def build_l2_evpn_interface_config(self, interfaces_config, interfaces, vn, vlan_conf):
ifd_map = {}
for interface in interfaces:
ifd_map.setdefault(interface.ifd_name, []).append(interface)
for ifd_name, interface_list in ifd_map.items():
intf = Interface(name=ifd_name)
interfaces_config.add_interface(intf)
intf.set_flexible_vlan_tagging('')
intf.set_encapsulation("extended-vlan-bridge")
if interface_list[0].is_untagged():
if (len(interface_list) > 1):
self._logger.error(
"invalid logical interfaces config for ifd %s" % (
ifd_name))
continue
intf.add_unit(Unit(name=interface_list[0].unit,
comment=DMUtils.l2_evpn_intf_unit_comment(vn, False),
vlan_id="4094"))
vlan_conf.add_interface(Interface(name=ifd_name + ".0"))
else:
for interface in interface_list:
intf.add_unit(Unit(name=interface.unit,
comment=DMUtils.l2_evpn_intf_unit_comment(vn,
True, interface.vlan_tag),
vlan_id=str(interface.vlan_tag)))
vlan_conf.add_interface(Interface(name=ifd_name + "." + str(interface.vlan_tag)))
def add_inet_public_vrf_filter(self, forwarding_options_config, firewall_config, inet_type):
fo = Family()
inet_filter = InetFilter(input=DMUtils.make_public_vrf_filter_name(inet_type))
if inet_type == "inet6":
fo.set_inet6(FamilyInet6(filter=inet_filter))
else:
fo.set_inet(FamilyInet(filter=inet_filter))
forwarding_options_config.add_family(fo)
f = FirewallFilter(name=DMUtils.make_public_vrf_filter_name(inet_type))
ff = firewall_config.get_family()
if not ff:
ff = FirewallFamily()
firewall_config.set_family(ff)
if inet_type == "inet6":
inet6 = ff.get_inet6()
if not inet6:
inet6 = FirewallInet()
ff.set_inet6(inet6)
inet6.add_filter(f)
else:
inet = ff.get_inet()
if not inet:
inet = FirewallInet()
ff.set_inet(inet)
inet.add_filter(f)
term = Term(name="default-term", then=Then(accept=""))
f.add_term(term)
return f
def set_route_targets_config(self):
if self.policy_config is None:
self.policy_config = PolicyOptions(comment=DMUtils.policy_options_comment())
for route_target in self.route_targets:
comm = CommunityType(name=DMUtils.make_community_name(route_target))
comm.add_members(route_target)
self.policy_config.add_community(comm)
def _build_ri_config(self, vn, ri_name, ri_obj, interfaces, export_targets,
import_targets, feature_config):
encapsulation_priorities = self._get_encapsulation_priorities()
highest_encapsulation = encapsulation_priorities[0]
network_id = vn.vn_network_id
vxlan_id = vn.get_vxlan_vni()
ri = RoutingInstance(name=ri_name, virtual_network_mode='l2',
export_targets=export_targets, import_targets=import_targets,
virtual_network_id=str(network_id), vxlan_id=str(vxlan_id),
is_public_network=vn.router_external)
ri.set_virtual_network_id(str(network_id))
ri.set_vxlan_id(str(vxlan_id))
ri.set_is_public_network(vn.router_external)
vlan = None
if highest_encapsulation == 'VXLAN':
ri.set_routing_instance_type('virtual-switch')
vlan = Vlan(name=DMUtils.make_bridge_name(vxlan_id), vxlan_id=vxlan_id)
vlan.set_comment(DMUtils.vn_bd_comment(vn, 'VXLAN'))
feature_config.add_vlans(vlan)
for interface in interfaces:
self._add_ref_to_list(vlan.get_interfaces(), interface.li_name)
elif highest_encapsulation in ['MPLSoGRE', 'MPLSoUDP']:
ri.set_routing_instance_type('evpn')
self._build_l2_evpn_interface_config(interfaces, vn, vlan)
return ri
def build_l2_evpn_interface_config(self, interfaces_config, interfaces, vn=None):
ifd_map = {}
for interface in interfaces:
ifd_map.setdefault(interface.ifd_name, []).append(interface)
for ifd_name, interface_list in ifd_map.items():
intf = Interface(name=ifd_name)
interfaces_config.add_interface(intf)
if interface_list[0].is_untagged():
if (len(interface_list) > 1):
self._logger.error(
"invalid logical interfaces config for ifd %s" % (
ifd_name))
continue
intf.set_encapsulation("ethernet-bridge")
intf.add_unit(Unit(name=interface_list[0].unit,
comment=DMUtils.l2_evpn_intf_unit_comment(vn, False),
family=Family(bridge='')))
else:
intf.set_flexible_vlan_tagging('')
intf.set_encapsulation("flexible-ethernet-services")
for interface in interface_list:
intf.add_unit(Unit(name=interface.unit,
comment=DMUtils.l2_evpn_intf_unit_comment(vn,
True, interface.vlan_tag),
encapsulation='vlan-bridge',
vlan_id=str(interface.vlan_tag)))
def build_ae_config(self, esi_map):
if esi_map:
self.set_chassis_config()
interfaces_config = self.interfaces_config or \
Interfaces(comment=DMUtils.interfaces_comment())
# self.ae_id_map should have all esi => ae_id mapping
# esi_map should have esi => interface memberships
for esi, ae_id in self.physical_router.ae_id_map.items():
# config ae interface
ae_name = "ae" + str(ae_id)
intf = Interface(name=ae_name)
interfaces_config.add_interface(intf)
priority = DMUtils.lacp_system_priority()
system_id = esi[-17:] #last 17 charcaters from esi for ex: 00:00:00:00:00:05
lacp = Lacp(active='', system_priority=priority, \
system_id=system_id, admin_key=1)
intf.set_aggregated_ether_options(AggregatedEtherOptions(lacp=lacp))
# associate 'ae' membership
pi_list = esi_map.get(esi)
for pi in pi_list or []:
intf = Interface(name=pi.name)
interfaces_config.add_interface(intf)
etherOptions = EtherOptions(ieee_802_3ad=Ieee802(bundle=ae_name))
intf.set_gigether_options(etherOptions)
self.interfaces_config = interfaces_config
def add_inet_public_vrf_filter(self, firewall_config, inet_type):
firewall_config.set_family(inet_type)
f = FirewallFilter(name=DMUtils.make_public_vrf_filter_name(inet_type))
f.set_comment(DMUtils.public_vrf_filter_comment())
firewall_config.add_firewall_filters(f)
term = Term(name="default-term", then=Then(accept_or_reject=True))
f.add_terms(term)
return f
def add_inet_vrf_filter(self, firewall_config, vrf_name):
firewall_config.set_family("inet")
f = FirewallFilter(name=DMUtils.make_private_vrf_filter_name(vrf_name))
f.set_comment(DMUtils.vrf_filter_comment(vrf_name))
firewall_config.add_firewall_filters(f)
term = Term(name="default-term", then=Then(accept_or_reject=True))
f.add_terms(term)
return f
def build_underlay_bgp(self):
if self.physical_router.allocated_asn is None:
self._logger.error("physical router %s(%s) does not have asn"
" allocated" % (self.physical_router.name,
self.physical_router.uuid))
return
for pi_obj, li_obj, iip_obj in self.\
fetch_pi_li_iip(self.physical_router.physical_interfaces):
if pi_obj and li_obj and iip_obj and iip_obj.instance_ip_address:
pi, li_map = self.set_default_pi(pi_obj.name, 'regular')
pi.set_comment(DMUtils.ip_clos_comment())
li = self.set_default_li(li_map, li_obj.name,
int(li_obj.name.split('.')[-1]))
li.set_comment(DMUtils.ip_clos_comment())
self.add_ip_address(li, iip_obj.instance_ip_address)
self._logger.debug("looking for peers for physical"
" interface %s(%s)" % (pi_obj.name,
pi_obj.uuid))
# Add this bgp object only if it has a peer
underlay_asn = self.physical_router.allocated_asn
bgp_name = DMUtils.make_underlay_bgp_group_name(underlay_asn,
li_obj.name, is_external=True)
bgp = Bgp(name=bgp_name,
ip_address=iip_obj.instance_ip_address,
autonomous_system=underlay_asn,
type_='external',
comment=DMUtils.ip_clos_comment())
peers = {}
# Assumption: PIs are connected for IP-CLOS peering only
for peer_pi_obj, peer_li_obj, peer_iip_obj in\
self.fetch_pi_li_iip(pi_obj.physical_interfaces):
if peer_pi_obj and peer_li_obj and peer_iip_obj and\
peer_iip_obj.instance_ip_address:
peer_pr = PhysicalRouterDM.get(
peer_pi_obj.physical_router)
if peer_pr is None:
self._logger.error(
"unable to read peer physical router %s"
% peer_pi_obj.physical_router)
elif peer_pr.allocated_asn is None:
self._logger.error(
"peer physical router %s does not have"
" asn allocated" % peer_pi_obj.physical_router)
elif peer_pr != self.physical_router:
peer = Bgp(name=peer_pr.name,
ip_address=peer_iip_obj.instance_ip_address,
autonomous_system=peer_pr.allocated_asn,
comment=peer_pr.name)
peers[peer_pr.name] = peer
if peers:
bgp.set_peers(self.get_values_sorted_by_key(peers))
self.bgp_map[bgp_name] = bgp
def init_global_switch_opts(self):
if self.global_switch_options_config is None:
self.global_switch_options_config = SwitchOptions(comment=DMUtils.switch_options_comment())
self.global_switch_options_config.set_vtep_source_interface("lo0.0")
if not self.routing_instances:
# no vn config then no need to configure vrf target
return
self.global_switch_options_config.add_vrf_target(VniTarget(auto=''))
switch_options_community = DMUtils.get_switch_vrf_import(self.get_asn())
self.global_switch_options_config.add_vrf_target(VniTarget(community=switch_options_community))
def set_route_targets_config(self):
if self.policy_config is None:
self.policy_config = PolicyOptions(comment=DMUtils.policy_options_comment())
for route_target in self.route_targets:
comm = CommunityType(name=DMUtils.make_community_name(route_target),
members=route_target)
self.policy_config.add_community(comm)
# add community for switch options
comm = CommunityType(name=DMUtils.get_switch_policy_name(),
members=DMUtils.get_switch_vrf_import(self.get_asn()))
self.policy_config.add_community(comm)
def add_lo0_unit_0_interface(self, loopback_ip=''):
if not loopback_ip:
return
if not self.interfaces_config:
self.interfaces_config = Interfaces(comment=DMUtils.interfaces_comment())
lo_intf = Interface(name="lo0")
self.interfaces_config.add_interface(lo_intf)
fam_inet = FamilyInet(address=[Address(name=loopback_ip + "/32",
primary='', preferred='')])
intf_unit = Unit(name="0", family=Family(inet=fam_inet),
comment=DMUtils.lo0_unit_0_comment())
lo_intf.add_unit(intf_unit)
def add_inet_filter_term(self, ri_name, prefixes, inet_type):
if inet_type == "inet6":
prefixes = DMUtils.get_ipv6_prefixes(prefixes)
else:
prefixes = DMUtils.get_ipv4_prefixes(prefixes)
from_ = From()
for prefix in prefixes:
from_.add_destination_address(prefix)
then_ = Then()
then_.add_routing_instance(ri_name)
return Term(name=DMUtils.make_vrf_term_name(ri_name), fromxx=from_, then=then_)
def build_firewall_filters(self, sg, acl, is_egress=False):
acl_rule_present = False
if not sg or not acl or not acl.vnc_obj:
return
acl = acl.vnc_obj
entries = acl.get_access_control_list_entries()
if not entries:
return
rules = entries.get_acl_rule() or []
if not rules:
return
self.firewall_config = self.firewall_config or\
Firewall(DMUtils.firewall_comment())
for rule in rules:
if not self.has_terms(rule):
continue
match = rule.get_match_condition()
if not match:
continue
acl_rule_present = True
break
if acl_rule_present:
filter_name = DMUtils.make_sg_firewall_name(sg.name, acl.uuid)
f = FirewallFilter(name=filter_name)
f.set_comment(DMUtils.make_sg_firewall_comment(sg.name, acl.uuid))
# allow arp ether type always
self.add_ether_type_term(f, 'arp')
# allow dhcp/dns always
self.add_dns_dhcp_terms(f)
for rule in rules:
if not self.has_terms(rule):
continue
match = rule.get_match_condition()
if not match:
continue
rule_uuid = rule.get_rule_uuid()
dst_addr_match = match.get_dst_address()
dst_port_match = match.get_dst_port()
ether_type_match = match.get_ethertype()
protocol_match = match.get_protocol()
src_addr_match = match.get_src_address()
src_port_match = match.get_src_port()
term = self.add_filter_term(f, rule_uuid)
self.add_addr_term(term, dst_addr_match, False)
self.add_addr_term(term, src_addr_match, True)
self.add_port_term(term, dst_port_match, False)
# source port match is not needed for now (BMS source port)
#self.add_port_term(term, src_port_match, True)
self.add_protocol_term(term, protocol_match)
self.firewall_config.add_firewall_filters(f)
def add_inet_filter_term(self, ri_name, prefixes, inet_type):
term = etree.Element("term")
etree.SubElement(term, "name").text = DMUtils.make_vrf_term_name(ri_name)
from_ = etree.SubElement(term, "from")
if inet_type == 'inet6':
prefixes = DMUtils.get_ipv6_prefixes(prefixes)
else:
prefixes = DMUtils.get_ipv4_prefixes(prefixes)
for prefix in prefixes:
etree.SubElement(from_, "destination-address").text = prefix
then_ = etree.SubElement(term, "then")
etree.SubElement(then_, "routing-instance").text = ri_name
return term
def add_inet_public_vrf_filter(self, forwarding_options_config,
firewall_config, inet_type, inet_xml_name):
fo = etree.SubElement(forwarding_options_config, "family")
inet = etree.SubElement(fo, inet_xml_name)
f = etree.SubElement(inet, "filter")
etree.SubElement(f, "input").text = DMUtils.make_public_vrf_filter_name(inet_type)
fc = etree.SubElement(firewall_config, "family")
inet = etree.SubElement(fc, inet_xml_name)
f = etree.SubElement(inet, "filter")
etree.SubElement(f, "name").text = DMUtils.make_public_vrf_filter_name(inet_type)
term = etree.SubElement(f, "term")
etree.SubElement(term, "name").text = "default-term"
then_ = etree.SubElement(term, "then")
etree.SubElement(then_, "accept")
return f
def _get_bgp_config_xml(self, external=False):
if self.bgp_params is None:
return None
bgp_group = BgpGroup()
if external:
bgp_group.set_name(DMUtils.make_bgp_group_name(True))
bgp_group.set_type("external")
bgp_group.set_multihop("")
else:
bgp_group.set_name(DMUtils.make_bgp_group_name(False))
bgp_group.set_type("internal")
bgp_group.set_local_address(self.bgp_params["address"])
self.add_families(bgp_group, self.bgp_params)
self.add_bgp_auth_config(bgp_group, self.bgp_params)
self.add_bgp_hold_time_config(bgp_group, self.bgp_params)
return bgp_group
def add_pnf_logical_interface(self, junos_interface):
if not self.interfaces_config:
self.interfaces_config = Interfaces(comment=DMUtils.interfaces_comment())
family = Family(inet=FamilyInet([Address(name=junos_interface.ip)]))
unit = Unit(name=junos_interface.unit, vlan_id=junos_interface.vlan_tag, family=family)
interface = Interface(name=junos_interface.ifd_name, unit=unit)
self.interfaces_config.add_interface(interface)
def get_firewall_filters(self, sg, acl, is_egress=False):
acl_rule_present = False
if not sg or not acl or not acl.vnc_obj:
return []
acl = acl.vnc_obj
entries = acl.get_access_control_list_entries()
if not entries:
return []
rules = entries.get_acl_rule() or []
if not rules:
return []
filter_names = []
for rule in rules:
if not self.has_terms(rule):
continue
match = rule.get_match_condition()
if not match:
continue
rule_uuid = rule.get_rule_uuid()
ether_type_match = match.get_ethertype()
if not ether_type_match:
continue
if 'ipv6' in ether_type_match.lower():
continue
acl_rule_present = True
break
if acl_rule_present:
filter_name = DMUtils.make_sg_firewall_name(sg.name, acl.uuid)
filter_names.append(filter_name)
return filter_names
def set_as_config(self):
if not self.bgp_params.get("identifier"):
return
if self.global_routing_options_config is None:
self.global_routing_options_config = RoutingOptions(comment=DMUtils.routing_options_comment())
self.global_routing_options_config.set_route_distinguisher_id(self.bgp_params['identifier'])
self.global_routing_options_config.set_autonomous_system(str(self.get_asn()))
def _build_ri_config(self, vn, ri_name, ri_obj, export_targets,
import_targets, feature_config, irb_ips):
encapsulation_priorities = self._get_encapsulation_priorities()
network_id = vn.vn_network_id
vxlan_id = vn.get_vxlan_vni()
ri = RoutingInstance(name=ri_name, virtual_network_mode='l3',
export_targets=export_targets, import_targets=import_targets,
virtual_network_id=str(network_id), vxlan_id=str(vxlan_id),
is_public_network=vn.router_external, routing_instance_type='vrf')
for prefix in vn.get_prefixes():
ri.add_prefixes(self._get_subnet_for_cidr(prefix))
_, li_map = self._add_or_lookup_pi(self.pi_map, 'irb', 'irb')
if irb_ips:
irb = self._add_or_lookup_li(li_map, 'irb.'+str(network_id),
network_id)
for (irb_ip, gateway) in irb_ips:
self._add_ip_address(irb, irb_ip, gateway=gateway)
vlan = Vlan(name=DMUtils.make_bridge_name(vxlan_id), vxlan_id=vxlan_id)
feature_config.add_vlans(vlan)
self._add_ref_to_list(vlan.get_interfaces(), irb.get_name())
return ri
def set_route_distinguisher_config(self):
if not self.routing_instances:
# no vn config then no need to configure route distinguisher
return
if self.global_switch_options_config is None:
self.global_switch_options_config = SwitchOptions(comment=DMUtils.switch_options_comment())
self.global_switch_options_config.set_route_distinguisher(
RouteDistinguisher(rd_type=self.bgp_params['identifier'] + ":1"))
def _get_bgp_config_xml(self, external=False):
if self.bgp_params is None:
return None
bgp_config = etree.Element("group", operation="replace")
if external:
etree.SubElement(bgp_config, "name").text = DMUtils.make_bgp_group_name(True)
etree.SubElement(bgp_config, "type").text = "external"
etree.SubElement(bgp_config, "multihop")
else:
etree.SubElement(bgp_config, "name").text = DMUtils.make_bgp_group_name(False)
etree.SubElement(bgp_config, "type").text = "internal"
local_address = etree.SubElement(bgp_config, "local-address")
local_address.text = self.bgp_params['address']
self._add_family_etree(bgp_config, self.bgp_params)
self.add_bgp_auth_config(bgp_config, self.bgp_params)
self.add_bgp_hold_time_config(bgp_config, self.bgp_params)
return bgp_config
def add_bogus_lo0(self, ri, network_id, vn):
ifl_num = 1000 + int(network_id)
lo_intf, li_map = self.set_default_pi('lo0', 'loopback')
intf_name = 'lo0.' + str(ifl_num)
intf_unit = self.set_default_li(li_map, intf_name, ifl_num)
intf_unit.set_comment(DMUtils.l3_bogus_lo_intf_comment(vn))
self.add_ip_address(intf_unit, "127.0.0.1")
self.add_ref_to_list(ri.get_loopback_interfaces(), intf_name)
def _get_bgp_config_xml(self, external=False):
if self.bgp_params is None or not self.bgp_params.get('address'):
return None
bgp_group = BgpGroup()
bgp_group.set_comment(DMUtils.bgp_group_comment(self.bgp_obj))
if external:
bgp_group.set_name(DMUtils.make_bgp_group_name(self.get_asn(), True))
bgp_group.set_type('external')
bgp_group.set_multihop('')
else:
bgp_group.set_name(DMUtils.make_bgp_group_name(self.get_asn(), False))
bgp_group.set_type('internal')
self.add_ibgp_export_policy(self.bgp_params, bgp_group)
bgp_group.set_local_address(self.bgp_params['address'])
self.add_families(bgp_group, self.bgp_params)
self.add_bgp_auth_config(bgp_group, self.bgp_params)
self.add_bgp_hold_time_config(bgp_group, self.bgp_params)
return bgp_group
def _build_underlay_bgp(self, feature_config):
if self._physical_router.allocated_asn is None:
self._logger.error("physical router %s(%s) does not have asn"
" allocated" % (self._physical_router.name,
self._physical_router.uuid))
return
pi_map = OrderedDict()
for pi_obj, li_obj, iip_obj in self.\
_fetch_pi_li_iip(self._physical_router.physical_interfaces):
if pi_obj and li_obj and iip_obj and iip_obj.instance_ip_address:
pi, li_map = self._add_or_lookup_pi(pi_map, pi_obj.name, 'regular')
li = self._add_or_lookup_li(li_map, li_obj.name,
int(li_obj.name.split('.')[-1]))
self._add_ip_address(li, iip_obj.instance_ip_address)
self._logger.debug("looking for peers for physical"
" interface %s(%s)" % (pi_obj.name,
pi_obj.uuid))
# Add this bgp object only if it has a peer
underlay_asn = self._physical_router.allocated_asn
bgp_name = DMUtils.make_underlay_bgp_group_name(underlay_asn,
li_obj.name, is_external=True)
bgp = Bgp(name=bgp_name,
ip_address=iip_obj.instance_ip_address,
autonomous_system=underlay_asn,
type_='external')
peers = OrderedDict()
# Assumption: PIs are connected for IP-CLOS peering only
for peer_pi_obj, peer_li_obj, peer_iip_obj in\
self._fetch_pi_li_iip(pi_obj.physical_interfaces):
if peer_pi_obj and peer_li_obj and peer_iip_obj and\
peer_iip_obj.instance_ip_address:
peer_pr = db.PhysicalRouterDM.get(
peer_pi_obj.physical_router)
if peer_pr is None:
self._logger.error(
"unable to read peer physical router %s"
% peer_pi_obj.physical_router)
elif peer_pr.allocated_asn is None:
self._logger.error(
"peer physical router %s does not have"
" asn allocated" % peer_pi_obj.physical_router)
elif peer_pr != self._physical_router:
peer = Bgp(name=peer_pr.name,
ip_address=peer_iip_obj.instance_ip_address,
autonomous_system=peer_pr.allocated_asn)
peers[peer_pr.name] = peer
if peers:
bgp.set_peers(peers.values())
feature_config.add_bgp(bgp)
def get_bgp_config(self, external=False):
if self.bgp_params is None or not self.bgp_params.get('address'):
return None
bgp = Bgp()
cluster_id = self.bgp_params.get('cluster_id')
if cluster_id:
bgp.set_cluster_id(cluster_id)
bgp.set_comment(DMUtils.bgp_group_comment(self.bgp_obj))
if external:
bgp.set_name(DMUtils.make_bgp_group_name(self.get_asn(), True))
bgp.set_type('external')
else:
bgp.set_name(DMUtils.make_bgp_group_name(self.get_asn(), False))
bgp.set_type('internal')
bgp.set_ip_address(self.bgp_params['address'])
bgp.set_autonomous_system(self.get_asn())
self.add_families(bgp, self.bgp_params)
self.add_bgp_auth_config(bgp, self.bgp_params)
self.add_bgp_hold_time_config(bgp, self.bgp_params)
return bgp
def add_vlan_config(self, vrf_name, vni, is_l3=False, irb_intf=None):
if not self.vlans_config:
self.vlans_config = Vlans(comment=DMUtils.vlans_comment())
vxlan = VXLan(vni=vni)
vlan = Vlan(name=vrf_name[1:], vxlan=vxlan)
if is_l3:
if not irb_intf:
self._logger.error("Missing irb interface config l3 vlan: %s" % vrf_name)
else:
vlan.set_l3_interface(irb_intf)
self.vlans_config.add_vlan(vlan)
return vlan
def add_dynamic_tunnels(self, tunnel_source_ip,
ip_fabric_nets, bgp_router_ips):
dynamic_tunnel = DynamicTunnel(name=DMUtils.dynamic_tunnel_name(self.get_asn()),
source_address=tunnel_source_ip, gre='')
if ip_fabric_nets is not None:
for subnet in ip_fabric_nets.get("subnet", []):
dest_net = subnet['ip_prefix'] + '/' + str(subnet['ip_prefix_len'])
dynamic_tunnel.add_destination_networks(
DestinationNetworks(name=dest_net,
comment=DMUtils.ip_fabric_subnet_comment()))
for r_name, bgp_router_ip in bgp_router_ips.items():
dynamic_tunnel.add_destination_networks(
DestinationNetworks(name=bgp_router_ip + '/32',
comment=DMUtils.bgp_router_subnet_comment(r_name)))
dynamic_tunnels = DynamicTunnels()
dynamic_tunnels.add_dynamic_tunnel(dynamic_tunnel)
if self.global_routing_options_config is None:
self.global_routing_options_config = RoutingOptions(comment=DMUtils.routing_options_comment())
self.global_routing_options_config.set_dynamic_tunnels(dynamic_tunnels)
def add_ibgp_export_policy(self, params, bgp_group):
if params.get('address_families') is None:
return
families = params['address_families'].get('family', [])
if not families:
return
if self.policy_config is None:
self.policy_config = PolicyOptions(comment=DMUtils.policy_options_comment())
ps = PolicyStatement(name=DMUtils.make_ibgp_export_policy_name())
self.policy_config.add_policy_statement(ps)
ps.set_comment(DMUtils.ibgp_export_policy_comment())
vpn_types = []
for family in ['inet-vpn', 'inet6-vpn']:
if family in families:
vpn_types.append(family)
for vpn_type in vpn_types:
is_v6 = True if vpn_type == 'inet6-vpn' else False
term = Term(name=DMUtils.make_ibgp_export_policy_term_name(is_v6))
ps.add_term(term)
then = Then()
from_ = From()
term.set_from(from_)
term.set_then(then)
from_.set_family(DMUtils.get_inet_family_name(is_v6))
then.set_next_hop(NextHop(selfxx=''))
bgp_group.set_export(DMUtils.make_ibgp_export_policy_name())
def prepare_groups(self, is_delete=False):
groups = Groups()
if is_delete:
return groups
groups.set_comment(DMUtils.groups_comment())
groups.set_routing_instances(self.ri_config)
groups.set_interfaces(self.interfaces_config)
groups.set_services(self.services_config)
groups.set_policy_options(self.policy_config)
groups.set_firewall(self.firewall_config)
groups.set_forwarding_options(self.forwarding_options_config)
groups.set_routing_options(self.global_routing_options_config)
groups.set_protocols(self.proto_config)
self.add_product_specific_config(groups)
return groups
def set_internal_vn_irb_config(self):
if self.internal_vn_ris and self.irb_interfaces:
for int_ri in self.internal_vn_ris:
lr_uuid = DMUtils.extract_lr_uuid_from_internal_vn_name(
int_ri.name)
lr = LogicalRouterDM.get(lr_uuid)
if not lr:
continue
vn_list = lr.get_connected_networks(include_internal=False)
for vn in vn_list:
vn_obj = VirtualNetworkDM.get(vn)
irb_name = "irb." + str(vn_obj.vn_network_id)
if irb_name in self.irb_interfaces:
int_ri.add_routing_interfaces(
LogicalInterface(name=irb_name))
def set_bgp_group_config(self):
bgp_config = self._get_bgp_config_xml()
if not bgp_config:
return
if not self.proto_config:
self.proto_config = Protocols(comment=DMUtils.protocols_comment())
bgp = Bgp()
self.proto_config.set_bgp(bgp)
bgp.add_group(bgp_config)
self._get_neighbor_config_xml(bgp_config, self.bgp_peers)
if self.external_peers:
ext_grp_config = self._get_bgp_config_xml(True)
bgp.add_group(ext_grp_config)
self._get_neighbor_config_xml(ext_grp_config, self.external_peers)
return
def add_bogus_lo0(self, ri, network_id, vn):
if not self.is_spine():
return
self.interfaces_config = self.interfaces_config or []
ifl_num = 1000 + int(network_id)
lo_intf = PhysicalInterface(name="lo0", interface_type='loopback')
self.interfaces_config.append(lo_intf)
intf_unit = LogicalInterface(
name="lo0." + str(ifl_num),
unit=ifl_num,
comment=DMUtils.l3_bogus_lo_intf_comment(vn))
intf_unit.add_ip_list(IpType(address="127.0.0.1"))
lo_intf.add_logical_interfaces(intf_unit)
ri.add_loopback_interfaces(LogicalInterface(name="lo0." +
str(ifl_num)))
def set_dci_vn_irb_config(self):
if self.dci_vn_ris and self.irb_interfaces:
for int_ri in self.dci_vn_ris:
dci_uuid = DMUtils.extract_dci_uuid_from_internal_vn_name(
int_ri.name)
dci = DataCenterInterconnectDM.get(dci_uuid)
if not dci or not dci.virtual_network:
continue
vn = dci.virtual_network
vn_obj = VirtualNetworkDM.get(vn)
if vn_obj is None or vn_obj.vn_network_id is None:
continue
irb_name = "irb." + str(vn_obj.vn_network_id)
if irb_name in self.irb_interfaces:
self.add_ref_to_list(int_ri.get_routing_interfaces(),
irb_name)
def add_irb_config(self, ri_conf):
vn = ri_conf.get("vn")
is_l2_l3 = ri_conf.get("is_l2_l3", False)
gateways = ri_conf.get("gateways", [])
network_id = ri_conf.get("network_id", None)
irb_intf, li_map = self.set_default_pi('irb', 'irb')
self._logger.info("Vn=" + vn.name + ", IRB: " + str(gateways) +
", pr=" + self.physical_router.name)
if gateways is not None:
intf_unit = self.set_default_li(li_map, 'irb.' + str(network_id),
network_id)
intf_unit.set_comment(DMUtils.vn_irb_comment(vn, False, is_l2_l3))
for (irb_ip, gateway) in gateways:
intf_unit.add_ip_list(irb_ip)
if len(gateway) and gateway != '0.0.0.0':
intf_unit.set_gateway(gateway)
def add_dynamic_tunnels(self, tunnel_source_ip,
ip_fabric_nets, bgp_router_ips):
if not self.system_config:
self.system_config = System()
self.system_config.set_tunnel_ip(tunnel_source_ip)
dynamic_tunnel = DynamicTunnel(
name=DMUtils.dynamic_tunnel_name(self.get_asn()),
source_address=tunnel_source_ip, gre='')
if ip_fabric_nets is not None:
for subnet in ip_fabric_nets.get("subnet", []):
dest_net = Subnet(prefix=subnet['ip_prefix'],
prefix_len=subnet['ip_prefix_len'])
self.system_config.add_tunnel_destination_networks(dest_net)
for r_name, bgp_router_ip in bgp_router_ips.items():
dest_net = Subnet(prefix=bgp_router_ip, prefix_len=32)
self.system_config.add_tunnel_destination_networks(dest_net)
def build_dci_bgp_config(self):
if not self.physical_router.has_rb_role("DCI-Gateway"):
return
self.physical_router.evaluate_dci_ip_map()
dci_list = self.physical_router.get_dci_list()
for dci_uuid in dci_list or []:
params = self.physical_router.get_dci_bgp_params(dci_uuid)
if not params:
continue
asn = params.get("asn")
ip = params.get("ip")
name = params.get("name")
typ = params.get("type")
bgp = Bgp(name=name,
ip_address=ip,
autonomous_system=asn,
type_=typ)
bgp.set_comment(DMUtils.dci_bgp_group_comment(bgp))
bgp.set_hold_time(params.get('hold_time'))
for family in params.get("families") or []:
if family in ['e-vpn', 'e_vpn']:
family = 'evpn'
bgp.add_families(family)
bgp_name = name
neigh_list = self.physical_router.get_dci_bgp_neighbours(dci_uuid)
peers = {}
for neigh in neigh_list or []:
asn = neigh.get("asn")
ip = neigh.get("ip")
name = neigh.get("name")
typ = neigh.get("type")
peer = Bgp(name=name,
ip_address=ip,
autonomous_system=asn,
type_=typ)
peers[name] = peer
peer.set_hold_time(neigh.get('hold_time'))
for family in neigh.get("families") or []:
if family in ['e-vpn', 'e_vpn']:
family = 'evpn'
peer.add_families(family)
if peers:
bgp.set_peers(self.get_values_sorted_by_key(peers))
self.bgp_map[bgp_name] = bgp
def _build_l2_evpn_interface_config(self, interfaces, vn, vlan):
interface_map = OrderedDict()
for interface in interfaces:
interface_map.setdefault(interface.pi_name, []).append(interface)
for pi_name, interface_list in interface_map.items():
untagged = [int(i.port_vlan_tag) for i in interface_list
if int(i.vlan_tag) == 0]
if len(untagged) > 1:
self._logger.error(
"Only one untagged interface is allowed on a PI %s" %
pi_name)
continue
tagged = [int(i.vlan_tag) for i in interface_list
if int(i.vlan_tag) != 0]
if self._is_enterprise_style(self._physical_router):
if len(untagged) > 0 and len(tagged) > 0:
self._logger.error(
"Enterprise style config: Can't have tagged and "
"untagged interfaces for same VN on same PI %s" %
pi_name)
continue
elif len(set(untagged) & set(tagged)) > 0:
self._logger.error(
"SP style config: Can't have tagged and untagged "
"interfaces with same Vlan-id on same PI %s" %
pi_name)
continue
_, li_map = self._add_or_lookup_pi(self.pi_map, pi_name)
for interface in interface_list:
if int(interface.vlan_tag) == 0:
is_tagged = False
vlan_tag = str(interface.port_vlan_tag)
else:
is_tagged = True
vlan_tag = str(interface.vlan_tag)
unit = self._add_or_lookup_li(li_map, interface.li_name,
interface.unit)
unit.set_comment(DMUtils.l2_evpn_intf_unit_comment(
vn, is_tagged, vlan_tag))
unit.set_is_tagged(is_tagged)
unit.set_vlan_tag(vlan_tag)
if vlan:
self._add_ref_to_list(vlan.get_interfaces(),
interface.li_name)
def _get_config(self, bgp, external=False):
config = Bgp()
cluster_id = bgp.params.get('cluster_id')
if cluster_id:
config.set_cluster_id(cluster_id)
config.set_name(DMUtils.make_bgp_group_name(self._get_asn(bgp), external))
config.set_type('external' if external else 'internal')
config.set_ip_address(bgp.params['address'])
config.set_autonomous_system(self._get_asn(bgp))
self._add_families(config, bgp.params)
self._add_auth_config(config, bgp.params)
self._add_hold_time_config(config, bgp.params)
return config
def update(self, obj=None):
if obj is None:
obj = self.read_obj(self.uuid)
self.update_multiple_refs('physical_router', obj)
self.fq_name = obj['fq_name']
try:
self.router_external = obj['router_external']
except KeyError:
self.router_external = False
self.vn_network_id = obj.get('virtual_network_network_id')
self.virtual_network_properties = obj.get('virtual_network_properties')
self.set_forwarding_mode(obj)
self.routing_instances = set([ri['uuid'] for ri in
obj.get('routing_instances', [])])
self.virtual_machine_interfaces = set(
[vmi['uuid'] for vmi in
obj.get('virtual_machine_interface_back_refs', [])])
self.gateways = DMUtils.get_network_gateways(obj.get('network_ipam_refs', []))
def send_bgp_config(self):
if not self.set_bgp_group_config():
return 0
self.set_as_config()
self.set_route_targets_config()
groups = Groups()
groups.set_comment(DMUtils.groups_comment())
groups.set_routing_instances(self.ri_config)
groups.set_interfaces(self.interfaces_config)
groups.set_services(self.services_config)
groups.set_policy_options(self.policy_config)
groups.set_firewall(self.firewall_config)
groups.set_forwarding_options(self.forwarding_options_config)
groups.set_routing_options(self.global_routing_options_config)
groups.set_protocols(self.proto_config)
return self.send_netconf(groups)
def build_esi_config(self):
pr = self.physical_router
if not pr or self.is_spine():
return
if not self.interfaces_config:
self.interfaces_config = Interfaces(comment=DMUtils.interfaces_comment())
for pi_uuid in pr.physical_interfaces:
pi = PhysicalInterfaceDM.get(pi_uuid)
if not pi or not pi.esi or pi.esi == "0" or pi.get_parent_ae_id():
continue
esi_conf = Esi(identifier=pi.esi, all_active='')
intf = Interface(name=pi.name, esi=esi_conf)
self.interfaces_config.add_interface(intf)
# add ae interfaces
# self.ae_id_map should have all esi => ae_id mapping
for esi, ae_id in self.physical_router.ae_id_map.items():
esi_conf = Esi(identifier=esi, all_active='')
intf = Interface(name="ae" + str(ae_id), esi=esi_conf)
self.interfaces_config.add_interface(intf)
def add_irb_config(self, ri_conf):
vn = ri_conf.get("vn")
is_l2_l3 = ri_conf.get("is_l2_l3", False)
gateways = ri_conf.get("gateways", [])
network_id = ri_conf.get("network_id", None)
self.interfaces_config = self.interfaces_config or []
irb_intf = PhysicalInterface(name='irb', interface_type='irb')
self.interfaces_config.append(irb_intf)
self._logger.info("Vn=" + vn.name + ", IRB: " + str(gateways) +
", pr=" + self.physical_router.name)
if gateways is not None:
intf_unit = LogicalInterface(name='irb.' + str(network_id),
unit=network_id,
comment=DMUtils.vn_irb_comment(
vn, False, is_l2_l3))
irb_intf.add_logical_interfaces(intf_unit)
for (irb_ip, gateway) in gateways:
intf_unit.add_ip_list(irb_ip)
if len(gateway) and gateway != '0.0.0.0':
intf_unit.set_gateway(gateway)
def prepare_conf(self, is_delete=False):
device = Device()
device.set_comment(DMUtils.groups_comment())
device.set_system(self.system_config)
if is_delete:
return device
device.set_evpn(self.evpn)
device.set_bgp(self.get_values_sorted_by_key(self.bgp_map))
pis = []
for pi, li_map in self.get_values_sorted_by_key(self.pi_map):
pi.set_logical_interfaces(self.get_values_sorted_by_key(li_map))
pis.append(pi)
device.set_physical_interfaces(pis)
device.set_routing_instances(self.get_values_sorted_by_key(
self.ri_map))
device.set_vlans(self.get_values_sorted_by_key(self.vlan_map))
device.set_firewall(self.firewall_config)
return device
def _get_neighbor_config_xml(self, bgp_config, peers):
for peer, peer_data in peers.items():
obj = peer_data.get('obj')
params = peer_data.get('params', {})
attr = peer_data.get('attr', {})
nbr = Bgp(name=peer)
nbr.set_comment(DMUtils.bgp_group_comment(obj))
bgp_config.add_peers(nbr)
bgp_sessions = attr.get('session')
if bgp_sessions:
# for now assume only one session
session_attrs = bgp_sessions[0].get('attributes', [])
for session_attr in session_attrs:
# For not, only consider the attribute if bgp-router is
# not specified
if session_attr.get('bgp_router') is None:
self.add_families(nbr, session_attr)
self.add_bgp_auth_config(nbr, session_attr)
break
peer_as = params.get('local_autonomous_system') or params.get('autonomous_system')
nbr.set_autonomous_system(peer_as)
def update_instance_ip_map(self):
self.instance_ip_map = {}
for vmi_uuid in self.virtual_machine_interfaces:
vmi = VirtualMachineInterfaceDM.get(vmi_uuid)
if vmi is None or vmi.is_device_owner_bms() == False:
continue
if vmi.floating_ip is not None and vmi.instance_ip is not None:
fip = FloatingIpDM.get(vmi.floating_ip)
inst_ip = InstanceIpDM.get(vmi.instance_ip)
if fip is None or inst_ip is None:
continue
instance_ip = inst_ip.instance_ip_address
floating_ip = fip.floating_ip_address
public_vn = VirtualNetworkDM.get(fip.public_network)
if public_vn is None or public_vn.vn_network_id is None:
continue
public_vrf_name = DMUtils.make_vrf_name(
public_vn.fq_name[-1], public_vn.vn_network_id, 'l3')
self.instance_ip_map[instance_ip] = {
'floating_ip': floating_ip,
'vrf_name': public_vrf_name
}
def add_dynamic_tunnels(self, tunnel_source_ip, ip_fabric_nets,
bgp_router_ips):
self.tunnel_config = etree.Element("routing-options")
dynamic_tunnels = etree.SubElement(self.tunnel_config,
"dynamic-tunnels")
dynamic_tunnel = etree.SubElement(dynamic_tunnels, "dynamic-tunnel")
etree.SubElement(dynamic_tunnel,
"name").text = DMUtils.get_dynamic_tunnel_name()
etree.SubElement(dynamic_tunnel,
"source-address").text = tunnel_source_ip
etree.SubElement(dynamic_tunnel, "gre")
if ip_fabric_nets is not None:
for subnet in ip_fabric_nets.get("subnet", []):
dest_network = etree.SubElement(dynamic_tunnel,
"destination-networks")
etree.SubElement(
dest_network,
"name").text = subnet['ip_prefix'] + '/' + str(
subnet['ip_prefix_len'])
for bgp_router_ip in bgp_router_ips:
dest_network = etree.SubElement(dynamic_tunnel,
"destination-networks")
etree.SubElement(dest_network, "name").text = bgp_router_ip + '/32'
def feature_config(self, **kwargs):
self.pi_map = OrderedDict()
feature_config = Feature(name=self.feature_name())
vn_map = self._get_interconnect_vn_map()
for vn_uuid, vn_list in vn_map.iteritems():
vn_obj = db.VirtualNetworkDM.get(vn_uuid)
ri_obj = self._get_primary_ri(vn_obj)
if ri_obj is None:
continue
ri_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1],
vn_obj.vn_network_id, 'l3')
export_targets, import_targets = self._get_export_import_targets(
vn_obj, ri_obj)
ri = self._build_ri_config(vn_obj, ri_name, ri_obj, export_targets,
import_targets, feature_config, vn_list)
feature_config.add_routing_instances(ri)
for pi, li_map in self.pi_map.values():
pi.set_logical_interfaces(li_map.values())
feature_config.add_physical_interfaces(pi)
return feature_config
def add_peer_bgp_config(self, bgp_config, peers):
peer_map = {}
for peer, peer_data in self.get_sorted_key_value_pairs(peers):
obj = peer_data.get('obj')
params = peer_data.get('params', {})
attr = peer_data.get('attr', {})
nbr = Bgp(name=peer, ip_address=peer)
nbr.set_comment(DMUtils.bgp_group_comment(obj))
peer_map[peer] = nbr
bgp_sessions = attr.get('session')
if bgp_sessions:
# for now assume only one session
session_attrs = bgp_sessions[0].get('attributes', [])
for session_attr in session_attrs:
# For not, only consider the attribute if bgp-router is
# not specified
if session_attr.get('bgp_router') is None:
self.add_families(nbr, session_attr)
self.add_bgp_auth_config(nbr, session_attr)
break
peer_as = params.get('local_autonomous_system') or params.get('autonomous_system')
nbr.set_autonomous_system(peer_as)
if peer_map:
bgp_config.set_peers(self.get_values_sorted_by_key(peer_map))
def feature_config(self, **kwargs):
self.pi_map = OrderedDict()
feature_config = Feature(name=self.feature_name())
vns = self._get_connected_vn_ids()
use_gateway_ip = all([c.additional_params.use_gateway_ip == 'True' for c in self._configs])
irb_ip_map = self._physical_router.allocate_irb_ips_for(vns, use_gateway_ip)
for vn_uuid in vns:
vn_obj = db.VirtualNetworkDM.get(vn_uuid)
ri_obj = self._get_primary_ri(vn_obj)
if ri_obj is None:
continue
ri_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1],
vn_obj.vn_network_id, 'l3')
export_targets, import_targets = self._get_export_import_targets(vn_obj, ri_obj)
ri = self._build_ri_config(vn_obj, ri_name, ri_obj, export_targets,
import_targets, feature_config, irb_ip_map.get(vn_uuid, []))
feature_config.add_routing_instances(ri)
for pi, li_map in self.pi_map.values():
pi.set_logical_interfaces(li_map.values())
feature_config.add_physical_interfaces(pi)
return feature_config
def _build_ri_config(self, vn, ri_name, ri_obj, export_targets,
import_targets, feature_config, irb_ips):
gevent.idle()
network_id = vn.vn_network_id
vxlan_id = vn.get_vxlan_vni()
ri = RoutingInstance(name=ri_name,
virtual_network_mode='l3',
export_targets=export_targets,
import_targets=import_targets,
virtual_network_id=str(network_id),
vxlan_id=str(vxlan_id),
is_public_network=vn.router_external,
routing_instance_type='vrf')
for prefix in vn.get_prefixes(self._physical_router.uuid):
ri.add_prefixes(self._get_subnet_for_cidr(prefix))
_, li_map = self._add_or_lookup_pi(self.pi_map, 'irb', 'irb')
irb = None
if irb_ips:
irb = self._add_or_lookup_li(li_map, 'irb.' + str(network_id),
network_id)
if vn.has_ipv6_subnet is True:
irb.set_is_virtual_router(True)
for (irb_ip, gateway) in irb_ips:
self._add_ip_address(irb, irb_ip, gateway=gateway)
vlan = Vlan(name=DMUtils.make_bridge_name(vxlan_id), vxlan_id=vxlan_id)
desc = "Virtual Network - %s" % vn.name
vlan.set_description(desc)
feature_config.add_vlans(vlan)
if irb:
self._add_ref_to_list(vlan.get_interfaces(), irb.get_name())
return ri
def add_routing_instance(self, ri_conf):
ri_name = ri_conf.get("ri_name")
vn = ri_conf.get("vn")
is_l2 = ri_conf.get("is_l2", False)
is_l2_l3 = ri_conf.get("is_l2_l3", False)
import_targets = ri_conf.get("import_targets", set())
export_targets = ri_conf.get("export_targets", set())
prefixes = ri_conf.get("prefixes", [])
gateways = ri_conf.get("gateways", [])
interfaces = ri_conf.get("interfaces", [])
vni = ri_conf.get("vni", None)
network_id = ri_conf.get("network_id", None)
self.routing_instances[ri_name] = ri_conf
ri_config = self.ri_config or RoutingInstances(
comment=DMUtils.routing_instances_comment())
policy_config = self.policy_config or PolicyOptions(
comment=DMUtils.policy_options_comment())
ri = Instance(name=ri_name)
ri_config.add_instance(ri)
ri_opt = None
# for both l2 and l3
ri.set_vrf_import(DMUtils.make_import_name(ri_name))
ri.set_vrf_export(DMUtils.make_export_name(ri_name))
has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes)
has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes)
if not is_l2:
if ri_opt is None:
ri_opt = RoutingInstanceRoutingOptions()
ri.set_routing_options(ri_opt)
ri.set_instance_type("vrf")
for interface in interfaces:
ri.add_interface(Interface(name=interface.name))
family = Family()
if has_ipv4_prefixes:
family.set_inet(FamilyInet(unicast=''))
if has_ipv6_prefixes:
family.set_inet6(FamilyInet6(unicast=''))
if has_ipv4_prefixes or has_ipv6_prefixes:
auto_export = AutoExport(family=family)
ri_opt.set_auto_export(auto_export)
else:
ri.set_instance_type("virtual-switch")
# add policies for export route targets
ps = PolicyStatement(name=DMUtils.make_export_name(ri_name))
ps.set_comment(DMUtils.vn_ps_comment(vn, "Export"))
then = Then()
ps.add_term(Term(name="t1", then=then))
for route_target in export_targets:
comm = Community(
add='',
community_name=DMUtils.make_community_name(route_target))
then.add_community(comm)
then.set_accept('')
self.add_vni_option(network_id,
DMUtils.make_community_name(route_target))
policy_config.add_policy_statement(ps)
self.add_to_global_switch_opts(DMUtils.make_export_name(ri_name),
False)
# add policies for import route targets
ps = PolicyStatement(name=DMUtils.make_import_name(ri_name))
ps.set_comment(DMUtils.vn_ps_comment(vn, "Import"))
from_ = From()
term = Term(name="t1", fromxx=from_)
ps.add_term(term)
for route_target in import_targets:
from_.add_community(DMUtils.make_community_name(route_target))
self.add_vni_option(network_id,
DMUtils.make_community_name(route_target))
term.set_then(Then(accept=''))
ps.set_then(Then(reject=''))
policy_config.add_policy_statement(ps)
self.add_to_global_switch_opts(DMUtils.make_import_name(ri_name), True)
# add vlan config
if is_l2 and vni and self.is_family_configured(self.bgp_params,
"e-vpn"):
self.add_vlan_config(ri_name, vni)
# add L2 EVPN and BD config
interfaces_config = self.interfaces_config
proto_config = self.proto_config
if (is_l2 and vni is not None
and self.is_family_configured(self.bgp_params, "e-vpn")):
ri.set_vtep_source_interface("lo0.0")
evpn = Evpn(encapsulation='vxlan', extended_vni_list='all')
self.set_evpn_default_gateway_params(evpn)
ri.set_protocols(RoutingInstanceProtocols(evpn=evpn))
interfaces_config = self.interfaces_config or Interfaces(
comment=DMUtils.interfaces_comment())
if is_l2_l3:
irb_intf = Interface(name='irb', gratuitous_arp_reply='')
interfaces_config.add_interface(irb_intf)
if gateways is not None:
intf_unit = Unit(name=str(network_id),
comment=DMUtils.vn_irb_comment(
vn, False, is_l2_l3))
irb_intf.add_unit(intf_unit)
if self.is_spine():
intf_unit.set_proxy_macip_advertisement('')
family = Family()
intf_unit.set_family(family)
inet = None
inet6 = None
for (irb_ip, gateway) in gateways:
if ':' in irb_ip:
if not inet6:
inet6 = FamilyInet6()
family.set_inet6(inet6)
addr = Address()
inet6.add_address(addr)
else:
if not inet:
inet = FamilyInet()
family.set_inet(inet)
addr = Address()
inet.add_address(addr)
addr.set_name(irb_ip)
addr.set_comment(DMUtils.irb_ip_comment(irb_ip))
if len(gateway) and gateway != '0.0.0.0':
addr.set_virtual_gateway_address(gateway)
self.build_l2_evpn_interface_config(interfaces_config, interfaces,
vn)
if (not is_l2 and not is_l2_l3 and gateways):
interfaces_config = self.interfaces_config or Interfaces(
comment=DMUtils.interfaces_comment())
ifl_num = str(1000 + int(network_id))
lo_intf = Interface(name="lo0")
interfaces_config.add_interface(lo_intf)
intf_unit = Unit(name=ifl_num,
comment=DMUtils.l3_lo_intf_comment(vn))
lo_intf.add_unit(intf_unit)
family = Family()
intf_unit.set_family(family)
inet = None
inet6 = None
for (lo_ip, _) in gateways:
subnet = lo_ip
(ip, _) = lo_ip.split('/')
if ':' in lo_ip:
if not inet6:
inet6 = FamilyInet6()
family.set_inet6(inet6)
addr = Address()
inet6.add_address(addr)
lo_ip = ip + '/' + '128'
else:
if not inet:
inet = FamilyInet()
family.set_inet(inet)
addr = Address()
inet.add_address(addr)
lo_ip = ip + '/' + '32'
addr.set_name(lo_ip)
addr.set_comment(DMUtils.lo0_ip_comment(subnet))
ri.add_interface(
Interface(name="lo0." + ifl_num,
comment=DMUtils.lo0_ri_intf_comment(vn)))
self.policy_config = policy_config
self.proto_config = proto_config
self.interfaces_config = interfaces_config
self.route_targets |= import_targets | export_targets
self.ri_config = ri_config
def build_ri_config(self):
vn_dict = self.get_vn_li_map()
self.physical_router.evaluate_vn_irb_ip_map(set(vn_dict.keys()),
'l2_l3', 'irb', False)
self.physical_router.evaluate_vn_irb_ip_map(set(vn_dict.keys()), 'l3',
'lo0', True)
vn_irb_ip_map = self.physical_router.get_vn_irb_ip_map()
for vn_id, interfaces in vn_dict.items():
vn_obj = VirtualNetworkDM.get(vn_id)
if (vn_obj is None or vn_obj.get_vxlan_vni() is None
or vn_obj.vn_network_id is None):
continue
if not self.check_vn_is_allowed(vn_obj):
continue
export_set = None
import_set = None
for ri_id in vn_obj.routing_instances:
# Find the primary RI by matching the name
ri_obj = RoutingInstanceDM.get(ri_id)
if ri_obj is None:
continue
if ri_obj.fq_name[-1] == vn_obj.fq_name[-1]:
vrf_name_l2 = DMUtils.make_vrf_name(
vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l2')
vrf_name_l3 = DMUtils.make_vrf_name(
vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l3')
export_set = copy.copy(ri_obj.export_targets)
import_set = copy.copy(ri_obj.import_targets)
for ri2_id in ri_obj.routing_instances:
ri2 = RoutingInstanceDM.get(ri2_id)
if ri2 is None:
continue
import_set |= ri2.export_targets
if vn_obj.get_forwarding_mode() in ['l2', 'l2_l3']:
irb_ips = None
if vn_obj.get_forwarding_mode() == 'l2_l3':
irb_ips = vn_irb_ip_map['irb'].get(vn_id, [])
ri_conf = {'ri_name': vrf_name_l2, 'vn': vn_obj}
ri_conf['is_l2'] = True
ri_conf['is_l2_l3'] = (
vn_obj.get_forwarding_mode() == 'l2_l3')
ri_conf['import_targets'] = import_set
ri_conf['export_targets'] = export_set
ri_conf['prefixes'] = vn_obj.get_prefixes()
ri_conf['gateways'] = irb_ips
ri_conf['interfaces'] = interfaces
ri_conf['vni'] = vn_obj.get_vxlan_vni()
ri_conf['network_id'] = vn_obj.vn_network_id
self.add_routing_instance(ri_conf)
if vn_obj.get_forwarding_mode() in ['l3']:
interfaces = []
lo0_ips = vn_irb_ip_map['lo0'].get(vn_id, [])
ri_conf = {'ri_name': vrf_name_l3, 'vn': vn_obj}
ri_conf['is_l2'] = False
ri_conf['is_l2_l3'] = False
ri_conf['import_targets'] = import_set
ri_conf['export_targets'] = export_set
ri_conf['prefixes'] = vn_obj.get_prefixes()
ri_conf['interfaces'] = interfaces
ri_conf['gateways'] = lo0_ips
ri_conf['network_id'] = vn_obj.vn_network_id
self.add_routing_instance(ri_conf)
break
return
def init_global_switch_opts(self):
if self.global_switch_options_config is None:
self.global_switch_options_config = SwitchOptions(
comment=DMUtils.switch_options_comment())
self.global_switch_options_config.set_vtep_source_interface("lo0.0")
def add_routing_instance(self, ri_conf):
ri_name = ri_conf.get("ri_name")
is_l2 = ri_conf.get("is_l2", False)
is_l2_l3 = ri_conf.get("is_l2_l3", False)
import_targets = ri_conf.get("import_targets", set())
export_targets = ri_conf.get("export_targets", set())
prefixes = ri_conf.get("prefixes", [])
gateways = ri_conf.get("gateways", [])
router_external = ri_conf.get("router_external", False)
interfaces = ri_conf.get("interfaces", [])
vni = ri_conf.get("vni", None)
fip_map = ri_conf.get("fip_map", None)
network_id = ri_conf.get("network_id", None)
static_routes = ri_conf.get("static_routes", {})
no_vrf_table_label = ri_conf.get("no_vrf_table_label", False)
restrict_proxy_arp = ri_conf.get("restrict_proxy_arp", False)
highest_enapsulation_priority = \
ri_conf.get("highest_enapsulation_priority") or "MPLSoGRE"
self.routing_instances[ri_name] = ri_conf
ri_config = self.ri_config or RoutingInstances()
policy_config = self.policy_config or PolicyOptions()
ri = Instance(name=ri_name)
ri_config.add_instance(ri)
ri_opt = None
if router_external and is_l2 == False:
ri_opt = RoutingInstanceRoutingOptions(static=Static(
route=[Route(name="0.0.0.0/0", next_table="inet.0")]))
ri.set_routing_options(ri_opt)
# for both l2 and l3
ri.set_vrf_import(DMUtils.make_import_name(ri_name))
ri.set_vrf_export(DMUtils.make_export_name(ri_name))
has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes)
has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes)
if not is_l2:
if ri_opt is None:
ri_opt = RoutingInstanceRoutingOptions()
ri.set_routing_options(ri_opt)
if prefixes and fip_map is None:
static_config = ri_opt.get_static()
if not static_config:
static_config = Static()
ri_opt.set_static(static_config)
rib_config_v6 = None
static_config_v6 = None
for prefix in prefixes:
if ':' in prefix and not rib_config_v6:
static_config_v6 = Static()
rib_config_v6 = RIB(name=ri_name + ".inet6.0")
rib_config_v6.set_static(static_config_v6)
ri_opt.set_rib(rib_config_v6)
if ':' in prefix:
static_config_v6.add_route(
Route(name=prefix, discard=''))
else:
static_config.add_route(Route(name=prefix, discard=''))
if router_external:
self.add_to_global_ri_opts(prefix)
ri.set_instance_type("vrf")
if not no_vrf_table_label:
ri.set_vrf_table_label('') # only for l3
if fip_map is None:
for interface in interfaces:
ri.add_interface(Interface(name=interface.name))
if static_routes:
self.add_static_routes(ri_opt, static_routes)
if has_ipv4_prefixes:
ri_opt.set_auto_export(
AutoExport(family=Family(inet=FamilyInet(unicast=''))))
if has_ipv6_prefixes:
ri_opt.set_auto_export(
AutoExport(family=Family(inet6=FamilyInet6(unicast=''))))
else:
if highest_enapsulation_priority == "VXLAN":
ri.set_instance_type("virtual-switch")
elif highest_enapsulation_priority in ["MPLSoGRE", "MPLSoUDP"]:
ri.set_instance_type("evpn")
if fip_map is not None:
if ri_opt is None:
ri_opt = RoutingInstanceRoutingOptions()
ri.set_routing_options(ri_opt)
static_config = ri_opt.get_static()
if not static_config:
static_config = Static()
ri_opt.set_static(static_config)
static_config.add_route(
Route(name="0.0.0.0/0", next_hop=interfaces[0].name))
ri.add_interface(Interface(name=interfaces[0].name))
public_vrf_ips = {}
for pip in fip_map.values():
if pip["vrf_name"] not in public_vrf_ips:
public_vrf_ips[pip["vrf_name"]] = set()
public_vrf_ips[pip["vrf_name"]].add(pip["floating_ip"])
for public_vrf, fips in public_vrf_ips.items():
ri_public = Instance(name=public_vrf)
ri_config.add_instance(ri_public)
ri_public.add_interface(Interface(name=interfaces[1].name))
ri_opt = RoutingInstanceRoutingOptions()
ri_public.set_routing_options(ri_opt)
static_config = Static()
ri_opt.set_static(static_config)
for fip in fips:
static_config.add_route(
Route(name=fip + "/32", next_hop=interfaces[1].name))
# add policies for export route targets
ps = PolicyStatement(name=DMUtils.make_export_name(ri_name))
then = Then()
ps.set_term(Term(name="t1", then=then))
for route_target in export_targets:
comm = Community(
add='',
community_name=DMUtils.make_community_name(route_target))
then.add_community(comm)
if fip_map is not None:
# for nat instance
then.set_reject('')
else:
then.set_accept('')
policy_config.add_policy_statement(ps)
# add policies for import route targets
ps = PolicyStatement(name=DMUtils.make_import_name(ri_name))
from_ = From()
term = Term(name="t1", fromxx=from_)
ps.set_term(term)
for route_target in import_targets:
from_.add_community(DMUtils.make_community_name(route_target))
term.set_then(Then(accept=''))
ps.set_then(Then(reject=''))
policy_config.add_policy_statement(ps)
# add firewall config for public VRF
forwarding_options_config = self.forwarding_options_config
firewall_config = self.firewall_config
if router_external and is_l2 == False:
forwarding_options_config = (self.forwarding_options_config
or ForwardingOptions())
firewall_config = self.firewall_config or Firewall()
if has_ipv4_prefixes and not self.inet4_forwarding_filter:
#create single instance inet4 filter
self.inet4_forwarding_filter = self.add_inet_public_vrf_filter(
forwarding_options_config, firewall_config, "inet")
if has_ipv6_prefixes and not self.inet6_forwarding_filter:
#create single instance inet6 filter
self.inet6_forwarding_filter = self.add_inet_public_vrf_filter(
forwarding_options_config, firewall_config, "inet6")
if has_ipv4_prefixes:
#add terms to inet4 filter
term = self.add_inet_filter_term(ri_name, prefixes, "inet4")
# insert before the last term
terms = self.inet4_forwarding_filter.get_term()
terms = [term] + (terms or [])
self.inet4_forwarding_filter.set_term(terms)
if has_ipv6_prefixes:
#add terms to inet6 filter
term = self.add_inet_filter_term(ri_name, prefixes, "inet6")
# insert before the last term
terms = self.inet6_forwarding_filter.get_term()
terms = [term] + (terms or [])
self.inet6_forwarding_filter.set_term(terms)
if fip_map is not None:
firewall_config = firewall_config or Firewall()
f = FirewallFilter(
name=DMUtils.make_private_vrf_filter_name(ri_name))
ff = firewall_config.get_family()
if not ff:
ff = FirewallFamily()
firewall_config.set_family(ff)
inet = ff.get_inet()
if not inet:
inet = FirewallInet()
ff.set_inet(inet)
inet.add_filter(f)
term = Term(name=DMUtils.make_vrf_term_name(ri_name))
from_ = From()
for fip_user_ip in fip_map.keys():
from_.add_source_address(fip_user_ip)
term.set_from(from_)
term.set_then(Then(routing_instance=[ri_name]))
f.add_term(term)
term = Term(name="default-term", then=Then(accept=''))
f.add_term(term)
interfaces_config = self.interfaces_config or Interfaces()
irb_intf = Interface(name="irb")
interfaces_config.add_interface(irb_intf)
intf_unit = Unit(name=str(network_id))
if restrict_proxy_arp:
intf_unit.set_proxy_arp(ProxyArp(restricted=''))
inet = FamilyInet()
inet.set_filter(
InetFilter(
input=DMUtils.make_private_vrf_filter_name(ri_name)))
intf_unit.set_family(Family(inet=inet))
irb_intf.add_unit(intf_unit)
# add L2 EVPN and BD config
bd_config = None
interfaces_config = self.interfaces_config
proto_config = self.proto_config
if (is_l2 and vni is not None
and self.is_family_configured(self.bgp_params, "e-vpn")):
ri.set_vtep_source_interface("lo0.0")
if highest_enapsulation_priority == "VXLAN":
bd_config = BridgeDomains()
ri.set_bridge_domains(bd_config)
bd = Domain(name=DMUtils.make_bridge_name(vni),
vlan_id='none',
vxlan=VXLan(vni=vni))
bd_config.add_domain(bd)
for interface in interfaces:
bd.add_interface(Interface(name=interface.name))
if is_l2_l3:
# network_id is unique, hence irb
bd.set_routing_interface("irb." + str(network_id))
ri.set_protocols(
RoutingInstanceProtocols(evpn=Evpn(
encapsulation='vxlan', extended_vni_list='all')))
elif highest_enapsulation_priority in ["MPLSoGRE", "MPLSoUDP"]:
ri.set_vlan_id('none')
if is_l2_l3:
# network_id is unique, hence irb
ri.set_routing_interface("irb." + str(network_id))
evpn = Evpn()
for interface in interfaces:
evpn.add_interface(Interface(name=interface.name))
ri.set_protocols(RoutingInstanceProtocols(evpn=evpn))
interfaces_config = self.interfaces_config or Interfaces()
if is_l2_l3:
irb_intf = Interface(name='irb', gratuitous_arp_reply='')
interfaces_config.add_interface(irb_intf)
if gateways is not None:
intf_unit = Unit(name=str(network_id))
irb_intf.add_unit(intf_unit)
family = Family()
intf_unit.set_family(family)
inet = None
inet6 = None
for (irb_ip, gateway) in gateways:
if ':' in irb_ip:
if not inet6:
inet6 = FamilyInet6()
family.set_inet6(inet6)
addr = Address()
inet6.add_address(addr)
else:
if not inet:
inet = FamilyInet()
family.set_inet(inet)
addr = Address()
inet.add_address(addr)
addr.set_name(irb_ip)
if len(gateway) and gateway != '0.0.0.0':
addr.set_virtual_gateway_address(gateway)
lo_intf = Interface(name="lo0")
interfaces_config.add_interface(lo_intf)
fam_inet = FamilyInet(address=[
Address(name=self.bgp_params['address'] + "/32",
primary='',
preferred='')
])
intf_unit = Unit(name="0", family=Family(inet=fam_inet))
lo_intf.add_unit(intf_unit)
self.build_l2_evpn_interface_config(interfaces_config, interfaces)
if (not is_l2 and not is_l2_l3 and gateways):
interfaces_config = self.interfaces_config or Interfaces()
ifl_num = str(1000 + int(network_id))
lo_intf = Interface(name="lo0")
interfaces_config.add_interface(lo_intf)
intf_unit = Unit(name=ifl_num)
lo_intf.add_unit(intf_unit)
family = Family()
intf_unit.set_family(family)
inet = None
inet6 = None
for (lo_ip, _) in gateways:
(ip, _) = lo_ip.split('/')
if ':' in lo_ip:
if not inet6:
inet6 = FamilyInet6()
family.set_inet6(inet6)
addr = Address()
inet6.add_address(addr)
lo_ip = ip + '/' + '128'
else:
if not inet:
inet = FamilyInet()
family.set_inet(inet)
addr = Address()
inet.add_address(addr)
lo_ip = ip + '/' + '32'
addr.set_name(lo_ip)
ri.add_interface(Interface(name="lo0." + ifl_num))
# fip services config
services_config = self.services_config
if fip_map is not None:
services_config = self.services_config or Services()
service_name = DMUtils.make_services_set_name(ri_name)
service_set = ServiceSet(name=service_name)
services_config.add_service_set(service_set)
nat_rule = NATRules(name=service_name + "-sn-rule")
service_set.add_nat_rules(
NATRules(name=DMUtils.make_snat_rule_name(ri_name)))
service_set.add_nat_rules(
NATRules(name=DMUtils.make_dnat_rule_name(ri_name)))
next_hop_service = NextHopService(
inside_service_interface=interfaces[0].name,
outside_service_interface=interfaces[1].name)
service_set.set_next_hop_service(next_hop_service)
nat = NAT(allow_overlapping_nat_pools='')
services_config.add_nat(nat)
snat_rule = Rule(name=DMUtils.make_snat_rule_name(ri_name),
match_direction="input")
nat.add_rule(snat_rule)
dnat_rule = Rule(name=DMUtils.make_dnat_rule_name(ri_name),
match_direction="output")
nat.add_rule(dnat_rule)
for pip, fip_vn in fip_map.items():
fip = fip_vn["floating_ip"]
term = Term(name=DMUtils.make_ip_term_name(pip))
snat_rule.set_term(term)
# private ip
from_ = From(source_address=[pip + "/32"])
term.set_from(from_)
# public ip
then_ = Then()
term.set_then(then_)
translated = Translated(
source_prefix=fip + "/32",
translation_type=TranslationType(basic_nat44=''))
then_.set_translated(translated)
term = Term(name=DMUtils.make_ip_term_name(fip))
dnat_rule.set_term(term)
# public ip
from_ = From(destination_address=[fip + "/32"])
term.set_from(from_)
# private ip
then_ = Then()
term.set_then(then_)
translated = Translated(
destination_prefix=pip + "/32",
translation_type=TranslationType(dnat_44=''))
then_.set_translated(translated)
interfaces_config = self.interfaces_config or Interfaces()
si_intf = Interface(name=interfaces[0].ifd_name)
interfaces_config.add_interface(si_intf)
intf_unit = Unit(name=interfaces[0].unit)
si_intf.add_unit(intf_unit)
family = Family(inet=FamilyInet())
intf_unit.set_family(family)
intf_unit.set_service_domain("inside")
intf_unit = Unit(name=interfaces[1].unit)
si_intf.add_unit(intf_unit)
family = Family(inet=FamilyInet())
intf_unit.set_family(family)
intf_unit.set_service_domain("outside")
self.forwarding_options_config = forwarding_options_config
self.firewall_config = firewall_config
self.policy_config = policy_config
self.proto_config = proto_config
self.interfaces_config = interfaces_config
self.services_config = services_config
self.route_targets |= import_targets | export_targets
self.ri_config = ri_config
def set_chassis_config(self):
device_count = DMUtils.get_max_ae_device_count()
aggr_devices = AggregatedDevices(Ethernet(device_count=device_count))
if not self.chassis_config:
self.chassis_config = Chassis()
self.chassis_config.set_aggregated_devices(aggr_devices)
def add_routing_instance(self, ri_conf):
ri_name = ri_conf.get("ri_name")
vn = ri_conf.get("vn")
is_l2 = ri_conf.get("is_l2", False)
is_l2_l3 = ri_conf.get("is_l2_l3", False)
import_targets = ri_conf.get("import_targets", set())
export_targets = ri_conf.get("export_targets", set())
prefixes = ri_conf.get("prefixes", [])
gateways = ri_conf.get("gateways", [])
interfaces = ri_conf.get("interfaces", [])
vni = ri_conf.get("vni", None)
network_id = ri_conf.get("network_id", None)
is_internal_vn = True if '_contrail_lr_internal_vn_' in vn.name else False
self.routing_instances[ri_name] = ri_conf
ri_config = None
policy_config = self.policy_config or \
PolicyOptions(comment=DMUtils.policy_options_comment())
ri = None
ri_opt = None
ri_config = self.ri_config or \
RoutingInstances(comment=DMUtils.routing_instances_comment())
ri = Instance(name=ri_name)
if not is_l2:
ri_config.add_instance(ri)
ri.set_vrf_import(DMUtils.make_import_name(ri_name))
ri.set_vrf_export(DMUtils.make_export_name(ri_name))
has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes)
has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes)
if not is_l2:
if ri_opt is None:
ri_opt = RoutingInstanceRoutingOptions()
ri.set_routing_options(ri_opt)
ri.set_instance_type("vrf")
for interface in interfaces:
ri.add_interface(Interface(name=interface.name))
family = Family()
if has_ipv4_prefixes:
family.set_inet(FamilyInet(unicast=''))
if has_ipv6_prefixes:
family.set_inet6(FamilyInet6(unicast=''))
if has_ipv4_prefixes or has_ipv6_prefixes:
auto_export = AutoExport(family=family)
ri_opt.set_auto_export(auto_export)
if is_internal_vn:
self.internal_vn_ris.append(ri)
self.add_bogus_lo0(ri, network_id, vn)
if self.is_spine() and is_l2_l3:
self.add_irb_config(ri_conf)
self.attach_irb(ri_conf, ri)
# add policies for export route targets
if self.is_spine():
ps = PolicyStatement(name=DMUtils.make_export_name(ri_name))
ps.set_comment(DMUtils.vn_ps_comment(vn, "Export"))
then = Then()
ps.add_term(Term(name="t1", then=then))
for route_target in export_targets:
comm = Community(
add='',
community_name=DMUtils.make_community_name(route_target))
then.add_community(comm)
then.set_accept('')
policy_config.add_policy_statement(ps)
self.add_to_global_switch_opts(DMUtils.make_export_name(ri_name),
False)
# add policies for import route targets
ps = PolicyStatement(name=DMUtils.make_import_name(ri_name))
ps.set_comment(DMUtils.vn_ps_comment(vn, "Import"))
# add term switch policy
from_ = From()
term = Term(name=DMUtils.get_switch_policy_name(), fromxx=from_)
ps.add_term(term)
from_.add_community(DMUtils.get_switch_policy_name())
term.set_then(Then(accept=''))
from_ = From()
term = Term(name="t1", fromxx=from_)
ps.add_term(term)
for route_target in import_targets:
from_.add_community(DMUtils.make_community_name(route_target))
if not is_internal_vn:
self.add_vni_option(vni or network_id, route_target)
term.set_then(Then(accept=''))
policy_config.add_policy_statement(ps)
self.add_to_global_switch_opts(DMUtils.make_import_name(ri_name), True)
# add L2 EVPN and BD config
interfaces_config = self.interfaces_config
if (is_l2 and vni is not None
and self.is_family_configured(self.bgp_params, "e-vpn")):
# add vlan config
vlan_conf = self.add_vlan_config(ri_name, vni, is_l2_l3,
"irb." + str(network_id))
interfaces_config = self.interfaces_config or Interfaces(
comment=DMUtils.interfaces_comment())
self.build_l2_evpn_interface_config(interfaces_config, interfaces,
vn, vlan_conf)
if (not is_l2 and vni is not None
and self.is_family_configured(self.bgp_params, "e-vpn")):
ri.set_vtep_source_interface("lo0.0")
evpn = self.build_evpn_config()
if evpn:
ri.set_protocols(RoutingInstanceProtocols(evpn=evpn))
#add vlans
self.add_ri_vlan_config(ri, vni)
if (not is_l2 and not is_l2_l3 and gateways):
interfaces_config = self.interfaces_config or \
Interfaces(comment=DMUtils.interfaces_comment())
ifl_num = str(1000 + int(network_id))
lo_intf = Interface(name="lo0")
interfaces_config.add_interface(lo_intf)
intf_unit = Unit(name=ifl_num,
comment=DMUtils.l3_lo_intf_comment(vn))
lo_intf.add_unit(intf_unit)
family = Family()
intf_unit.set_family(family)
inet = None
inet6 = None
for (lo_ip, _) in gateways:
subnet = lo_ip
(ip, _) = lo_ip.split('/')
if ':' in lo_ip:
if not inet6:
inet6 = FamilyInet6()
family.set_inet6(inet6)
addr = Address()
inet6.add_address(addr)
lo_ip = ip + '/' + '128'
else:
if not inet:
inet = FamilyInet()
family.set_inet(inet)
addr = Address()
inet.add_address(addr)
lo_ip = ip + '/' + '32'
addr.set_name(lo_ip)
addr.set_comment(DMUtils.lo0_ip_comment(subnet))
ri.add_interface(
Interface(name="lo0." + ifl_num,
comment=DMUtils.lo0_ri_intf_comment(vn)))
self.policy_config = policy_config
self.interfaces_config = interfaces_config
self.route_targets |= import_targets | export_targets
self.ri_config = ri_config
def build_ri_config(self):
if not self.is_spine():
esi_map = self.get_ae_alloc_esi_map()
self.physical_router.evaluate_ae_id_map(esi_map)
self.build_ae_config(esi_map)
vn_dict = self.get_vn_li_map()
vn_irb_ip_map = None
if self.is_spine():
self.physical_router.evaluate_vn_irb_ip_map(
set(vn_dict.keys()), 'l2_l3', 'irb', False)
self.physical_router.evaluate_vn_irb_ip_map(
set(vn_dict.keys()), 'l3', 'lo0', True)
vn_irb_ip_map = self.physical_router.get_vn_irb_ip_map()
for vn_id, interfaces in vn_dict.items():
vn_obj = VirtualNetworkDM.get(vn_id)
if (vn_obj is None or vn_obj.get_vxlan_vni() is None
or vn_obj.vn_network_id is None):
continue
export_set = None
import_set = None
for ri_id in vn_obj.routing_instances:
# Find the primary RI by matching the name
ri_obj = RoutingInstanceDM.get(ri_id)
if ri_obj is None:
continue
if ri_obj.fq_name[-1] == vn_obj.fq_name[-1]:
vrf_name_l2 = DMUtils.make_vrf_name(
vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l2')
vrf_name_l3 = DMUtils.make_vrf_name(
vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l3')
export_set = copy.copy(ri_obj.export_targets)
import_set = copy.copy(ri_obj.import_targets)
if self.is_spine():
for ri2_id in ri_obj.routing_instances:
ri2 = RoutingInstanceDM.get(ri2_id)
if ri2 is None:
continue
import_set |= ri2.export_targets
if vn_obj.get_forwarding_mode() in ['l2', 'l2_l3']:
irb_ips = None
if vn_obj.get_forwarding_mode(
) == 'l2_l3' and self.is_spine():
irb_ips = vn_irb_ip_map['irb'].get(vn_id, [])
ri_conf = {
'ri_name':
vrf_name_l2,
'vn':
vn_obj,
'is_l2':
True,
'is_l2_l3':
(vn_obj.get_forwarding_mode() == 'l2_l3'),
'import_targets':
import_set,
'prefixes':
vn_obj.get_prefixes(),
'gateways':
irb_ips,
'router_external':
vn_obj.router_external,
'interfaces':
interfaces,
'vni':
vn_obj.get_vxlan_vni(),
'network_id':
vn_obj.vn_network_id,
'highest_encapsulation_priority':
GlobalVRouterConfigDM.global_encapsulation_priority
}
if self.is_spine():
ri_conf['export_targets'] = export_set
self.add_routing_instance(ri_conf)
if vn_obj.get_forwarding_mode() in [
'l3'
] and self.is_l3_supported(vn_obj):
interfaces = []
lo0_ips = vn_irb_ip_map['lo0'].get(vn_id, [])
ri_conf = {
'ri_name': vrf_name_l3,
'vn': vn_obj,
'is_l2': False,
'is_l2_l3': False,
'import_targets': import_set,
'export_targets': export_set,
'prefixes': vn_obj.get_prefixes(),
'router_external': vn_obj.router_external,
'interfaces': interfaces,
'gateways': lo0_ips,
'network_id': vn_obj.vn_network_id
}
self.add_routing_instance(ri_conf)
break
if export_set and len(vn_obj.instance_ip_map) > 0:
vrf_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1],
vn_obj.vn_network_id, 'l3',
True)
ri_conf = {
'ri_name': vrf_name,
'vn': vn_obj,
'import_targets': import_set,
'fip_map': vn_obj.instance_ip_map,
'network_id': vn_obj.vn_network_id
}
self.add_routing_instance(ri_conf)
return
def add_routing_instance(self, ri_conf):
ri_name = ri_conf.get("ri_name")
vn = ri_conf.get("vn")
is_l2 = ri_conf.get("is_l2", False)
is_l2_l3 = ri_conf.get("is_l2_l3", False)
import_targets = ri_conf.get("import_targets", set())
export_targets = ri_conf.get("export_targets", set())
prefixes = ri_conf.get("prefixes", [])
gateways = ri_conf.get("gateways", [])
router_external = ri_conf.get("router_external", False)
interfaces = ri_conf.get("interfaces", [])
vni = ri_conf.get("vni", None)
fip_map = ri_conf.get("fip_map", None)
network_id = ri_conf.get("network_id", None)
is_internal_vn = True if '_contrail_lr_internal_vn_' in vn.name else False
highest_encapsulation_priority = \
ri_conf.get("highest_encapsulation_priority") or "MPLSoGRE"
self.routing_instances[ri_name] = ri_conf
self.ri_config = self.ri_config or []
self.policy_config = self.policy_config or\
Policy(comment=DMUtils.policy_options_comment())
ri = RoutingInstance(name=ri_name)
if vn:
is_nat = True if fip_map else False
ri.set_comment(
DMUtils.vn_ri_comment(vn, is_l2, is_l2_l3, is_nat,
router_external))
self.ri_config.append(ri)
ri.set_is_public_network(router_external)
has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes)
has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes)
if not is_l2:
ri.set_instance_type("vrf")
if fip_map is None:
for interface in interfaces:
ri.add_interfaces(LogicalInterface(name=interface.name))
else:
if highest_encapsulation_priority == "VXLAN":
ri.set_routing_instance_type("virtual-switch")
elif highest_encapsulation_priority in ["MPLSoGRE", "MPLSoUDP"]:
ri.set_routing_instance_type("evpn")
if is_internal_vn:
self.internal_vn_ris.append(ri)
self.add_bogus_lo0(ri, network_id, vn)
if self.is_spine() and is_l2_l3:
self.add_irb_config(ri_conf)
self.attach_irb(ri_conf, ri)
if fip_map is not None:
ri.add_interfaces(LogicalInterface(name=interfaces[0].name))
public_vrf_ips = {}
for pip in fip_map.values():
if pip["vrf_name"] not in public_vrf_ips:
public_vrf_ips[pip["vrf_name"]] = set()
public_vrf_ips[pip["vrf_name"]].add(pip["floating_ip"])
for public_vrf, fips in public_vrf_ips.items():
floating_ips = []
ri.add_floating_ip_list(
FloatingIpList(public_routing_instance=public_vrf,
floating_ips=floating_ips))
for fip in fips:
floating_ips.append(FloatingIpMap(floating_ip=fip))
# add policies for export route targets
if self.is_spine():
p = PolicyRule(name=DMUtils.make_export_name(ri_name))
p.set_comment(DMUtils.vn_ps_comment(vn, "Export"))
then = Then()
p.add_term(Term(name="t1", then=then))
for route_target in export_targets:
then.add_community(DMUtils.make_community_name(route_target))
then.set_accept_or_reject(True)
self.policy_config.add_policy_rule(p)
# add policies for import route targets
p = PolicyRule(name=DMUtils.make_import_name(ri_name))
p.set_comment(DMUtils.vn_ps_comment(vn, "Import"))
# add term switch policy
from_ = From()
term = Term(name=DMUtils.get_switch_policy_name(), fromxx=from_)
p.add_term(term)
from_.add_community(DMUtils.get_switch_policy_name())
term.set_then(Then(accept_or_reject=True))
from_ = From()
term = Term(name="t1", fromxx=from_)
p.add_term(term)
for route_target in import_targets:
from_.add_community(DMUtils.make_community_name(route_target))
if not is_internal_vn:
self.add_vni_option(vni or network_id, route_target)
term.set_then(Then(accept_or_reject=True))
self.policy_config.add_policy_rule(p)
# add L2 EVPN and BD config
if (is_l2 and vni is not None
and self.is_family_configured(self.bgp_params, "e-vpn")):
# add vlan config
vlan_conf = self.add_vlan_config(ri_name, vni, is_l2_l3,
"irb." + str(network_id))
self.interfaces_config = self.interfaces_config or []
self.build_l2_evpn_interface_config(self.interfaces_config,
interfaces, vn, vlan_conf)
if (not is_l2 and vni is not None
and self.is_family_configured(self.bgp_params, "e-vpn")):
ri.set_vtep_source_interface("lo0.0")
evpn = self.build_evpn_config()
if evpn:
ri.set_protocols(RoutingInstanceProtocols(evpn=evpn))
#add vlans
self.add_ri_vlan_config(ri, vni)
if (not is_l2 and not is_l2_l3 and gateways):
self.interfaces_config = self.interfaces_config or []
ifl_num = str(1000 + int(network_id))
lo_intf = Interface(name="lo0")
interfaces_config.add_interface(lo_intf)
intf_unit = Unit(name=ifl_num,
comment=DMUtils.l3_lo_intf_comment(vn))
lo_intf.add_logical_interfaces(intf_unit)
family = Family()
intf_unit.set_family(family)
inet = None
inet6 = None
for (lo_ip, _) in gateways:
subnet = lo_ip
(ip, _) = lo_ip.split('/')
if ':' in lo_ip:
if not inet6:
inet6 = FamilyInet6()
family.set_inet6(inet6)
addr = Address()
inet6.add_address(addr)
lo_ip = ip + '/' + '128'
else:
if not inet:
inet = FamilyInet()
family.set_inet(inet)
addr = Address()
inet.add_address(addr)
lo_ip = ip + '/' + '32'
addr.set_name(lo_ip)
addr.set_comment(DMUtils.lo0_ip_comment(subnet))
ri.add_interface(
Interface(name="lo0." + ifl_num,
comment=DMUtils.lo0_ri_intf_comment(vn)))
self.route_targets |= import_targets | export_targets
