 @@ def underlay_port_channel_interface(self, data: InterfaceDescriptionData) -> str - mpls_overlay_role - mpls_lsr - overlay_routing_protocol - - type. + - type + - wan_carrier + - wan_circuit_id. """ if template_path := self.shared_utils.node_type_key_data.interface_descriptions.underlay_port_channel_interfaces: return self._template( @@ -123,9 +125,13 @@ def underlay_port_channel_interface(self, data: InterfaceDescriptionData) -> str description = data.port_channel_description elif data.link_type in ("l3_edge", "core_interfaces"): description = self.inputs.default_underlay_p2p_port_channel_description - else: + elif data.link_type == "underlay_l2": # This is for L2 port-channels description = self.inputs.underlay_l2_port_channel_description + else: + # This is for L3 port-channels + elems = [data.wan_carrier, data.wan_circuit_id, data.peer, data.peer_interface] + return "_".join([elem for elem in elems if elem]) return AvdStringFormatter().format( description,