diff --git a/NetAutomationExamples b/NetAutomationExamples new file mode 160000 index 0000000..5677677 --- /dev/null +++ b/NetAutomationExamples @@ -0,0 +1 @@ +Subproject commit 567767727bfc280ffc1c37afcfa36ee4bf0b2989 diff --git a/core-deploy.retry b/core-deploy.retry new file mode 100644 index 0000000..6a0dc6c --- /dev/null +++ b/core-deploy.retry @@ -0,0 +1,4 @@ +ansible-vmx1 +ansible-vmx2 +ansible-vmx3 +ansible-vmx4 diff --git a/core-deploy.yml b/core-deploy.yml new file mode 100644 index 0000000..afd379b --- /dev/null +++ b/core-deploy.yml @@ -0,0 +1,50 @@ +--- +## First Play +- hosts: localhost + name: Create per node data model + gather_facts: no + tags: [ model ] + vars_files: + - "core/{{model|default('core-model.yml')}}" + tasks: + - name: Create per-node data model from fabric data model + template: src=core/core-to-nodes.j2 dest=./nodes.yml + +## Second Play +- name: Generate Configuration for all routers + gather_facts: no + connection: local + hosts: all + tags: [ template ] + tasks: + - include_vars: "./nodes.yml" + - name: create the directory for the configuration + file: path=core_config state=directory + run_once: true + - name: Generate Configuration + template: src={{ansible_network_os}}/core.j2 dest=core_config/{{inventory_hostname}}-config.txt + +## Third Play +# commit variable is used to control the play +# if commit=0 then we will not commit the changes we will only generate diff +# if commit=1 then we will commit the changes and generate diff +- name: push the configuration to the devices + gather_facts: no +# connection: local + hosts: all + tags: [ deploy ] + tasks: + - include_vars: "./nodes.yml" + - file: path=diff state=directory + run_once: true + - name: load the configuration to the devices + napalm_install_config: + hostname: "{{ ansible_host }}" + username: "{{ ansible_user }}" + dev_os: "{{ ansible_network_os }}" + optional_args: + key_file: "{{ ansible_ssh_private_key_file }}" + config_file: core_config/{{inventory_hostname}}-config.txt + commit_changes: "{{commit}}" + diff_file: diff/{{inventory_hostname}}-diff.txt + when: "inventory_hostname in nodes.keys()" diff --git a/core/core-model.yml b/core/core-model.yml new file mode 100644 index 0000000..16de10f --- /dev/null +++ b/core/core-model.yml @@ -0,0 +1,46 @@ +--- + +common: + bgp_asn: 65000 + +nodes: + - name: ansible-vmx1 + mgmt: 10.39.0.41 + rid: 10.39.8.41 + + - name: ansible-vmx2 + mgmt: 10.39.0.42 + rid: 10.39.8.42 + + - name: ansible-vmx3 + mgmt: 10.39.0.43 + rid: 10.39.8.43 + + - name: ansible-vmx4 + mgmt: 10.39.0.44 + rid: 10.39.8.44 + +links: + - {left: ansible-vmx1, left_port: ge-0/0/0, left_ip: 172.10.12.1, + right: ansible-vmx2, right_port: ge-0/0/0, right_ip: 172.10.12.2, cost: 10 } + + - {left: ansible-vmx1, left_port: ge-0/0/1, left_ip: 172.10.13.1, + right: ansible-vmx3, right_port: ge-0/0/0, right_ip: 172.10.13.3, cost: 10 } + + - {left: ansible-vmx2, left_port: ge-0/0/1, left_ip: 172.10.23.2, + right: ansible-vmx3, right_port: ge-0/0/1, right_ip: 172.10.23.3, cost: 10 } + + - {left: ansible-vmx1, left_port: ge-0/0/2, left_ip: 172.10.14.1, vlan: 40, + right: ansible-vmx4, right_port: ge-0/0/0, right_ip: 172.10.14.4, cost: 10 } + +bgp: + rr: [10.39.8.41] + clients: [10.39.8.42, 10.39.8.43, 10.39.8.44] + af: + - inet + - inet-vpn + +ospf: + area: 0 + network: p2p + diff --git a/core/core-to-nodes.j2 b/core/core-to-nodes.j2 new file mode 100644 index 0000000..656d0f6 --- /dev/null +++ b/core/core-to-nodes.j2 @@ -0,0 +1,52 @@ +# +# Nodes in the network +# +{% macro core_link(name,ip,cost,vlan,remote) %} +{{name}}.{{vlan}}: { ip: {{ip}}, remote: {{remote}} {% if cost %}, cost: {{cost}}{% endif %} {% if vlan %}, vlan: {{vlan}}{% endif %}}{% endmacro %} + +--- + +common: + bgp_asn: {{ common.bgp_asn }} + +nodes: +{% for node in nodes %} + + {{ node.name }}: + mgmt: {{ node.mgmt }} + rid: {{ node.rid }} + links: +{% for link in links %} +{% if link.left == node.name %} + {{ core_link(link.left_port,link.left_ip,link.cost|default(''),link.vlan|default('0'),link.right) }} +{% elif link.right == node.name %} + {{ core_link(link.right_port,link.right_ip, link.cost|default(''),link.vlan|default('0'),link.left) }} +{% endif %} +{% endfor %} +{% if bgp is defined %} + bgp: + ibgp: +{% if node.rid in bgp.rr %} + rr: true + peers: +{% for peer in bgp.clients %} + - {{ peer }} +{% endfor %} +{% else %} + peers: +{% for peer in bgp.rr %} + - {{ peer }} +{% endfor %} +{% endif %} + af: +{% for af in bgp.af %} + - {{ af }} +{% endfor %} +{% endif %} +{% if ospf is defined %} + ospf: + area: {{ospf.area}} + network: {{ospf.network}} +{% endif %} +{% endfor %} + diff --git a/core_config/ansible-vmx1-config.txt b/core_config/ansible-vmx1-config.txt new file mode 100644 index 0000000..ace1a00 --- /dev/null +++ b/core_config/ansible-vmx1-config.txt @@ -0,0 +1,158 @@ + +system { + host-name ansible-vmx1; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh; + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag incoming; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} + +interfaces { + ge-0/0/0 { + description "ansible-vmx2" + unit 0 { + family inet { + address 172.10.12.1/24 + } + } + } + + ge-0/0/1 { + description "ansible-vmx3" + unit 0 { + family inet { + address 172.10.13.1/24 + } + } + } + + ge-0/0/2 { + description "ansible-vmx4" + vlan-tagging; + encapsulation flexible-ethernet-services; + unit 40 { + vlan-id 40; + family inet { + address 172.10.14.1/24 + } + family mpls; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.41/24; + } + } + } + lo0 { + unit 0 { + family inet { + address 10.39.8.41/32; + } + } + } +} +routing-options { + router-id 10.39.8.41; + autonomous-system 65000; + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + bgp { + group Core { + type internal; + local-address 10.39.8.41; + cluster 10.39.8.41; + family inet { + unicast; + } + family inet-vpn { + unicast; + } + neighbor 10.39.8.42; + neighbor 10.39.8.43; + neighbor 10.39.8.44; + } + } + ospf { + area 0 { + interface ge-0/0/0.0 { + interface-type p2p; + metric 10; + } + interface ge-0/0/1.0 { + interface-type p2p; + metric 10; + } + interface ge-0/0/2.40 { + interface-type p2p; + metric 10; + } + interface lo0.0 { + passive; + } + } + } + ldp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface ge-0/0/2.40; + interface lo0.0; + } + rsvp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface ge-0/0/2.40; + } + mpls { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface ge-0/0/2.40; + } + lldp { + interface ge-0/0/0; + interface ge-0/0/1; + interface ge-0/0/2; + } +} diff --git a/core_config/ansible-vmx2-config.txt b/core_config/ansible-vmx2-config.txt new file mode 100644 index 0000000..a97bbea --- /dev/null +++ b/core_config/ansible-vmx2-config.txt @@ -0,0 +1,149 @@ + +system { + host-name ansible-vmx2; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh; + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag incoming; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} + +interfaces { + ge-0/0/0 { + description "ansible-vmx1" + unit 0 { + family inet { + address 172.10.12.2/24 + } + } + } + + ge-0/0/1 { + description "ansible-vmx3" + unit 0 { + family inet { + address 172.10.23.2/24 + } + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.42/24; + } + } + } + lo0 { + unit 0 { + family inet { + address 10.39.8.42/32; + } + } + } +} +routing-options { + router-id 10.39.8.42; + autonomous-system 65000; + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + bgp { + group Core { + type internal; + export __Ansible_Core_export; + local-address 10.39.8.42; + family inet { + unicast; + } + family inet-vpn { + unicast; + } + neighbor 10.39.8.41; + } + } + ospf { + area 0 { + interface ge-0/0/0.0 { + interface-type p2p; + metric 10; + } + interface ge-0/0/1.0 { + interface-type p2p; + metric 10; + } + interface lo0.0 { + passive; + } + } + } + ldp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface lo0.0; + } + rsvp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + mpls { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + lldp { + interface ge-0/0/0; + interface ge-0/0/1; + } +} +policy-options { + policy-statement __Ansible_Core_export { + term ebgp { + from { + protocol bgp; + external; + } + then { + next-hop self; + accept; + } + } + } +} diff --git a/core_config/ansible-vmx3-config.txt b/core_config/ansible-vmx3-config.txt new file mode 100644 index 0000000..ab9aab3 --- /dev/null +++ b/core_config/ansible-vmx3-config.txt @@ -0,0 +1,149 @@ + +system { + host-name ansible-vmx3; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh; + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag incoming; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} + +interfaces { + ge-0/0/0 { + description "ansible-vmx1" + unit 0 { + family inet { + address 172.10.13.3/24 + } + } + } + + ge-0/0/1 { + description "ansible-vmx2" + unit 0 { + family inet { + address 172.10.23.3/24 + } + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.43/24; + } + } + } + lo0 { + unit 0 { + family inet { + address 10.39.8.43/32; + } + } + } +} +routing-options { + router-id 10.39.8.43; + autonomous-system 65000; + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + bgp { + group Core { + type internal; + export __Ansible_Core_export; + local-address 10.39.8.43; + family inet { + unicast; + } + family inet-vpn { + unicast; + } + neighbor 10.39.8.41; + } + } + ospf { + area 0 { + interface ge-0/0/0.0 { + interface-type p2p; + metric 10; + } + interface ge-0/0/1.0 { + interface-type p2p; + metric 10; + } + interface lo0.0 { + passive; + } + } + } + ldp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface lo0.0; + } + rsvp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + mpls { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + lldp { + interface ge-0/0/0; + interface ge-0/0/1; + } +} +policy-options { + policy-statement __Ansible_Core_export { + term ebgp { + from { + protocol bgp; + external; + } + then { + next-hop self; + accept; + } + } + } +} diff --git a/core_config/ansible-vmx4-config.txt b/core_config/ansible-vmx4-config.txt new file mode 100644 index 0000000..585c52a --- /dev/null +++ b/core_config/ansible-vmx4-config.txt @@ -0,0 +1,136 @@ + +system { + host-name ansible-vmx4; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh; + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag incoming; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} + +interfaces { + ge-0/0/0 { + description "ansible-vmx1" + vlan-tagging; + encapsulation flexible-ethernet-services; + unit 40 { + vlan-id 40; + family inet { + address 172.10.14.4/24 + } + family mpls; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.44/24; + } + } + } + lo0 { + unit 0 { + family inet { + address 10.39.8.44/32; + } + } + } +} +routing-options { + router-id 10.39.8.44; + autonomous-system 65000; + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + bgp { + group Core { + type internal; + export __Ansible_Core_export; + local-address 10.39.8.44; + family inet { + unicast; + } + family inet-vpn { + unicast; + } + neighbor 10.39.8.41; + } + } + ospf { + area 0 { + interface ge-0/0/0.40 { + interface-type p2p; + metric 10; + } + interface lo0.0 { + passive; + } + } + } + ldp { + interface ge-0/0/0.40; + interface lo0.0; + } + rsvp { + interface ge-0/0/0.40; + } + mpls { + interface ge-0/0/0.40; + } + lldp { + interface ge-0/0/0; + } +} +policy-options { + policy-statement __Ansible_Core_export { + term ebgp { + from { + protocol bgp; + external; + } + then { + next-hop self; + accept; + } + } + } +} diff --git a/facts.retry b/facts.retry new file mode 100644 index 0000000..510628f --- /dev/null +++ b/facts.retry @@ -0,0 +1,3 @@ +ansible-vmx2 +ansible-vmx3 +ansible-vmx4 diff --git a/group_vars/junos b/group_vars/junos index 5d8a140..fc22728 100644 --- a/group_vars/junos +++ b/group_vars/junos @@ -1,5 +1,5 @@ --- -ansible_connection: netconf +ansible_connection: network_cli ansible_network_os: junos ansible_user: salt ansible_ssh_private_key_file: /srv/salt/ssh/id_rsa diff --git a/hosts b/hosts index eba9a4a..11df7e0 100644 --- a/hosts +++ b/hosts @@ -5,37 +5,11 @@ all: children: vmx: hosts: - vmx1: - ansible_host: 10.39.8.10 - vmx2: - ansible_host: 10.39.8.11 - vmx3: - ansible_host: 10.39.8.12 - vmx4: - ansible_host: 10.39.8.13 - vmx5: - ansible_host: 10.39.8.14 - vmx6: - ansible_host: 10.39.8.15 - mx5: - hosts: - mx5-1: - ansible_host: 10.39.8.1 - mx5-2: - ansible_host: 10.39.8.2 - mx5-3: - ansible_host: 10.39.8.3 - mx5-4: - ansible_host: 10.39.8.4 - mx5-5: - ansible_host: 10.39.8.5 - mx5-6: - ansible_host: 10.39.8.6 - mx240: - hosts: - mx240-1: - ansible_host: 10.39.8.7 - mx240-2: - ansible_host: 10.39.8.8 - mx240-3: - ansible_host: 10.39.8.9 + ansible-vmx1: + ansible_host: 10.39.0.41 + ansible-vmx2: + ansible_host: 10.39.0.42 + ansible-vmx3: + ansible_host: 10.39.0.43 + ansible-vmx4: + ansible_host: 10.39.0.44 diff --git a/hosts.vmx b/hosts.vmx new file mode 100644 index 0000000..eba9a4a --- /dev/null +++ b/hosts.vmx @@ -0,0 +1,41 @@ +--- +all: + children: + junos: + children: + vmx: + hosts: + vmx1: + ansible_host: 10.39.8.10 + vmx2: + ansible_host: 10.39.8.11 + vmx3: + ansible_host: 10.39.8.12 + vmx4: + ansible_host: 10.39.8.13 + vmx5: + ansible_host: 10.39.8.14 + vmx6: + ansible_host: 10.39.8.15 + mx5: + hosts: + mx5-1: + ansible_host: 10.39.8.1 + mx5-2: + ansible_host: 10.39.8.2 + mx5-3: + ansible_host: 10.39.8.3 + mx5-4: + ansible_host: 10.39.8.4 + mx5-5: + ansible_host: 10.39.8.5 + mx5-6: + ansible_host: 10.39.8.6 + mx240: + hosts: + mx240-1: + ansible_host: 10.39.8.7 + mx240-2: + ansible_host: 10.39.8.8 + mx240-3: + ansible_host: 10.39.8.9 diff --git a/junos/core.j2 b/junos/core.j2 new file mode 100644 index 0000000..0bdef68 --- /dev/null +++ b/junos/core.j2 @@ -0,0 +1,239 @@ +{% set node = nodes[inventory_hostname] %} + +{# +************************************************** +### System configuration ###### +************************************************** + #} +system { + host-name {{inventory_hostname}}; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh; + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag incoming; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} + +{# +************************************************** +### Interfaces configuration ###### +************************************************** + #} +interfaces { +{% for intf,intf_attr in node.links.items()|sort %} + {{ intf.split('.')[0] }} { + description "{{intf_attr.remote}}" +{% if intf_attr.vlan is defined and intf_attr.vlan != 0 %} + vlan-tagging; + encapsulation flexible-ethernet-services; + unit {{intf_attr.vlan}} { + vlan-id {{intf_attr.vlan}}; + family inet { + address {{intf_attr.ip}}/{{intf_attr.mask|default('24')}} + } +{# if intf_attr.mpls is defined #} + family mpls; +{# endif #} + } + } +{% else %} + unit 0 { + family inet { + address {{intf_attr.ip}}/{{intf_attr.mask|default('24')}} + } +{% if intf_attr.mpls is defined %} + family mpls; +{% endif %} + } + } +{% endif %} +{% endfor %} + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address {{node.mgmt}}/24; + } + } + } + lo0 { + unit 0 { + family inet { + address {{node.rid}}/32; + } + } + } +} +{# +************************************************** +### Global Variables ###### +************************************************** + #} +routing-options { + router-id {{ node.rid }}; + autonomous-system {{ common.bgp_asn }}; + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { +{# +************************************************** +### BGP Variables ###### +************************************************** +#} +{% if node.bgp is defined %} + bgp { +{% if node.bgp.ibgp is defined %} + group Core { + type internal; +{% if node.bgp.ibgp.rr is not defined %} + export __Ansible_Core_export; +{% endif %} + local-address {{ node.rid}}; +{% if node.bgp.ibgp.rr is defined and node.bgp.ibgp.rr == true %} + cluster {{node.rid}}; +{% endif %} +{% for af in node.bgp.ibgp.af %} +{% if af == 'inet' %} + family inet { + unicast; + } +{% endif %} +{% if af == 'inet-vpn' %} + family inet-vpn { + unicast; + } +{% endif %} +{% if af == 'evpn' %} + family evpn { + signaling; + } +{% endif %} +{% endfor %} +{% for peer in node.bgp.ibgp.peers %} + neighbor {{ peer }}; +{% endfor %} + } +{% endif %} + } +{% endif %} +{# +************************************************** +### OSPF Variables ###### +************************************************** +#} +{% if node.ospf is defined %} + ospf { + area 0 { +{% for intf, intf_attr in node.links.items()|sort %} + interface {{ intf }} { + interface-type p2p; +{% if intf_attr.cost is defined %} + metric {{intf_attr.cost }}; +{% endif %} + } +{% endfor %} + interface lo0.0 { + passive; + } + } + } +{% endif %} +{# +************************************************** +### LDP Variables ###### +************************************************** +#} +{% if node.ldp is not defined %} + ldp { +{% for intf, intf_attr in node.links.items()|sort %} + interface {{intf}}; +{% endfor %} + interface lo0.0; + } +{% endif %} +{# +************************************************** +### RSVP Variables ###### +************************************************** + #} +{% if node.rsvp is not defined %} + rsvp { +{% for intf, intf_attr in node.links.items()|sort %} + interface {{intf}}; +{% endfor %} + } +{% endif %} +{# +************************************************** +### MPLS and LLDP Variables ###### +************************************************** +#} + mpls { +{% for intf, intf_attr in node.links.items()|sort %} + interface {{intf}}; +{% endfor %} + } + lldp { +{% for intf, intf_attr in node.links.items()|sort %} + interface {{intf.split('.')[0]}}; +{% endfor %} + } +} +{# +************************************************** +### Default BGP Export policy ##### +************************************************** +#} +{% if node.bgp.ibgp.rr is not defined %} +policy-options { + policy-statement __Ansible_Core_export { + term ebgp { + from { + protocol bgp; + external; + } + then { + next-hop self; + accept; + } + } + } +} +{% endif %} diff --git a/nodes.yml b/nodes.yml new file mode 100644 index 0000000..e3f6947 --- /dev/null +++ b/nodes.yml @@ -0,0 +1,82 @@ +# +# Nodes in the network +# + +--- + +common: + bgp_asn: 65000 + +nodes: + + ansible-vmx1: + mgmt: 10.39.0.41 + rid: 10.39.8.41 + links: + ge-0/0/0.0: { ip: 172.10.12.1, remote: ansible-vmx2 , cost: 10 , vlan: 0} + ge-0/0/1.0: { ip: 172.10.13.1, remote: ansible-vmx3 , cost: 10 , vlan: 0} + ge-0/0/2.40: { ip: 172.10.14.1, remote: ansible-vmx4 , cost: 10 , vlan: 40} + bgp: + ibgp: + rr: true + peers: + - 10.39.8.42 + - 10.39.8.43 + - 10.39.8.44 + af: + - inet + - inet-vpn + ospf: + area: 0 + network: p2p + + ansible-vmx2: + mgmt: 10.39.0.42 + rid: 10.39.8.42 + links: + ge-0/0/0.0: { ip: 172.10.12.2, remote: ansible-vmx1 , cost: 10 , vlan: 0} + ge-0/0/1.0: { ip: 172.10.23.2, remote: ansible-vmx3 , cost: 10 , vlan: 0} + bgp: + ibgp: + peers: + - 10.39.8.41 + af: + - inet + - inet-vpn + ospf: + area: 0 + network: p2p + + ansible-vmx3: + mgmt: 10.39.0.43 + rid: 10.39.8.43 + links: + ge-0/0/0.0: { ip: 172.10.13.3, remote: ansible-vmx1 , cost: 10 , vlan: 0} + ge-0/0/1.0: { ip: 172.10.23.3, remote: ansible-vmx2 , cost: 10 , vlan: 0} + bgp: + ibgp: + peers: + - 10.39.8.41 + af: + - inet + - inet-vpn + ospf: + area: 0 + network: p2p + + ansible-vmx4: + mgmt: 10.39.0.44 + rid: 10.39.8.44 + links: + ge-0/0/0.40: { ip: 172.10.14.4, remote: ansible-vmx1 , cost: 10 , vlan: 40} + bgp: + ibgp: + peers: + - 10.39.8.41 + af: + - inet + - inet-vpn + ospf: + area: 0 + network: p2p +