aristanetworks / avd Goto Github PK
View Code? Open in Web Editor NEWArista Validated Designs
Home Page: https://avd.arista.com
License: Apache License 2.0
Arista Validated Designs
Home Page: https://avd.arista.com
License: Apache License 2.0
support for interface breakout:
Refactor to split out sub-section in BGP templates in the eos-l3ls-evpn role to allow easier extenstion.
example required for 7280R2:
hardware tcam profile vxlan-routing
Add support for 3 node CVP cluster
After running pip install -r requirements.txt
in a clean environment, we have following error message:
fatal: [DC1-SPINE1 -> localhost]: FAILED! => changed=false
msg: 'AnsibleFilterError: The ipaddr filter requires python''s netaddr be installed on the ansible controller'
This library is missing from requirements.txt
Fix is:
$ pip install netaddr
Collecting netaddr
Using cached https://files.pythonhosted.org/packages/ba/97/ce14451a9fd7bdb5a397abf99b24a1a6bb7a1a440b019bebd2e9a0dbec74/netaddr-0.7.19-py2.py3-none-any.whl
Installing collected packages: netaddr
Successfully installed netaddr-0.7.19
Create initial documentation on how to use the EVPN design guide roles!
Add capability in l3leafs/l2leafs node_groups to filter VLANs and VRFs by Tenants and/or Tags
example of data model entry:
Tenants:
Tenant_A:
l2vlans:
260:
name: VMotion
tags: [ vmotion ]
enabled: true
Recall that there are no GARPs for interfaces with "ip address virtual", which could be somewhat problematic for L2 infrastructure that is southbound of the VTEPs.
Of course, removing "ip address virtual" results in chewing up more IP addresses in the entire eVPN fabric.
In case only you defined only L2 VNIs in your tenants, CLI config gen fails with follfowing elements:
FAILED! => changed=false
msg: 'AnsibleUndefinedVariable: ''dict object'' has no attribute ''vrfs'''
arista.avd
version 1.0.0{% if vxlan_tunnel_interface.Vxlan1.vxlan_vni_mappings.vrfs is defined and
vxlan_tunnel_interface.Vxlan1.vxlan_vni_mappings.vrfs is not none %}
{% for vrf in vxlan_tunnel_interface.Vxlan1.vxlan_vni_mappings.vrfs | arista.avd.natural_sort %}
vxlan vrf {{ vrf }} vni {{ vxlan_tunnel_interface.Vxlan1.vxlan_vni_mappings.vrfs[vrf].vni }}
{% endfor %}
{% endif %}
Instead of:
{% for vrf in vxlan_tunnel_interface.Vxlan1.vxlan_vni_mappings.vrfs | arista.avd.natural_sort %}
vxlan vrf {{ vrf }} vni {{ vxlan_tunnel_interface.Vxlan1.vxlan_vni_mappings.vrfs[vrf].vni }}
{% endfor %}
Same change should been done in documentation part of the role.
Abstraction role (eos_l3ls_config
) has not been tested as we are using a custom role to generate VXLAN HER topology.
example:
vlan internal allocation policy ascending range
Due to absence of recovery timer for EVPN blacklist MAC-addresses possible workaround would be following event-handler:
event-handler evpn-blacklist-recovery
action bash FastCli -p 15 -c “clear bgp evpn host-flap”
delay 300
!
trigger on-logging
regex EVPN-3-BLACKLISTED_DUPLICATE_MAC
"Guide for contribution" is referenced in README.md, but does not exist.
As value of this guide is not incredibly high, I suggest to remove the reference from the README.md
Role eos-config-deploy-cvp
is only supporting Fabric creation. In some use cases, it might be interesting to reset fabric from CVP and move EOS devices to ZTP mode.
Role should allow an option to choose whether we want to build or cleanup CVP.
- name: Configuration deployment with CVP
hosts: CVP
connection: local
gather_facts: no
tasks:
- name: run CVP provisioning
import_role:
name: eos-config-deploy-cvp
vars:
state: {{present|absent}} # present is default value
Role description is missing.
Implementing -cvsourceip
in TerminAttr daemon allows to support two use cases:
Configuration example for TerminAttr < 1.7
daemon TerminAttr
exec /usr/bin/TerminAttr -ingestgrpcurl=10.83.12.79:9910 -cvcompression=gzip -taillogs -ingestauth=key,xxx \
-smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent \
-ingestvrf=default -cvsourceip=<Device_Source_IP>
no shutdown
Configuration example for TerminAttr >= 1.7
daemon TerminAttr
exec /usr/bin/TerminAttr -ingestgrpcurl=10.83.12.79:9910 -cvcompression=gzip -taillogs -cvauth=key,xxx \
-smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent \
-ingestvrf=default -cvsourceip=<Device_Source_IP> -cvvrf=default
no shutdown
iBGP required in overlay VRFs between MLAG pairs for certain connectivity and failure scenarios.
Add the capability to define static routes in the tenant data model.
move "leaf_as_range:" unders spines
example:
spine:
leaf_as_range: 65101-65132
move "virtual_router_mac_address " under L3Leafs
l3leafs:
virtual_router_mac_address : 00:1c:73:00:dc:01
On chassis switches, I like to use "interface Ma0" which floats as a virtual IP address across both supervisors, which have the following physical management interfaces:
SUP #1:
interface management 1/1
interface management 1/2
SUP #2:
interface management 2/1
interface management 2/2
interface management0 floats between 1/1 and 1/2 when physically wired like this:
Resulting in a config that looks like this:
interface Management0
vrf forwarding MGMT
ip address x.y.z.a/s
There are other combinations to consider, I'm sure. ;-)
Allow management interface in default/global routing table
Updates to the following templates/data model will be required:
https://github.com/aristanetworks/ansible-avd/blob/master/ansible_collections/arista/avd/roles/eos_l3ls_evpn/templates/base/mgmt-interface.j2
add the following to default template:
switchport default mode routed
!
no aaa root
!
management console
idle-timeout 15
!
management ssh
no shutdown
idle-timeout 15
vrf default
shutdown
vrf MGMT
no shutdown
!
management telnet
shutdown
!
management defaults
secret hash sha512
!
vlan 1
state suspend
trunk group DO_NOT_USE
!
Is this README required? If yes, make a reference to the main one.
Here to be changed from:
As mentioned in the overview, if desired, the role can be extended to leverage data from dynamic sources such as an IPAM or CMDB.
to:
If desired, the role can be extended to leverage data from dynamic sources such as an IPAM or CMDB.
Add following to the mlag leafs VXLAN config:
interface Vxlan1
vxlan virtual-router encapsulation mac-address mlag-system-id
Move "ip ospf" commands to "router ospf" scope instead of under, say, "Interface EthernetX" scope. I think this makes it easier to debug the derive configs by putting all relevant info into less areas of the running-config.
add docker file to enable consistent use and deployment of Ansible Arista Validated Design Collection.
Provide docker file for:
To track missing section here
R series Devices:
mlag configuration
reload-delay mlag 1020
reload-delay non-mlag 780
All other Platforms (Trident/Tomahawk/XP ASIC):
mlag configuration
reload-delay mlag 360
reload-delay non-mlag 300
dual-primary detection delay 5 action errdisable all-interfaces
One particular example, from the global configuration.
redundancy
protocol sso
interface Ethernet3/1/1
description P2P_UPLINK_TO_LEAF-1_Ethernet53/1
Perhaps when the description is relative to a Spine's perspective down to a leaf, maybe "DOWNLINK" or "LINK" is cleaner.
It may make sense to keep "generated_vars", "intended_configs", & "documentation" in their own directory called "derived_objects" and then that way the only directories at the scope below "physical_poc" are "derived_objects", "group_vars" and "config_backup". This may assist segmenting what's really an input and what's really an output.
In addition, move "inventory.yml" into "group_vars" as that is also an input.
Remove dependency on eos_config_gen
Remove when: eosconfig.changed
from task.
When defining a port-profile, allow a method to add all VLANs that present on the leaf switch.
for example:
VM_Servers:
mode: trunk
vlans: "all"
This "all" keyword would result in adding all VLANs defined on the switch -> accessible via the leaf.vlans
key
Hi All,
I know this is not the place to post this question but the eos thread does not have an option to ask for support. I'm still really new to using Ansible as I have only just got Ansible roles to work i.e. the old way, and after seeing the demo video about arista.avd collections I would really like to get arista-eos up and running without the cloudvision part but after trying to read the doc's about the eos collections I have no idea how this works. Before i could just do the following to push configuration.
Could someone please let me know how I should be setting up the Ansible layout in order for this new format of arista-eos collection to work. I'm really at my wits end after not being able to find a demo complete inventory, playbook, group_vars, host_vars example.
Thanks in advanced Shaun
Document important design assumptions, like tenancy model, etc.
Explain what data structures are related to every assumption.
Add the list of design assumptions to be documented into this issue and do not close till the list looks complete.
Example interface description correction
DC1-LEAF2A:
interface Ethernet7
description DC1-L2LEAF6A_Ethernet1
channel-group 7 mode active
!
interface Ethernet8
description DC1-L2LEAF6B_Ethernet2 -> Ethernet1
channel-group 7 mode active
DC1-LEAF2B:
interface Ethernet7
description DC1-L2LEAF6A_Ethernet1 -> Ethernet2
channel-group 7 mode active
!
interface Ethernet8
description DC1-L2LEAF6B_Ethernet2
channel-group 7 mode active
add BGP router-id under each VRF so that it is deterministic.
HTML has to be removed from Markdown docs. It's not critical, but increases complexity of maintaining and compatible with all dev tools.
Here is an example:
## Role Inputs and Outputs
Figure 1 below provides a visualization of the roles inputs, and outputs and tasks in order executed by the role.
<p align="center">
<img src='media/figure-1-role-eos_l3ls_evpn.gif' alt='Figure 1: Ansible Role eos_l3ls_evpn'/>
</p>
**Inputs:**
This is not displayed correctly in PyCharm for instance.
A simple Markdown string instead would be much better:
![Figure 1: Ansible Role eos_l3ls_evpn](media/figure-1-role-eos_l3ls_evpn.gif)
Validate syntax and more importantly duplicate keys!
example:
interface Ethernet2
speed forced 10000full
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.