aristanetworks · gmuloc · Oct 2, 2024 · Oct 3, 2024 · Oct 3, 2024 · Oct 3, 2024
@@ -0,0 +1,193 @@
+!
+no enable password
+no aaa root
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP=1
+!
+flow tracking hardware
+   tracker FLOW-TRACKER
+      record export on inactive timeout 70000
+      record export on interval 300000
+      exporter CV-TELEMETRY
+         collector 127.0.0.1
+         local interface Loopback0
+         template interval 3600000
+   no shutdown
+!
+service routing protocols model multi-agent
+!
+hostname node-type-l3-interfaces-bgp
+!
+router path-selection
+   tcp mss ceiling ipv4 ingress
+   !
+   path-group INTERNET id 42
+      ipsec profile CP-PROFILE
+      !
+      local interface Ethernet43
+      !
+      peer dynamic
+   !
+   load-balance policy LB-DEFAULT-POLICY-CONTROL-PLANE
+      path-group INTERNET
+   !
+   load-balance policy LB-DEFAULT-POLICY-DEFAULT
+      path-group INTERNET
+   !
+   policy DEFAULT-POLICY-WITH-CP
+      default-match
+         load-balance LB-DEFAULT-POLICY-DEFAULT
+      !
+      10 application-profile APP-PROFILE-CONTROL-PLANE
+         load-balance LB-DEFAULT-POLICY-CONTROL-PLANE
+   !
+   vrf default
+      path-selection-policy DEFAULT-POLICY-WITH-CP
+!
+spanning-tree mode none
+!
+vrf instance MGMT
+!
+management api http-commands
+   protocol https
+   no shutdown
+   !
+   vrf MGMT
+      no shutdown
+!
+management security
+   !
+   ssl profile STUN-DTLS
+      tls versions 1.2
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate STUN-DTLS.crt key STUN-DTLS.key
+!
+ip security
+   ike policy CP-IKE-POLICY
+      local-id 192.168.254.1
+   !
+   sa policy CP-SA-POLICY
+   !
+   profile CP-PROFILE
+      ike-policy CP-IKE-POLICY
+      sa-policy CP-SA-POLICY
+      connection start
+      shared-key 7 ABCDEF1234567890
+      dpd 10 50 clear
+      mode transport
+   !
+   key controller
+      profile CP-PROFILE
+!
+interface Dps1
+   description DPS Interface
+   mtu 9194
+   flow tracker hardware FLOW-TRACKER
+   ip address 192.168.254.1/32
+!
+interface Ethernet43
+   description INTERNET
+   shutdown
+   no switchport
+   ip address 192.168.42.42/24
+!
+interface Loopback0
+   description ROUTER_ID
+   no shutdown
+   ip address 192.168.255.1/32
+!
+interface Vxlan1
+   description node-type-l3-interfaces-bgp_VTEP
+   vxlan source-interface Dps1
+   vxlan udp-port 4789
+   vxlan vrf default vni 1
+!
+application traffic recognition
+   !
+   application ipv4 APP-CONTROL-PLANE
+      destination prefix field-set PFX-PATHFINDERS
+   !
+   application-profile APP-PROFILE-CONTROL-PLANE
+      application APP-CONTROL-PLANE
+   !
+   field-set ipv4 prefix PFX-PATHFINDERS
+!
+ip routing
+no ip routing vrf MGMT
+!
+ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.255.1:0
+!
+ip prefix-list ALLOW-DEFAULT
+   seq 10 permit 0.0.0.0/0
+!
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+   seq 10 permit 192.168.255.0/24 eq 32
+!
+route-map RM-BGP-192.168.42.1-IN permit 10
+   match ip address prefix-list ALLOW-DEFAULT
+   set community no-advertise additive
+!
+route-map RM-BGP-192.168.42.1-OUT deny 10
+!
+route-map RM-BGP-UNDERLAY-PEERS-IN permit 40
+   description Mark prefixes originated from the LAN
+   set extcommunity soo 192.168.255.1:0 additive
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+   set extcommunity soo 192.168.255.1:0 additive
+!
+route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10
+   match extcommunity ECL-EVPN-SOO
+!
+route-map RM-EVPN-SOO-IN deny 10
+   match extcommunity ECL-EVPN-SOO
+!
+route-map RM-EVPN-SOO-IN permit 20
+!
+route-map RM-EVPN-SOO-OUT permit 10
+   set extcommunity soo 192.168.255.1:0 additive
+!
+router bfd
+   multihop interval 300 min-rx 300 multiplier 3
+!
+router bgp 65000
+   router-id 192.168.255.1
+   maximum-paths 16
+   update wait-install
+   no bgp default ipv4-unicast
+   neighbor WAN-OVERLAY-PEERS peer group
+   neighbor WAN-OVERLAY-PEERS remote-as 65000
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
+   neighbor WAN-OVERLAY-PEERS bfd
+   neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10
+   neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1
+   neighbor WAN-OVERLAY-PEERS send-community
+   neighbor WAN-OVERLAY-PEERS maximum-routes 0
+   neighbor 192.168.42.1 remote-as 65042
+   neighbor 192.168.42.1 description INTERNET
+   neighbor 192.168.42.1 route-map RM-BGP-192.168.42.1-IN in
+   neighbor 192.168.42.1 route-map RM-BGP-192.168.42.1-OUT out
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   address-family evpn
+      neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in
+      neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out
+      neighbor WAN-OVERLAY-PEERS activate
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+   !
+   address-family ipv4
+      no neighbor WAN-OVERLAY-PEERS activate
+   !
+   address-family path-selection
+      bgp additional-paths receive
+      bgp additional-paths send any
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf default
+      rd 192.168.255.1:1
+      route-target import evpn 1:1
+      route-target export evpn 1:1
+      route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
+!
+end
diff --git a/...it_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-1.yml b/...it_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-1.yml
@@ -10,6 +10,9 @@ router_bgp:
     paths: 16
   updates:
     wait_install: true
+  redistribute_routes:
+  - source_protocol: connected
+    route_map: RM-CONN-2-BGP
   peer_groups:
   - name: IPv4-UNDERLAY-PEERS
     type: ipv4
@@ -35,9 +38,6 @@ router_bgp:
       activate: true
     - name: WAN-OVERLAY-PEERS
       activate: false
-  redistribute_routes:
-  - source_protocol: connected
-    route_map: RM-CONN-2-BGP
   address_family_evpn:
     peer_groups:
     - name: WAN-OVERLAY-PEERS

diff --git a/...it_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-2.yml b/...it_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-2.yml
@@ -10,6 +10,9 @@ router_bgp:
     paths: 16
   updates:
     wait_install: true
+  redistribute_routes:
+  - source_protocol: connected
+    route_map: RM-CONN-2-BGP
   peer_groups:
   - name: IPv4-UNDERLAY-PEERS
     type: ipv4
@@ -35,9 +38,6 @@ router_bgp:
       activate: true
     - name: WAN-OVERLAY-PEERS
       activate: false
-  redistribute_routes:
-  - source_protocol: connected
-    route_map: RM-CONN-2-BGP
   address_family_evpn:
     peer_groups:
     - name: WAN-OVERLAY-PEERS

diff --git a/...it_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-3.yml b/...it_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-3.yml
@@ -10,6 +10,9 @@ router_bgp:
     paths: 16
   updates:
     wait_install: true
+  redistribute_routes:
+  - source_protocol: connected
+    route_map: RM-CONN-2-BGP
   peer_groups:
   - name: IPv4-UNDERLAY-PEERS
     type: ipv4
@@ -35,9 +38,6 @@ router_bgp:
       activate: true
     - name: WAN-OVERLAY-PEERS
       activate: false
-  redistribute_routes:
-  - source_protocol: connected
-    route_map: RM-CONN-2-BGP
   address_family_evpn:
     peer_groups:
     - name: WAN-OVERLAY-PEERS

diff --git a/...ts/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml b/...ts/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml
@@ -10,6 +10,9 @@ router_bgp:
     paths: 16
   updates:
     wait_install: true
+  redistribute_routes:
+  - source_protocol: connected
+    route_map: RM-CONN-2-BGP
   peer_groups:
   - name: IPv4-UNDERLAY-PEERS
     type: ipv4
@@ -51,9 +54,6 @@ router_bgp:
       activate: false
     - name: WAN-RR-OVERLAY-PEERS
       activate: false
-  redistribute_routes:
-  - source_protocol: connected
-    route_map: RM-CONN-2-BGP
   bgp_cluster_id: 192.168.44.1
   listen_ranges:
   - prefix: 192.168.142.0/24

@@ -10,6 +10,31 @@ router_bgp:
     paths: 16
   updates:
     wait_install: true
+  neighbors:
+  - ip_address: 172.16.9.4
+    remote_as: '64520'
+    description: ATT_666_peer3_Ethernet42
+    route_map_in: RM-BGP-172.16.9.4-IN
+    route_map_out: RM-BGP-172.16.9.4-OUT
+  - ip_address: 172.16.5.4
+    remote_as: '64520'
+    description: Colt_10555
+    route_map_in: RM-BGP-172.16.5.4-IN
+    route_map_out: RM-BGP-172.16.5.4-OUT
+  - ip_address: 172.17.0.0
+    peer_group: IPv4-UNDERLAY-PEERS
+    remote_as: '65199'
+    peer: site-ha-disabled-leaf
+    description: site-ha-disabled-leaf_Ethernet1
+  - ip_address: 192.168.144.1
+    peer_group: WAN-OVERLAY-PEERS
+    peer: cv-pathfinder-pathfinder
+    description: cv-pathfinder-pathfinder_Dps1
+  redistribute_routes:
+  - source_protocol: connected
+    route_map: RM-CONN-2-BGP
+  - source_protocol: static
+    route_map: RM-STATIC-2-BGP
   peer_groups:
   - name: IPv4-UNDERLAY-PEERS
     type: ipv4
@@ -36,31 +61,6 @@ router_bgp:
       activate: true
     - name: WAN-OVERLAY-PEERS
       activate: false
-  redistribute_routes:
-  - source_protocol: connected
-    route_map: RM-CONN-2-BGP
-  - source_protocol: static
-    route_map: RM-STATIC-2-BGP
-  neighbors:
-  - ip_address: 172.17.0.0
-    peer_group: IPv4-UNDERLAY-PEERS
-    remote_as: '65199'
-    peer: site-ha-disabled-leaf
-    description: site-ha-disabled-leaf_Ethernet1
-  - ip_address: 172.16.9.4
-    remote_as: '64520'
-    description: ATT_666_peer3_Ethernet42
-    route_map_in: RM-BGP-172.16.9.4-IN
-    route_map_out: RM-BGP-172.16.9.4-OUT
-  - ip_address: 172.16.5.4
-    remote_as: '64520'
-    description: Colt_10555
-    route_map_in: RM-BGP-172.16.5.4-IN
-    route_map_out: RM-BGP-172.16.5.4-OUT
-  - ip_address: 192.168.144.1
-    peer_group: WAN-OVERLAY-PEERS
-    peer: cv-pathfinder-pathfinder
-    description: cv-pathfinder-pathfinder_Dps1
   vrfs:
   - name: IT
     router_id: 192.168.42.1

@@ -10,6 +10,30 @@ router_bgp:
     paths: 16
   updates:
     wait_install: true
+  neighbors:
+  - ip_address: 172.29.0.13
+    remote_as: '64520'
+    route_map_in: RM-BGP-172.29.0.13-IN
+    route_map_out: RM-BGP-172.29.0.13-OUT
+  - ip_address: 172.28.0.14
+    remote_as: '64520'
+    route_map_out: RM-BGP-172.28.0.14-OUT
+  - ip_address: 172.17.0.2
+    peer_group: IPv4-UNDERLAY-PEERS
+    remote_as: '65199'
+    peer: site-ha-disabled-leaf
+    description: site-ha-disabled-leaf_Ethernet2
+  - ip_address: 192.168.144.2
+    peer_group: WAN-OVERLAY-PEERS
+    peer: cv-pathfinder-pathfinder1
+    description: cv-pathfinder-pathfinder1_Dps1
+  - ip_address: 192.168.144.3
+    peer_group: WAN-OVERLAY-PEERS
+    peer: cv-pathfinder-pathfinder2
+    description: cv-pathfinder-pathfinder2_Dps1
+  redistribute_routes:
+  - source_protocol: connected
+    route_map: RM-CONN-2-BGP
   peer_groups:
   - name: IPv4-UNDERLAY-PEERS
     type: ipv4
@@ -35,30 +59,6 @@ router_bgp:
       activate: true
     - name: WAN-OVERLAY-PEERS
       activate: false
-  redistribute_routes:
-  - source_protocol: connected
-    route_map: RM-CONN-2-BGP
-  neighbors:
-  - ip_address: 172.17.0.2
-    peer_group: IPv4-UNDERLAY-PEERS
-    remote_as: '65199'
-    peer: site-ha-disabled-leaf
-    description: site-ha-disabled-leaf_Ethernet2
-  - ip_address: 172.29.0.13
-    remote_as: '64520'
-    route_map_in: RM-BGP-172.29.0.13-IN
-    route_map_out: RM-BGP-172.29.0.13-OUT
-  - ip_address: 172.28.0.14
-    remote_as: '64520'
-    route_map_out: RM-BGP-172.28.0.14-OUT
-  - ip_address: 192.168.144.2
-    peer_group: WAN-OVERLAY-PEERS
-    peer: cv-pathfinder-pathfinder1
-    description: cv-pathfinder-pathfinder1_Dps1
-  - ip_address: 192.168.144.3
-    peer_group: WAN-OVERLAY-PEERS
-    peer: cv-pathfinder-pathfinder2
-    description: cv-pathfinder-pathfinder2_Dps1
   vrfs:
   - name: IT
     router_id: 192.168.42.2