def build_l2_evpn_interface_config(self, interfaces_config, interfaces, vn, vlan_conf): ifd_map = {} for interface in interfaces: ifd_map.setdefault(interface.ifd_name, []).append(interface) for ifd_name, interface_list in ifd_map.items(): intf = Interface(name=ifd_name) interfaces_config.add_interface(intf) intf.set_flexible_vlan_tagging('') intf.set_encapsulation("extended-vlan-bridge") if interface_list[0].is_untagged(): if (len(interface_list) > 1): self._logger.error( "invalid logical interfaces config for ifd %s" % ( ifd_name)) continue intf.add_unit(Unit(name=interface_list[0].unit, comment=DMUtils.l2_evpn_intf_unit_comment(vn, False), vlan_id="4094")) vlan_conf.add_interface(Interface(name=ifd_name + ".0")) else: for interface in interface_list: intf.add_unit(Unit(name=interface.unit, comment=DMUtils.l2_evpn_intf_unit_comment(vn, True, interface.vlan_tag), vlan_id=str(interface.vlan_tag))) vlan_conf.add_interface(Interface(name=ifd_name + "." + str(interface.vlan_tag)))
def add_inet_public_vrf_filter(self, forwarding_options_config, firewall_config, inet_type): fo = Family() inet_filter = InetFilter(input=DMUtils.make_public_vrf_filter_name(inet_type)) if inet_type == "inet6": fo.set_inet6(FamilyInet6(filter=inet_filter)) else: fo.set_inet(FamilyInet(filter=inet_filter)) forwarding_options_config.add_family(fo) f = FirewallFilter(name=DMUtils.make_public_vrf_filter_name(inet_type)) ff = firewall_config.get_family() if not ff: ff = FirewallFamily() firewall_config.set_family(ff) if inet_type == "inet6": inet6 = ff.get_inet6() if not inet6: inet6 = FirewallInet() ff.set_inet6(inet6) inet6.add_filter(f) else: inet = ff.get_inet() if not inet: inet = FirewallInet() ff.set_inet(inet) inet.add_filter(f) term = Term(name="default-term", then=Then(accept="")) f.add_term(term) return f
def set_route_targets_config(self): if self.policy_config is None: self.policy_config = PolicyOptions(comment=DMUtils.policy_options_comment()) for route_target in self.route_targets: comm = CommunityType(name=DMUtils.make_community_name(route_target)) comm.add_members(route_target) self.policy_config.add_community(comm)
def _build_ri_config(self, vn, ri_name, ri_obj, interfaces, export_targets, import_targets, feature_config): encapsulation_priorities = self._get_encapsulation_priorities() highest_encapsulation = encapsulation_priorities[0] network_id = vn.vn_network_id vxlan_id = vn.get_vxlan_vni() ri = RoutingInstance(name=ri_name, virtual_network_mode='l2', export_targets=export_targets, import_targets=import_targets, virtual_network_id=str(network_id), vxlan_id=str(vxlan_id), is_public_network=vn.router_external) ri.set_virtual_network_id(str(network_id)) ri.set_vxlan_id(str(vxlan_id)) ri.set_is_public_network(vn.router_external) vlan = None if highest_encapsulation == 'VXLAN': ri.set_routing_instance_type('virtual-switch') vlan = Vlan(name=DMUtils.make_bridge_name(vxlan_id), vxlan_id=vxlan_id) vlan.set_comment(DMUtils.vn_bd_comment(vn, 'VXLAN')) feature_config.add_vlans(vlan) for interface in interfaces: self._add_ref_to_list(vlan.get_interfaces(), interface.li_name) elif highest_encapsulation in ['MPLSoGRE', 'MPLSoUDP']: ri.set_routing_instance_type('evpn') self._build_l2_evpn_interface_config(interfaces, vn, vlan) return ri
def build_l2_evpn_interface_config(self, interfaces_config, interfaces, vn=None): ifd_map = {} for interface in interfaces: ifd_map.setdefault(interface.ifd_name, []).append(interface) for ifd_name, interface_list in ifd_map.items(): intf = Interface(name=ifd_name) interfaces_config.add_interface(intf) if interface_list[0].is_untagged(): if (len(interface_list) > 1): self._logger.error( "invalid logical interfaces config for ifd %s" % ( ifd_name)) continue intf.set_encapsulation("ethernet-bridge") intf.add_unit(Unit(name=interface_list[0].unit, comment=DMUtils.l2_evpn_intf_unit_comment(vn, False), family=Family(bridge=''))) else: intf.set_flexible_vlan_tagging('') intf.set_encapsulation("flexible-ethernet-services") for interface in interface_list: intf.add_unit(Unit(name=interface.unit, comment=DMUtils.l2_evpn_intf_unit_comment(vn, True, interface.vlan_tag), encapsulation='vlan-bridge', vlan_id=str(interface.vlan_tag)))
def build_ae_config(self, esi_map): if esi_map: self.set_chassis_config() interfaces_config = self.interfaces_config or \ Interfaces(comment=DMUtils.interfaces_comment()) # self.ae_id_map should have all esi => ae_id mapping # esi_map should have esi => interface memberships for esi, ae_id in self.physical_router.ae_id_map.items(): # config ae interface ae_name = "ae" + str(ae_id) intf = Interface(name=ae_name) interfaces_config.add_interface(intf) priority = DMUtils.lacp_system_priority() system_id = esi[-17:] #last 17 charcaters from esi for ex: 00:00:00:00:00:05 lacp = Lacp(active='', system_priority=priority, \ system_id=system_id, admin_key=1) intf.set_aggregated_ether_options(AggregatedEtherOptions(lacp=lacp)) # associate 'ae' membership pi_list = esi_map.get(esi) for pi in pi_list or []: intf = Interface(name=pi.name) interfaces_config.add_interface(intf) etherOptions = EtherOptions(ieee_802_3ad=Ieee802(bundle=ae_name)) intf.set_gigether_options(etherOptions) self.interfaces_config = interfaces_config
def add_inet_public_vrf_filter(self, firewall_config, inet_type): firewall_config.set_family(inet_type) f = FirewallFilter(name=DMUtils.make_public_vrf_filter_name(inet_type)) f.set_comment(DMUtils.public_vrf_filter_comment()) firewall_config.add_firewall_filters(f) term = Term(name="default-term", then=Then(accept_or_reject=True)) f.add_terms(term) return f
def add_inet_vrf_filter(self, firewall_config, vrf_name): firewall_config.set_family("inet") f = FirewallFilter(name=DMUtils.make_private_vrf_filter_name(vrf_name)) f.set_comment(DMUtils.vrf_filter_comment(vrf_name)) firewall_config.add_firewall_filters(f) term = Term(name="default-term", then=Then(accept_or_reject=True)) f.add_terms(term) return f
def build_underlay_bgp(self): if self.physical_router.allocated_asn is None: self._logger.error("physical router %s(%s) does not have asn" " allocated" % (self.physical_router.name, self.physical_router.uuid)) return for pi_obj, li_obj, iip_obj in self.\ fetch_pi_li_iip(self.physical_router.physical_interfaces): if pi_obj and li_obj and iip_obj and iip_obj.instance_ip_address: pi, li_map = self.set_default_pi(pi_obj.name, 'regular') pi.set_comment(DMUtils.ip_clos_comment()) li = self.set_default_li(li_map, li_obj.name, int(li_obj.name.split('.')[-1])) li.set_comment(DMUtils.ip_clos_comment()) self.add_ip_address(li, iip_obj.instance_ip_address) self._logger.debug("looking for peers for physical" " interface %s(%s)" % (pi_obj.name, pi_obj.uuid)) # Add this bgp object only if it has a peer underlay_asn = self.physical_router.allocated_asn bgp_name = DMUtils.make_underlay_bgp_group_name(underlay_asn, li_obj.name, is_external=True) bgp = Bgp(name=bgp_name, ip_address=iip_obj.instance_ip_address, autonomous_system=underlay_asn, type_='external', comment=DMUtils.ip_clos_comment()) peers = {} # Assumption: PIs are connected for IP-CLOS peering only for peer_pi_obj, peer_li_obj, peer_iip_obj in\ self.fetch_pi_li_iip(pi_obj.physical_interfaces): if peer_pi_obj and peer_li_obj and peer_iip_obj and\ peer_iip_obj.instance_ip_address: peer_pr = PhysicalRouterDM.get( peer_pi_obj.physical_router) if peer_pr is None: self._logger.error( "unable to read peer physical router %s" % peer_pi_obj.physical_router) elif peer_pr.allocated_asn is None: self._logger.error( "peer physical router %s does not have" " asn allocated" % peer_pi_obj.physical_router) elif peer_pr != self.physical_router: peer = Bgp(name=peer_pr.name, ip_address=peer_iip_obj.instance_ip_address, autonomous_system=peer_pr.allocated_asn, comment=peer_pr.name) peers[peer_pr.name] = peer if peers: bgp.set_peers(self.get_values_sorted_by_key(peers)) self.bgp_map[bgp_name] = bgp
def init_global_switch_opts(self): if self.global_switch_options_config is None: self.global_switch_options_config = SwitchOptions(comment=DMUtils.switch_options_comment()) self.global_switch_options_config.set_vtep_source_interface("lo0.0") if not self.routing_instances: # no vn config then no need to configure vrf target return self.global_switch_options_config.add_vrf_target(VniTarget(auto='')) switch_options_community = DMUtils.get_switch_vrf_import(self.get_asn()) self.global_switch_options_config.add_vrf_target(VniTarget(community=switch_options_community))
def set_route_targets_config(self): if self.policy_config is None: self.policy_config = PolicyOptions(comment=DMUtils.policy_options_comment()) for route_target in self.route_targets: comm = CommunityType(name=DMUtils.make_community_name(route_target), members=route_target) self.policy_config.add_community(comm) # add community for switch options comm = CommunityType(name=DMUtils.get_switch_policy_name(), members=DMUtils.get_switch_vrf_import(self.get_asn())) self.policy_config.add_community(comm)
def add_lo0_unit_0_interface(self, loopback_ip=''): if not loopback_ip: return if not self.interfaces_config: self.interfaces_config = Interfaces(comment=DMUtils.interfaces_comment()) lo_intf = Interface(name="lo0") self.interfaces_config.add_interface(lo_intf) fam_inet = FamilyInet(address=[Address(name=loopback_ip + "/32", primary='', preferred='')]) intf_unit = Unit(name="0", family=Family(inet=fam_inet), comment=DMUtils.lo0_unit_0_comment()) lo_intf.add_unit(intf_unit)
def add_inet_filter_term(self, ri_name, prefixes, inet_type): if inet_type == "inet6": prefixes = DMUtils.get_ipv6_prefixes(prefixes) else: prefixes = DMUtils.get_ipv4_prefixes(prefixes) from_ = From() for prefix in prefixes: from_.add_destination_address(prefix) then_ = Then() then_.add_routing_instance(ri_name) return Term(name=DMUtils.make_vrf_term_name(ri_name), fromxx=from_, then=then_)
def build_firewall_filters(self, sg, acl, is_egress=False): acl_rule_present = False if not sg or not acl or not acl.vnc_obj: return acl = acl.vnc_obj entries = acl.get_access_control_list_entries() if not entries: return rules = entries.get_acl_rule() or [] if not rules: return self.firewall_config = self.firewall_config or\ Firewall(DMUtils.firewall_comment()) for rule in rules: if not self.has_terms(rule): continue match = rule.get_match_condition() if not match: continue acl_rule_present = True break if acl_rule_present: filter_name = DMUtils.make_sg_firewall_name(sg.name, acl.uuid) f = FirewallFilter(name=filter_name) f.set_comment(DMUtils.make_sg_firewall_comment(sg.name, acl.uuid)) # allow arp ether type always self.add_ether_type_term(f, 'arp') # allow dhcp/dns always self.add_dns_dhcp_terms(f) for rule in rules: if not self.has_terms(rule): continue match = rule.get_match_condition() if not match: continue rule_uuid = rule.get_rule_uuid() dst_addr_match = match.get_dst_address() dst_port_match = match.get_dst_port() ether_type_match = match.get_ethertype() protocol_match = match.get_protocol() src_addr_match = match.get_src_address() src_port_match = match.get_src_port() term = self.add_filter_term(f, rule_uuid) self.add_addr_term(term, dst_addr_match, False) self.add_addr_term(term, src_addr_match, True) self.add_port_term(term, dst_port_match, False) # source port match is not needed for now (BMS source port) #self.add_port_term(term, src_port_match, True) self.add_protocol_term(term, protocol_match) self.firewall_config.add_firewall_filters(f)
def add_inet_filter_term(self, ri_name, prefixes, inet_type): term = etree.Element("term") etree.SubElement(term, "name").text = DMUtils.make_vrf_term_name(ri_name) from_ = etree.SubElement(term, "from") if inet_type == 'inet6': prefixes = DMUtils.get_ipv6_prefixes(prefixes) else: prefixes = DMUtils.get_ipv4_prefixes(prefixes) for prefix in prefixes: etree.SubElement(from_, "destination-address").text = prefix then_ = etree.SubElement(term, "then") etree.SubElement(then_, "routing-instance").text = ri_name return term
def add_inet_public_vrf_filter(self, forwarding_options_config, firewall_config, inet_type, inet_xml_name): fo = etree.SubElement(forwarding_options_config, "family") inet = etree.SubElement(fo, inet_xml_name) f = etree.SubElement(inet, "filter") etree.SubElement(f, "input").text = DMUtils.make_public_vrf_filter_name(inet_type) fc = etree.SubElement(firewall_config, "family") inet = etree.SubElement(fc, inet_xml_name) f = etree.SubElement(inet, "filter") etree.SubElement(f, "name").text = DMUtils.make_public_vrf_filter_name(inet_type) term = etree.SubElement(f, "term") etree.SubElement(term, "name").text = "default-term" then_ = etree.SubElement(term, "then") etree.SubElement(then_, "accept") return f
def _get_bgp_config_xml(self, external=False): if self.bgp_params is None: return None bgp_group = BgpGroup() if external: bgp_group.set_name(DMUtils.make_bgp_group_name(True)) bgp_group.set_type("external") bgp_group.set_multihop("") else: bgp_group.set_name(DMUtils.make_bgp_group_name(False)) bgp_group.set_type("internal") bgp_group.set_local_address(self.bgp_params["address"]) self.add_families(bgp_group, self.bgp_params) self.add_bgp_auth_config(bgp_group, self.bgp_params) self.add_bgp_hold_time_config(bgp_group, self.bgp_params) return bgp_group
def add_pnf_logical_interface(self, junos_interface): if not self.interfaces_config: self.interfaces_config = Interfaces(comment=DMUtils.interfaces_comment()) family = Family(inet=FamilyInet([Address(name=junos_interface.ip)])) unit = Unit(name=junos_interface.unit, vlan_id=junos_interface.vlan_tag, family=family) interface = Interface(name=junos_interface.ifd_name, unit=unit) self.interfaces_config.add_interface(interface)
def get_firewall_filters(self, sg, acl, is_egress=False): acl_rule_present = False if not sg or not acl or not acl.vnc_obj: return [] acl = acl.vnc_obj entries = acl.get_access_control_list_entries() if not entries: return [] rules = entries.get_acl_rule() or [] if not rules: return [] filter_names = [] for rule in rules: if not self.has_terms(rule): continue match = rule.get_match_condition() if not match: continue rule_uuid = rule.get_rule_uuid() ether_type_match = match.get_ethertype() if not ether_type_match: continue if 'ipv6' in ether_type_match.lower(): continue acl_rule_present = True break if acl_rule_present: filter_name = DMUtils.make_sg_firewall_name(sg.name, acl.uuid) filter_names.append(filter_name) return filter_names
def set_as_config(self): if not self.bgp_params.get("identifier"): return if self.global_routing_options_config is None: self.global_routing_options_config = RoutingOptions(comment=DMUtils.routing_options_comment()) self.global_routing_options_config.set_route_distinguisher_id(self.bgp_params['identifier']) self.global_routing_options_config.set_autonomous_system(str(self.get_asn()))
def _build_ri_config(self, vn, ri_name, ri_obj, export_targets, import_targets, feature_config, irb_ips): encapsulation_priorities = self._get_encapsulation_priorities() network_id = vn.vn_network_id vxlan_id = vn.get_vxlan_vni() ri = RoutingInstance(name=ri_name, virtual_network_mode='l3', export_targets=export_targets, import_targets=import_targets, virtual_network_id=str(network_id), vxlan_id=str(vxlan_id), is_public_network=vn.router_external, routing_instance_type='vrf') for prefix in vn.get_prefixes(): ri.add_prefixes(self._get_subnet_for_cidr(prefix)) _, li_map = self._add_or_lookup_pi(self.pi_map, 'irb', 'irb') if irb_ips: irb = self._add_or_lookup_li(li_map, 'irb.'+str(network_id), network_id) for (irb_ip, gateway) in irb_ips: self._add_ip_address(irb, irb_ip, gateway=gateway) vlan = Vlan(name=DMUtils.make_bridge_name(vxlan_id), vxlan_id=vxlan_id) feature_config.add_vlans(vlan) self._add_ref_to_list(vlan.get_interfaces(), irb.get_name()) return ri
def set_route_distinguisher_config(self): if not self.routing_instances: # no vn config then no need to configure route distinguisher return if self.global_switch_options_config is None: self.global_switch_options_config = SwitchOptions(comment=DMUtils.switch_options_comment()) self.global_switch_options_config.set_route_distinguisher( RouteDistinguisher(rd_type=self.bgp_params['identifier'] + ":1"))
def _get_bgp_config_xml(self, external=False): if self.bgp_params is None: return None bgp_config = etree.Element("group", operation="replace") if external: etree.SubElement(bgp_config, "name").text = DMUtils.make_bgp_group_name(True) etree.SubElement(bgp_config, "type").text = "external" etree.SubElement(bgp_config, "multihop") else: etree.SubElement(bgp_config, "name").text = DMUtils.make_bgp_group_name(False) etree.SubElement(bgp_config, "type").text = "internal" local_address = etree.SubElement(bgp_config, "local-address") local_address.text = self.bgp_params['address'] self._add_family_etree(bgp_config, self.bgp_params) self.add_bgp_auth_config(bgp_config, self.bgp_params) self.add_bgp_hold_time_config(bgp_config, self.bgp_params) return bgp_config
def add_bogus_lo0(self, ri, network_id, vn): ifl_num = 1000 + int(network_id) lo_intf, li_map = self.set_default_pi('lo0', 'loopback') intf_name = 'lo0.' + str(ifl_num) intf_unit = self.set_default_li(li_map, intf_name, ifl_num) intf_unit.set_comment(DMUtils.l3_bogus_lo_intf_comment(vn)) self.add_ip_address(intf_unit, "127.0.0.1") self.add_ref_to_list(ri.get_loopback_interfaces(), intf_name)
def _get_bgp_config_xml(self, external=False): if self.bgp_params is None or not self.bgp_params.get('address'): return None bgp_group = BgpGroup() bgp_group.set_comment(DMUtils.bgp_group_comment(self.bgp_obj)) if external: bgp_group.set_name(DMUtils.make_bgp_group_name(self.get_asn(), True)) bgp_group.set_type('external') bgp_group.set_multihop('') else: bgp_group.set_name(DMUtils.make_bgp_group_name(self.get_asn(), False)) bgp_group.set_type('internal') self.add_ibgp_export_policy(self.bgp_params, bgp_group) bgp_group.set_local_address(self.bgp_params['address']) self.add_families(bgp_group, self.bgp_params) self.add_bgp_auth_config(bgp_group, self.bgp_params) self.add_bgp_hold_time_config(bgp_group, self.bgp_params) return bgp_group
def _build_underlay_bgp(self, feature_config): if self._physical_router.allocated_asn is None: self._logger.error("physical router %s(%s) does not have asn" " allocated" % (self._physical_router.name, self._physical_router.uuid)) return pi_map = OrderedDict() for pi_obj, li_obj, iip_obj in self.\ _fetch_pi_li_iip(self._physical_router.physical_interfaces): if pi_obj and li_obj and iip_obj and iip_obj.instance_ip_address: pi, li_map = self._add_or_lookup_pi(pi_map, pi_obj.name, 'regular') li = self._add_or_lookup_li(li_map, li_obj.name, int(li_obj.name.split('.')[-1])) self._add_ip_address(li, iip_obj.instance_ip_address) self._logger.debug("looking for peers for physical" " interface %s(%s)" % (pi_obj.name, pi_obj.uuid)) # Add this bgp object only if it has a peer underlay_asn = self._physical_router.allocated_asn bgp_name = DMUtils.make_underlay_bgp_group_name(underlay_asn, li_obj.name, is_external=True) bgp = Bgp(name=bgp_name, ip_address=iip_obj.instance_ip_address, autonomous_system=underlay_asn, type_='external') peers = OrderedDict() # Assumption: PIs are connected for IP-CLOS peering only for peer_pi_obj, peer_li_obj, peer_iip_obj in\ self._fetch_pi_li_iip(pi_obj.physical_interfaces): if peer_pi_obj and peer_li_obj and peer_iip_obj and\ peer_iip_obj.instance_ip_address: peer_pr = db.PhysicalRouterDM.get( peer_pi_obj.physical_router) if peer_pr is None: self._logger.error( "unable to read peer physical router %s" % peer_pi_obj.physical_router) elif peer_pr.allocated_asn is None: self._logger.error( "peer physical router %s does not have" " asn allocated" % peer_pi_obj.physical_router) elif peer_pr != self._physical_router: peer = Bgp(name=peer_pr.name, ip_address=peer_iip_obj.instance_ip_address, autonomous_system=peer_pr.allocated_asn) peers[peer_pr.name] = peer if peers: bgp.set_peers(peers.values()) feature_config.add_bgp(bgp)
def get_bgp_config(self, external=False): if self.bgp_params is None or not self.bgp_params.get('address'): return None bgp = Bgp() cluster_id = self.bgp_params.get('cluster_id') if cluster_id: bgp.set_cluster_id(cluster_id) bgp.set_comment(DMUtils.bgp_group_comment(self.bgp_obj)) if external: bgp.set_name(DMUtils.make_bgp_group_name(self.get_asn(), True)) bgp.set_type('external') else: bgp.set_name(DMUtils.make_bgp_group_name(self.get_asn(), False)) bgp.set_type('internal') bgp.set_ip_address(self.bgp_params['address']) bgp.set_autonomous_system(self.get_asn()) self.add_families(bgp, self.bgp_params) self.add_bgp_auth_config(bgp, self.bgp_params) self.add_bgp_hold_time_config(bgp, self.bgp_params) return bgp
def add_vlan_config(self, vrf_name, vni, is_l3=False, irb_intf=None): if not self.vlans_config: self.vlans_config = Vlans(comment=DMUtils.vlans_comment()) vxlan = VXLan(vni=vni) vlan = Vlan(name=vrf_name[1:], vxlan=vxlan) if is_l3: if not irb_intf: self._logger.error("Missing irb interface config l3 vlan: %s" % vrf_name) else: vlan.set_l3_interface(irb_intf) self.vlans_config.add_vlan(vlan) return vlan
def add_dynamic_tunnels(self, tunnel_source_ip, ip_fabric_nets, bgp_router_ips): dynamic_tunnel = DynamicTunnel(name=DMUtils.dynamic_tunnel_name(self.get_asn()), source_address=tunnel_source_ip, gre='') if ip_fabric_nets is not None: for subnet in ip_fabric_nets.get("subnet", []): dest_net = subnet['ip_prefix'] + '/' + str(subnet['ip_prefix_len']) dynamic_tunnel.add_destination_networks( DestinationNetworks(name=dest_net, comment=DMUtils.ip_fabric_subnet_comment())) for r_name, bgp_router_ip in bgp_router_ips.items(): dynamic_tunnel.add_destination_networks( DestinationNetworks(name=bgp_router_ip + '/32', comment=DMUtils.bgp_router_subnet_comment(r_name))) dynamic_tunnels = DynamicTunnels() dynamic_tunnels.add_dynamic_tunnel(dynamic_tunnel) if self.global_routing_options_config is None: self.global_routing_options_config = RoutingOptions(comment=DMUtils.routing_options_comment()) self.global_routing_options_config.set_dynamic_tunnels(dynamic_tunnels)
def add_ibgp_export_policy(self, params, bgp_group): if params.get('address_families') is None: return families = params['address_families'].get('family', []) if not families: return if self.policy_config is None: self.policy_config = PolicyOptions(comment=DMUtils.policy_options_comment()) ps = PolicyStatement(name=DMUtils.make_ibgp_export_policy_name()) self.policy_config.add_policy_statement(ps) ps.set_comment(DMUtils.ibgp_export_policy_comment()) vpn_types = [] for family in ['inet-vpn', 'inet6-vpn']: if family in families: vpn_types.append(family) for vpn_type in vpn_types: is_v6 = True if vpn_type == 'inet6-vpn' else False term = Term(name=DMUtils.make_ibgp_export_policy_term_name(is_v6)) ps.add_term(term) then = Then() from_ = From() term.set_from(from_) term.set_then(then) from_.set_family(DMUtils.get_inet_family_name(is_v6)) then.set_next_hop(NextHop(selfxx='')) bgp_group.set_export(DMUtils.make_ibgp_export_policy_name())
def prepare_groups(self, is_delete=False): groups = Groups() if is_delete: return groups groups.set_comment(DMUtils.groups_comment()) groups.set_routing_instances(self.ri_config) groups.set_interfaces(self.interfaces_config) groups.set_services(self.services_config) groups.set_policy_options(self.policy_config) groups.set_firewall(self.firewall_config) groups.set_forwarding_options(self.forwarding_options_config) groups.set_routing_options(self.global_routing_options_config) groups.set_protocols(self.proto_config) self.add_product_specific_config(groups) return groups
def set_internal_vn_irb_config(self): if self.internal_vn_ris and self.irb_interfaces: for int_ri in self.internal_vn_ris: lr_uuid = DMUtils.extract_lr_uuid_from_internal_vn_name( int_ri.name) lr = LogicalRouterDM.get(lr_uuid) if not lr: continue vn_list = lr.get_connected_networks(include_internal=False) for vn in vn_list: vn_obj = VirtualNetworkDM.get(vn) irb_name = "irb." + str(vn_obj.vn_network_id) if irb_name in self.irb_interfaces: int_ri.add_routing_interfaces( LogicalInterface(name=irb_name))
def set_bgp_group_config(self): bgp_config = self._get_bgp_config_xml() if not bgp_config: return if not self.proto_config: self.proto_config = Protocols(comment=DMUtils.protocols_comment()) bgp = Bgp() self.proto_config.set_bgp(bgp) bgp.add_group(bgp_config) self._get_neighbor_config_xml(bgp_config, self.bgp_peers) if self.external_peers: ext_grp_config = self._get_bgp_config_xml(True) bgp.add_group(ext_grp_config) self._get_neighbor_config_xml(ext_grp_config, self.external_peers) return
def add_bogus_lo0(self, ri, network_id, vn): if not self.is_spine(): return self.interfaces_config = self.interfaces_config or [] ifl_num = 1000 + int(network_id) lo_intf = PhysicalInterface(name="lo0", interface_type='loopback') self.interfaces_config.append(lo_intf) intf_unit = LogicalInterface( name="lo0." + str(ifl_num), unit=ifl_num, comment=DMUtils.l3_bogus_lo_intf_comment(vn)) intf_unit.add_ip_list(IpType(address="127.0.0.1")) lo_intf.add_logical_interfaces(intf_unit) ri.add_loopback_interfaces(LogicalInterface(name="lo0." + str(ifl_num)))
def set_dci_vn_irb_config(self): if self.dci_vn_ris and self.irb_interfaces: for int_ri in self.dci_vn_ris: dci_uuid = DMUtils.extract_dci_uuid_from_internal_vn_name( int_ri.name) dci = DataCenterInterconnectDM.get(dci_uuid) if not dci or not dci.virtual_network: continue vn = dci.virtual_network vn_obj = VirtualNetworkDM.get(vn) if vn_obj is None or vn_obj.vn_network_id is None: continue irb_name = "irb." + str(vn_obj.vn_network_id) if irb_name in self.irb_interfaces: self.add_ref_to_list(int_ri.get_routing_interfaces(), irb_name)
def add_irb_config(self, ri_conf): vn = ri_conf.get("vn") is_l2_l3 = ri_conf.get("is_l2_l3", False) gateways = ri_conf.get("gateways", []) network_id = ri_conf.get("network_id", None) irb_intf, li_map = self.set_default_pi('irb', 'irb') self._logger.info("Vn=" + vn.name + ", IRB: " + str(gateways) + ", pr=" + self.physical_router.name) if gateways is not None: intf_unit = self.set_default_li(li_map, 'irb.' + str(network_id), network_id) intf_unit.set_comment(DMUtils.vn_irb_comment(vn, False, is_l2_l3)) for (irb_ip, gateway) in gateways: intf_unit.add_ip_list(irb_ip) if len(gateway) and gateway != '0.0.0.0': intf_unit.set_gateway(gateway)
def add_dynamic_tunnels(self, tunnel_source_ip, ip_fabric_nets, bgp_router_ips): if not self.system_config: self.system_config = System() self.system_config.set_tunnel_ip(tunnel_source_ip) dynamic_tunnel = DynamicTunnel( name=DMUtils.dynamic_tunnel_name(self.get_asn()), source_address=tunnel_source_ip, gre='') if ip_fabric_nets is not None: for subnet in ip_fabric_nets.get("subnet", []): dest_net = Subnet(prefix=subnet['ip_prefix'], prefix_len=subnet['ip_prefix_len']) self.system_config.add_tunnel_destination_networks(dest_net) for r_name, bgp_router_ip in bgp_router_ips.items(): dest_net = Subnet(prefix=bgp_router_ip, prefix_len=32) self.system_config.add_tunnel_destination_networks(dest_net)
def build_dci_bgp_config(self): if not self.physical_router.has_rb_role("DCI-Gateway"): return self.physical_router.evaluate_dci_ip_map() dci_list = self.physical_router.get_dci_list() for dci_uuid in dci_list or []: params = self.physical_router.get_dci_bgp_params(dci_uuid) if not params: continue asn = params.get("asn") ip = params.get("ip") name = params.get("name") typ = params.get("type") bgp = Bgp(name=name, ip_address=ip, autonomous_system=asn, type_=typ) bgp.set_comment(DMUtils.dci_bgp_group_comment(bgp)) bgp.set_hold_time(params.get('hold_time')) for family in params.get("families") or []: if family in ['e-vpn', 'e_vpn']: family = 'evpn' bgp.add_families(family) bgp_name = name neigh_list = self.physical_router.get_dci_bgp_neighbours(dci_uuid) peers = {} for neigh in neigh_list or []: asn = neigh.get("asn") ip = neigh.get("ip") name = neigh.get("name") typ = neigh.get("type") peer = Bgp(name=name, ip_address=ip, autonomous_system=asn, type_=typ) peers[name] = peer peer.set_hold_time(neigh.get('hold_time')) for family in neigh.get("families") or []: if family in ['e-vpn', 'e_vpn']: family = 'evpn' peer.add_families(family) if peers: bgp.set_peers(self.get_values_sorted_by_key(peers)) self.bgp_map[bgp_name] = bgp
def _build_l2_evpn_interface_config(self, interfaces, vn, vlan): interface_map = OrderedDict() for interface in interfaces: interface_map.setdefault(interface.pi_name, []).append(interface) for pi_name, interface_list in interface_map.items(): untagged = [int(i.port_vlan_tag) for i in interface_list if int(i.vlan_tag) == 0] if len(untagged) > 1: self._logger.error( "Only one untagged interface is allowed on a PI %s" % pi_name) continue tagged = [int(i.vlan_tag) for i in interface_list if int(i.vlan_tag) != 0] if self._is_enterprise_style(self._physical_router): if len(untagged) > 0 and len(tagged) > 0: self._logger.error( "Enterprise style config: Can't have tagged and " "untagged interfaces for same VN on same PI %s" % pi_name) continue elif len(set(untagged) & set(tagged)) > 0: self._logger.error( "SP style config: Can't have tagged and untagged " "interfaces with same Vlan-id on same PI %s" % pi_name) continue _, li_map = self._add_or_lookup_pi(self.pi_map, pi_name) for interface in interface_list: if int(interface.vlan_tag) == 0: is_tagged = False vlan_tag = str(interface.port_vlan_tag) else: is_tagged = True vlan_tag = str(interface.vlan_tag) unit = self._add_or_lookup_li(li_map, interface.li_name, interface.unit) unit.set_comment(DMUtils.l2_evpn_intf_unit_comment( vn, is_tagged, vlan_tag)) unit.set_is_tagged(is_tagged) unit.set_vlan_tag(vlan_tag) if vlan: self._add_ref_to_list(vlan.get_interfaces(), interface.li_name)
def _get_config(self, bgp, external=False): config = Bgp() cluster_id = bgp.params.get('cluster_id') if cluster_id: config.set_cluster_id(cluster_id) config.set_name(DMUtils.make_bgp_group_name(self._get_asn(bgp), external)) config.set_type('external' if external else 'internal') config.set_ip_address(bgp.params['address']) config.set_autonomous_system(self._get_asn(bgp)) self._add_families(config, bgp.params) self._add_auth_config(config, bgp.params) self._add_hold_time_config(config, bgp.params) return config
def update(self, obj=None): if obj is None: obj = self.read_obj(self.uuid) self.update_multiple_refs('physical_router', obj) self.fq_name = obj['fq_name'] try: self.router_external = obj['router_external'] except KeyError: self.router_external = False self.vn_network_id = obj.get('virtual_network_network_id') self.virtual_network_properties = obj.get('virtual_network_properties') self.set_forwarding_mode(obj) self.routing_instances = set([ri['uuid'] for ri in obj.get('routing_instances', [])]) self.virtual_machine_interfaces = set( [vmi['uuid'] for vmi in obj.get('virtual_machine_interface_back_refs', [])]) self.gateways = DMUtils.get_network_gateways(obj.get('network_ipam_refs', []))
def send_bgp_config(self): if not self.set_bgp_group_config(): return 0 self.set_as_config() self.set_route_targets_config() groups = Groups() groups.set_comment(DMUtils.groups_comment()) groups.set_routing_instances(self.ri_config) groups.set_interfaces(self.interfaces_config) groups.set_services(self.services_config) groups.set_policy_options(self.policy_config) groups.set_firewall(self.firewall_config) groups.set_forwarding_options(self.forwarding_options_config) groups.set_routing_options(self.global_routing_options_config) groups.set_protocols(self.proto_config) return self.send_netconf(groups)
def build_esi_config(self): pr = self.physical_router if not pr or self.is_spine(): return if not self.interfaces_config: self.interfaces_config = Interfaces(comment=DMUtils.interfaces_comment()) for pi_uuid in pr.physical_interfaces: pi = PhysicalInterfaceDM.get(pi_uuid) if not pi or not pi.esi or pi.esi == "0" or pi.get_parent_ae_id(): continue esi_conf = Esi(identifier=pi.esi, all_active='') intf = Interface(name=pi.name, esi=esi_conf) self.interfaces_config.add_interface(intf) # add ae interfaces # self.ae_id_map should have all esi => ae_id mapping for esi, ae_id in self.physical_router.ae_id_map.items(): esi_conf = Esi(identifier=esi, all_active='') intf = Interface(name="ae" + str(ae_id), esi=esi_conf) self.interfaces_config.add_interface(intf)
def add_irb_config(self, ri_conf): vn = ri_conf.get("vn") is_l2_l3 = ri_conf.get("is_l2_l3", False) gateways = ri_conf.get("gateways", []) network_id = ri_conf.get("network_id", None) self.interfaces_config = self.interfaces_config or [] irb_intf = PhysicalInterface(name='irb', interface_type='irb') self.interfaces_config.append(irb_intf) self._logger.info("Vn=" + vn.name + ", IRB: " + str(gateways) + ", pr=" + self.physical_router.name) if gateways is not None: intf_unit = LogicalInterface(name='irb.' + str(network_id), unit=network_id, comment=DMUtils.vn_irb_comment( vn, False, is_l2_l3)) irb_intf.add_logical_interfaces(intf_unit) for (irb_ip, gateway) in gateways: intf_unit.add_ip_list(irb_ip) if len(gateway) and gateway != '0.0.0.0': intf_unit.set_gateway(gateway)
def prepare_conf(self, is_delete=False): device = Device() device.set_comment(DMUtils.groups_comment()) device.set_system(self.system_config) if is_delete: return device device.set_evpn(self.evpn) device.set_bgp(self.get_values_sorted_by_key(self.bgp_map)) pis = [] for pi, li_map in self.get_values_sorted_by_key(self.pi_map): pi.set_logical_interfaces(self.get_values_sorted_by_key(li_map)) pis.append(pi) device.set_physical_interfaces(pis) device.set_routing_instances(self.get_values_sorted_by_key( self.ri_map)) device.set_vlans(self.get_values_sorted_by_key(self.vlan_map)) device.set_firewall(self.firewall_config) return device
def _get_neighbor_config_xml(self, bgp_config, peers): for peer, peer_data in peers.items(): obj = peer_data.get('obj') params = peer_data.get('params', {}) attr = peer_data.get('attr', {}) nbr = Bgp(name=peer) nbr.set_comment(DMUtils.bgp_group_comment(obj)) bgp_config.add_peers(nbr) bgp_sessions = attr.get('session') if bgp_sessions: # for now assume only one session session_attrs = bgp_sessions[0].get('attributes', []) for session_attr in session_attrs: # For not, only consider the attribute if bgp-router is # not specified if session_attr.get('bgp_router') is None: self.add_families(nbr, session_attr) self.add_bgp_auth_config(nbr, session_attr) break peer_as = params.get('local_autonomous_system') or params.get('autonomous_system') nbr.set_autonomous_system(peer_as)
def update_instance_ip_map(self): self.instance_ip_map = {} for vmi_uuid in self.virtual_machine_interfaces: vmi = VirtualMachineInterfaceDM.get(vmi_uuid) if vmi is None or vmi.is_device_owner_bms() == False: continue if vmi.floating_ip is not None and vmi.instance_ip is not None: fip = FloatingIpDM.get(vmi.floating_ip) inst_ip = InstanceIpDM.get(vmi.instance_ip) if fip is None or inst_ip is None: continue instance_ip = inst_ip.instance_ip_address floating_ip = fip.floating_ip_address public_vn = VirtualNetworkDM.get(fip.public_network) if public_vn is None or public_vn.vn_network_id is None: continue public_vrf_name = DMUtils.make_vrf_name( public_vn.fq_name[-1], public_vn.vn_network_id, 'l3') self.instance_ip_map[instance_ip] = { 'floating_ip': floating_ip, 'vrf_name': public_vrf_name }
def add_dynamic_tunnels(self, tunnel_source_ip, ip_fabric_nets, bgp_router_ips): self.tunnel_config = etree.Element("routing-options") dynamic_tunnels = etree.SubElement(self.tunnel_config, "dynamic-tunnels") dynamic_tunnel = etree.SubElement(dynamic_tunnels, "dynamic-tunnel") etree.SubElement(dynamic_tunnel, "name").text = DMUtils.get_dynamic_tunnel_name() etree.SubElement(dynamic_tunnel, "source-address").text = tunnel_source_ip etree.SubElement(dynamic_tunnel, "gre") if ip_fabric_nets is not None: for subnet in ip_fabric_nets.get("subnet", []): dest_network = etree.SubElement(dynamic_tunnel, "destination-networks") etree.SubElement( dest_network, "name").text = subnet['ip_prefix'] + '/' + str( subnet['ip_prefix_len']) for bgp_router_ip in bgp_router_ips: dest_network = etree.SubElement(dynamic_tunnel, "destination-networks") etree.SubElement(dest_network, "name").text = bgp_router_ip + '/32'
def feature_config(self, **kwargs): self.pi_map = OrderedDict() feature_config = Feature(name=self.feature_name()) vn_map = self._get_interconnect_vn_map() for vn_uuid, vn_list in vn_map.iteritems(): vn_obj = db.VirtualNetworkDM.get(vn_uuid) ri_obj = self._get_primary_ri(vn_obj) if ri_obj is None: continue ri_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l3') export_targets, import_targets = self._get_export_import_targets( vn_obj, ri_obj) ri = self._build_ri_config(vn_obj, ri_name, ri_obj, export_targets, import_targets, feature_config, vn_list) feature_config.add_routing_instances(ri) for pi, li_map in self.pi_map.values(): pi.set_logical_interfaces(li_map.values()) feature_config.add_physical_interfaces(pi) return feature_config
def add_peer_bgp_config(self, bgp_config, peers): peer_map = {} for peer, peer_data in self.get_sorted_key_value_pairs(peers): obj = peer_data.get('obj') params = peer_data.get('params', {}) attr = peer_data.get('attr', {}) nbr = Bgp(name=peer, ip_address=peer) nbr.set_comment(DMUtils.bgp_group_comment(obj)) peer_map[peer] = nbr bgp_sessions = attr.get('session') if bgp_sessions: # for now assume only one session session_attrs = bgp_sessions[0].get('attributes', []) for session_attr in session_attrs: # For not, only consider the attribute if bgp-router is # not specified if session_attr.get('bgp_router') is None: self.add_families(nbr, session_attr) self.add_bgp_auth_config(nbr, session_attr) break peer_as = params.get('local_autonomous_system') or params.get('autonomous_system') nbr.set_autonomous_system(peer_as) if peer_map: bgp_config.set_peers(self.get_values_sorted_by_key(peer_map))
def feature_config(self, **kwargs): self.pi_map = OrderedDict() feature_config = Feature(name=self.feature_name()) vns = self._get_connected_vn_ids() use_gateway_ip = all([c.additional_params.use_gateway_ip == 'True' for c in self._configs]) irb_ip_map = self._physical_router.allocate_irb_ips_for(vns, use_gateway_ip) for vn_uuid in vns: vn_obj = db.VirtualNetworkDM.get(vn_uuid) ri_obj = self._get_primary_ri(vn_obj) if ri_obj is None: continue ri_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l3') export_targets, import_targets = self._get_export_import_targets(vn_obj, ri_obj) ri = self._build_ri_config(vn_obj, ri_name, ri_obj, export_targets, import_targets, feature_config, irb_ip_map.get(vn_uuid, [])) feature_config.add_routing_instances(ri) for pi, li_map in self.pi_map.values(): pi.set_logical_interfaces(li_map.values()) feature_config.add_physical_interfaces(pi) return feature_config
def _build_ri_config(self, vn, ri_name, ri_obj, export_targets, import_targets, feature_config, irb_ips): gevent.idle() network_id = vn.vn_network_id vxlan_id = vn.get_vxlan_vni() ri = RoutingInstance(name=ri_name, virtual_network_mode='l3', export_targets=export_targets, import_targets=import_targets, virtual_network_id=str(network_id), vxlan_id=str(vxlan_id), is_public_network=vn.router_external, routing_instance_type='vrf') for prefix in vn.get_prefixes(self._physical_router.uuid): ri.add_prefixes(self._get_subnet_for_cidr(prefix)) _, li_map = self._add_or_lookup_pi(self.pi_map, 'irb', 'irb') irb = None if irb_ips: irb = self._add_or_lookup_li(li_map, 'irb.' + str(network_id), network_id) if vn.has_ipv6_subnet is True: irb.set_is_virtual_router(True) for (irb_ip, gateway) in irb_ips: self._add_ip_address(irb, irb_ip, gateway=gateway) vlan = Vlan(name=DMUtils.make_bridge_name(vxlan_id), vxlan_id=vxlan_id) desc = "Virtual Network - %s" % vn.name vlan.set_description(desc) feature_config.add_vlans(vlan) if irb: self._add_ref_to_list(vlan.get_interfaces(), irb.get_name()) return ri
def add_routing_instance(self, ri_conf): ri_name = ri_conf.get("ri_name") vn = ri_conf.get("vn") is_l2 = ri_conf.get("is_l2", False) is_l2_l3 = ri_conf.get("is_l2_l3", False) import_targets = ri_conf.get("import_targets", set()) export_targets = ri_conf.get("export_targets", set()) prefixes = ri_conf.get("prefixes", []) gateways = ri_conf.get("gateways", []) interfaces = ri_conf.get("interfaces", []) vni = ri_conf.get("vni", None) network_id = ri_conf.get("network_id", None) self.routing_instances[ri_name] = ri_conf ri_config = self.ri_config or RoutingInstances( comment=DMUtils.routing_instances_comment()) policy_config = self.policy_config or PolicyOptions( comment=DMUtils.policy_options_comment()) ri = Instance(name=ri_name) ri_config.add_instance(ri) ri_opt = None # for both l2 and l3 ri.set_vrf_import(DMUtils.make_import_name(ri_name)) ri.set_vrf_export(DMUtils.make_export_name(ri_name)) has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes) has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes) if not is_l2: if ri_opt is None: ri_opt = RoutingInstanceRoutingOptions() ri.set_routing_options(ri_opt) ri.set_instance_type("vrf") for interface in interfaces: ri.add_interface(Interface(name=interface.name)) family = Family() if has_ipv4_prefixes: family.set_inet(FamilyInet(unicast='')) if has_ipv6_prefixes: family.set_inet6(FamilyInet6(unicast='')) if has_ipv4_prefixes or has_ipv6_prefixes: auto_export = AutoExport(family=family) ri_opt.set_auto_export(auto_export) else: ri.set_instance_type("virtual-switch") # add policies for export route targets ps = PolicyStatement(name=DMUtils.make_export_name(ri_name)) ps.set_comment(DMUtils.vn_ps_comment(vn, "Export")) then = Then() ps.add_term(Term(name="t1", then=then)) for route_target in export_targets: comm = Community( add='', community_name=DMUtils.make_community_name(route_target)) then.add_community(comm) then.set_accept('') self.add_vni_option(network_id, DMUtils.make_community_name(route_target)) policy_config.add_policy_statement(ps) self.add_to_global_switch_opts(DMUtils.make_export_name(ri_name), False) # add policies for import route targets ps = PolicyStatement(name=DMUtils.make_import_name(ri_name)) ps.set_comment(DMUtils.vn_ps_comment(vn, "Import")) from_ = From() term = Term(name="t1", fromxx=from_) ps.add_term(term) for route_target in import_targets: from_.add_community(DMUtils.make_community_name(route_target)) self.add_vni_option(network_id, DMUtils.make_community_name(route_target)) term.set_then(Then(accept='')) ps.set_then(Then(reject='')) policy_config.add_policy_statement(ps) self.add_to_global_switch_opts(DMUtils.make_import_name(ri_name), True) # add vlan config if is_l2 and vni and self.is_family_configured(self.bgp_params, "e-vpn"): self.add_vlan_config(ri_name, vni) # add L2 EVPN and BD config interfaces_config = self.interfaces_config proto_config = self.proto_config if (is_l2 and vni is not None and self.is_family_configured(self.bgp_params, "e-vpn")): ri.set_vtep_source_interface("lo0.0") evpn = Evpn(encapsulation='vxlan', extended_vni_list='all') self.set_evpn_default_gateway_params(evpn) ri.set_protocols(RoutingInstanceProtocols(evpn=evpn)) interfaces_config = self.interfaces_config or Interfaces( comment=DMUtils.interfaces_comment()) if is_l2_l3: irb_intf = Interface(name='irb', gratuitous_arp_reply='') interfaces_config.add_interface(irb_intf) if gateways is not None: intf_unit = Unit(name=str(network_id), comment=DMUtils.vn_irb_comment( vn, False, is_l2_l3)) irb_intf.add_unit(intf_unit) if self.is_spine(): intf_unit.set_proxy_macip_advertisement('') family = Family() intf_unit.set_family(family) inet = None inet6 = None for (irb_ip, gateway) in gateways: if ':' in irb_ip: if not inet6: inet6 = FamilyInet6() family.set_inet6(inet6) addr = Address() inet6.add_address(addr) else: if not inet: inet = FamilyInet() family.set_inet(inet) addr = Address() inet.add_address(addr) addr.set_name(irb_ip) addr.set_comment(DMUtils.irb_ip_comment(irb_ip)) if len(gateway) and gateway != '0.0.0.0': addr.set_virtual_gateway_address(gateway) self.build_l2_evpn_interface_config(interfaces_config, interfaces, vn) if (not is_l2 and not is_l2_l3 and gateways): interfaces_config = self.interfaces_config or Interfaces( comment=DMUtils.interfaces_comment()) ifl_num = str(1000 + int(network_id)) lo_intf = Interface(name="lo0") interfaces_config.add_interface(lo_intf) intf_unit = Unit(name=ifl_num, comment=DMUtils.l3_lo_intf_comment(vn)) lo_intf.add_unit(intf_unit) family = Family() intf_unit.set_family(family) inet = None inet6 = None for (lo_ip, _) in gateways: subnet = lo_ip (ip, _) = lo_ip.split('/') if ':' in lo_ip: if not inet6: inet6 = FamilyInet6() family.set_inet6(inet6) addr = Address() inet6.add_address(addr) lo_ip = ip + '/' + '128' else: if not inet: inet = FamilyInet() family.set_inet(inet) addr = Address() inet.add_address(addr) lo_ip = ip + '/' + '32' addr.set_name(lo_ip) addr.set_comment(DMUtils.lo0_ip_comment(subnet)) ri.add_interface( Interface(name="lo0." + ifl_num, comment=DMUtils.lo0_ri_intf_comment(vn))) self.policy_config = policy_config self.proto_config = proto_config self.interfaces_config = interfaces_config self.route_targets |= import_targets | export_targets self.ri_config = ri_config
def build_ri_config(self): vn_dict = self.get_vn_li_map() self.physical_router.evaluate_vn_irb_ip_map(set(vn_dict.keys()), 'l2_l3', 'irb', False) self.physical_router.evaluate_vn_irb_ip_map(set(vn_dict.keys()), 'l3', 'lo0', True) vn_irb_ip_map = self.physical_router.get_vn_irb_ip_map() for vn_id, interfaces in vn_dict.items(): vn_obj = VirtualNetworkDM.get(vn_id) if (vn_obj is None or vn_obj.get_vxlan_vni() is None or vn_obj.vn_network_id is None): continue if not self.check_vn_is_allowed(vn_obj): continue export_set = None import_set = None for ri_id in vn_obj.routing_instances: # Find the primary RI by matching the name ri_obj = RoutingInstanceDM.get(ri_id) if ri_obj is None: continue if ri_obj.fq_name[-1] == vn_obj.fq_name[-1]: vrf_name_l2 = DMUtils.make_vrf_name( vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l2') vrf_name_l3 = DMUtils.make_vrf_name( vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l3') export_set = copy.copy(ri_obj.export_targets) import_set = copy.copy(ri_obj.import_targets) for ri2_id in ri_obj.routing_instances: ri2 = RoutingInstanceDM.get(ri2_id) if ri2 is None: continue import_set |= ri2.export_targets if vn_obj.get_forwarding_mode() in ['l2', 'l2_l3']: irb_ips = None if vn_obj.get_forwarding_mode() == 'l2_l3': irb_ips = vn_irb_ip_map['irb'].get(vn_id, []) ri_conf = {'ri_name': vrf_name_l2, 'vn': vn_obj} ri_conf['is_l2'] = True ri_conf['is_l2_l3'] = ( vn_obj.get_forwarding_mode() == 'l2_l3') ri_conf['import_targets'] = import_set ri_conf['export_targets'] = export_set ri_conf['prefixes'] = vn_obj.get_prefixes() ri_conf['gateways'] = irb_ips ri_conf['interfaces'] = interfaces ri_conf['vni'] = vn_obj.get_vxlan_vni() ri_conf['network_id'] = vn_obj.vn_network_id self.add_routing_instance(ri_conf) if vn_obj.get_forwarding_mode() in ['l3']: interfaces = [] lo0_ips = vn_irb_ip_map['lo0'].get(vn_id, []) ri_conf = {'ri_name': vrf_name_l3, 'vn': vn_obj} ri_conf['is_l2'] = False ri_conf['is_l2_l3'] = False ri_conf['import_targets'] = import_set ri_conf['export_targets'] = export_set ri_conf['prefixes'] = vn_obj.get_prefixes() ri_conf['interfaces'] = interfaces ri_conf['gateways'] = lo0_ips ri_conf['network_id'] = vn_obj.vn_network_id self.add_routing_instance(ri_conf) break return
def init_global_switch_opts(self): if self.global_switch_options_config is None: self.global_switch_options_config = SwitchOptions( comment=DMUtils.switch_options_comment()) self.global_switch_options_config.set_vtep_source_interface("lo0.0")
def add_routing_instance(self, ri_conf): ri_name = ri_conf.get("ri_name") is_l2 = ri_conf.get("is_l2", False) is_l2_l3 = ri_conf.get("is_l2_l3", False) import_targets = ri_conf.get("import_targets", set()) export_targets = ri_conf.get("export_targets", set()) prefixes = ri_conf.get("prefixes", []) gateways = ri_conf.get("gateways", []) router_external = ri_conf.get("router_external", False) interfaces = ri_conf.get("interfaces", []) vni = ri_conf.get("vni", None) fip_map = ri_conf.get("fip_map", None) network_id = ri_conf.get("network_id", None) static_routes = ri_conf.get("static_routes", {}) no_vrf_table_label = ri_conf.get("no_vrf_table_label", False) restrict_proxy_arp = ri_conf.get("restrict_proxy_arp", False) highest_enapsulation_priority = \ ri_conf.get("highest_enapsulation_priority") or "MPLSoGRE" self.routing_instances[ri_name] = ri_conf ri_config = self.ri_config or RoutingInstances() policy_config = self.policy_config or PolicyOptions() ri = Instance(name=ri_name) ri_config.add_instance(ri) ri_opt = None if router_external and is_l2 == False: ri_opt = RoutingInstanceRoutingOptions(static=Static( route=[Route(name="0.0.0.0/0", next_table="inet.0")])) ri.set_routing_options(ri_opt) # for both l2 and l3 ri.set_vrf_import(DMUtils.make_import_name(ri_name)) ri.set_vrf_export(DMUtils.make_export_name(ri_name)) has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes) has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes) if not is_l2: if ri_opt is None: ri_opt = RoutingInstanceRoutingOptions() ri.set_routing_options(ri_opt) if prefixes and fip_map is None: static_config = ri_opt.get_static() if not static_config: static_config = Static() ri_opt.set_static(static_config) rib_config_v6 = None static_config_v6 = None for prefix in prefixes: if ':' in prefix and not rib_config_v6: static_config_v6 = Static() rib_config_v6 = RIB(name=ri_name + ".inet6.0") rib_config_v6.set_static(static_config_v6) ri_opt.set_rib(rib_config_v6) if ':' in prefix: static_config_v6.add_route( Route(name=prefix, discard='')) else: static_config.add_route(Route(name=prefix, discard='')) if router_external: self.add_to_global_ri_opts(prefix) ri.set_instance_type("vrf") if not no_vrf_table_label: ri.set_vrf_table_label('') # only for l3 if fip_map is None: for interface in interfaces: ri.add_interface(Interface(name=interface.name)) if static_routes: self.add_static_routes(ri_opt, static_routes) if has_ipv4_prefixes: ri_opt.set_auto_export( AutoExport(family=Family(inet=FamilyInet(unicast='')))) if has_ipv6_prefixes: ri_opt.set_auto_export( AutoExport(family=Family(inet6=FamilyInet6(unicast='')))) else: if highest_enapsulation_priority == "VXLAN": ri.set_instance_type("virtual-switch") elif highest_enapsulation_priority in ["MPLSoGRE", "MPLSoUDP"]: ri.set_instance_type("evpn") if fip_map is not None: if ri_opt is None: ri_opt = RoutingInstanceRoutingOptions() ri.set_routing_options(ri_opt) static_config = ri_opt.get_static() if not static_config: static_config = Static() ri_opt.set_static(static_config) static_config.add_route( Route(name="0.0.0.0/0", next_hop=interfaces[0].name)) ri.add_interface(Interface(name=interfaces[0].name)) public_vrf_ips = {} for pip in fip_map.values(): if pip["vrf_name"] not in public_vrf_ips: public_vrf_ips[pip["vrf_name"]] = set() public_vrf_ips[pip["vrf_name"]].add(pip["floating_ip"]) for public_vrf, fips in public_vrf_ips.items(): ri_public = Instance(name=public_vrf) ri_config.add_instance(ri_public) ri_public.add_interface(Interface(name=interfaces[1].name)) ri_opt = RoutingInstanceRoutingOptions() ri_public.set_routing_options(ri_opt) static_config = Static() ri_opt.set_static(static_config) for fip in fips: static_config.add_route( Route(name=fip + "/32", next_hop=interfaces[1].name)) # add policies for export route targets ps = PolicyStatement(name=DMUtils.make_export_name(ri_name)) then = Then() ps.set_term(Term(name="t1", then=then)) for route_target in export_targets: comm = Community( add='', community_name=DMUtils.make_community_name(route_target)) then.add_community(comm) if fip_map is not None: # for nat instance then.set_reject('') else: then.set_accept('') policy_config.add_policy_statement(ps) # add policies for import route targets ps = PolicyStatement(name=DMUtils.make_import_name(ri_name)) from_ = From() term = Term(name="t1", fromxx=from_) ps.set_term(term) for route_target in import_targets: from_.add_community(DMUtils.make_community_name(route_target)) term.set_then(Then(accept='')) ps.set_then(Then(reject='')) policy_config.add_policy_statement(ps) # add firewall config for public VRF forwarding_options_config = self.forwarding_options_config firewall_config = self.firewall_config if router_external and is_l2 == False: forwarding_options_config = (self.forwarding_options_config or ForwardingOptions()) firewall_config = self.firewall_config or Firewall() if has_ipv4_prefixes and not self.inet4_forwarding_filter: #create single instance inet4 filter self.inet4_forwarding_filter = self.add_inet_public_vrf_filter( forwarding_options_config, firewall_config, "inet") if has_ipv6_prefixes and not self.inet6_forwarding_filter: #create single instance inet6 filter self.inet6_forwarding_filter = self.add_inet_public_vrf_filter( forwarding_options_config, firewall_config, "inet6") if has_ipv4_prefixes: #add terms to inet4 filter term = self.add_inet_filter_term(ri_name, prefixes, "inet4") # insert before the last term terms = self.inet4_forwarding_filter.get_term() terms = [term] + (terms or []) self.inet4_forwarding_filter.set_term(terms) if has_ipv6_prefixes: #add terms to inet6 filter term = self.add_inet_filter_term(ri_name, prefixes, "inet6") # insert before the last term terms = self.inet6_forwarding_filter.get_term() terms = [term] + (terms or []) self.inet6_forwarding_filter.set_term(terms) if fip_map is not None: firewall_config = firewall_config or Firewall() f = FirewallFilter( name=DMUtils.make_private_vrf_filter_name(ri_name)) ff = firewall_config.get_family() if not ff: ff = FirewallFamily() firewall_config.set_family(ff) inet = ff.get_inet() if not inet: inet = FirewallInet() ff.set_inet(inet) inet.add_filter(f) term = Term(name=DMUtils.make_vrf_term_name(ri_name)) from_ = From() for fip_user_ip in fip_map.keys(): from_.add_source_address(fip_user_ip) term.set_from(from_) term.set_then(Then(routing_instance=[ri_name])) f.add_term(term) term = Term(name="default-term", then=Then(accept='')) f.add_term(term) interfaces_config = self.interfaces_config or Interfaces() irb_intf = Interface(name="irb") interfaces_config.add_interface(irb_intf) intf_unit = Unit(name=str(network_id)) if restrict_proxy_arp: intf_unit.set_proxy_arp(ProxyArp(restricted='')) inet = FamilyInet() inet.set_filter( InetFilter( input=DMUtils.make_private_vrf_filter_name(ri_name))) intf_unit.set_family(Family(inet=inet)) irb_intf.add_unit(intf_unit) # add L2 EVPN and BD config bd_config = None interfaces_config = self.interfaces_config proto_config = self.proto_config if (is_l2 and vni is not None and self.is_family_configured(self.bgp_params, "e-vpn")): ri.set_vtep_source_interface("lo0.0") if highest_enapsulation_priority == "VXLAN": bd_config = BridgeDomains() ri.set_bridge_domains(bd_config) bd = Domain(name=DMUtils.make_bridge_name(vni), vlan_id='none', vxlan=VXLan(vni=vni)) bd_config.add_domain(bd) for interface in interfaces: bd.add_interface(Interface(name=interface.name)) if is_l2_l3: # network_id is unique, hence irb bd.set_routing_interface("irb." + str(network_id)) ri.set_protocols( RoutingInstanceProtocols(evpn=Evpn( encapsulation='vxlan', extended_vni_list='all'))) elif highest_enapsulation_priority in ["MPLSoGRE", "MPLSoUDP"]: ri.set_vlan_id('none') if is_l2_l3: # network_id is unique, hence irb ri.set_routing_interface("irb." + str(network_id)) evpn = Evpn() for interface in interfaces: evpn.add_interface(Interface(name=interface.name)) ri.set_protocols(RoutingInstanceProtocols(evpn=evpn)) interfaces_config = self.interfaces_config or Interfaces() if is_l2_l3: irb_intf = Interface(name='irb', gratuitous_arp_reply='') interfaces_config.add_interface(irb_intf) if gateways is not None: intf_unit = Unit(name=str(network_id)) irb_intf.add_unit(intf_unit) family = Family() intf_unit.set_family(family) inet = None inet6 = None for (irb_ip, gateway) in gateways: if ':' in irb_ip: if not inet6: inet6 = FamilyInet6() family.set_inet6(inet6) addr = Address() inet6.add_address(addr) else: if not inet: inet = FamilyInet() family.set_inet(inet) addr = Address() inet.add_address(addr) addr.set_name(irb_ip) if len(gateway) and gateway != '0.0.0.0': addr.set_virtual_gateway_address(gateway) lo_intf = Interface(name="lo0") interfaces_config.add_interface(lo_intf) fam_inet = FamilyInet(address=[ Address(name=self.bgp_params['address'] + "/32", primary='', preferred='') ]) intf_unit = Unit(name="0", family=Family(inet=fam_inet)) lo_intf.add_unit(intf_unit) self.build_l2_evpn_interface_config(interfaces_config, interfaces) if (not is_l2 and not is_l2_l3 and gateways): interfaces_config = self.interfaces_config or Interfaces() ifl_num = str(1000 + int(network_id)) lo_intf = Interface(name="lo0") interfaces_config.add_interface(lo_intf) intf_unit = Unit(name=ifl_num) lo_intf.add_unit(intf_unit) family = Family() intf_unit.set_family(family) inet = None inet6 = None for (lo_ip, _) in gateways: (ip, _) = lo_ip.split('/') if ':' in lo_ip: if not inet6: inet6 = FamilyInet6() family.set_inet6(inet6) addr = Address() inet6.add_address(addr) lo_ip = ip + '/' + '128' else: if not inet: inet = FamilyInet() family.set_inet(inet) addr = Address() inet.add_address(addr) lo_ip = ip + '/' + '32' addr.set_name(lo_ip) ri.add_interface(Interface(name="lo0." + ifl_num)) # fip services config services_config = self.services_config if fip_map is not None: services_config = self.services_config or Services() service_name = DMUtils.make_services_set_name(ri_name) service_set = ServiceSet(name=service_name) services_config.add_service_set(service_set) nat_rule = NATRules(name=service_name + "-sn-rule") service_set.add_nat_rules( NATRules(name=DMUtils.make_snat_rule_name(ri_name))) service_set.add_nat_rules( NATRules(name=DMUtils.make_dnat_rule_name(ri_name))) next_hop_service = NextHopService( inside_service_interface=interfaces[0].name, outside_service_interface=interfaces[1].name) service_set.set_next_hop_service(next_hop_service) nat = NAT(allow_overlapping_nat_pools='') services_config.add_nat(nat) snat_rule = Rule(name=DMUtils.make_snat_rule_name(ri_name), match_direction="input") nat.add_rule(snat_rule) dnat_rule = Rule(name=DMUtils.make_dnat_rule_name(ri_name), match_direction="output") nat.add_rule(dnat_rule) for pip, fip_vn in fip_map.items(): fip = fip_vn["floating_ip"] term = Term(name=DMUtils.make_ip_term_name(pip)) snat_rule.set_term(term) # private ip from_ = From(source_address=[pip + "/32"]) term.set_from(from_) # public ip then_ = Then() term.set_then(then_) translated = Translated( source_prefix=fip + "/32", translation_type=TranslationType(basic_nat44='')) then_.set_translated(translated) term = Term(name=DMUtils.make_ip_term_name(fip)) dnat_rule.set_term(term) # public ip from_ = From(destination_address=[fip + "/32"]) term.set_from(from_) # private ip then_ = Then() term.set_then(then_) translated = Translated( destination_prefix=pip + "/32", translation_type=TranslationType(dnat_44='')) then_.set_translated(translated) interfaces_config = self.interfaces_config or Interfaces() si_intf = Interface(name=interfaces[0].ifd_name) interfaces_config.add_interface(si_intf) intf_unit = Unit(name=interfaces[0].unit) si_intf.add_unit(intf_unit) family = Family(inet=FamilyInet()) intf_unit.set_family(family) intf_unit.set_service_domain("inside") intf_unit = Unit(name=interfaces[1].unit) si_intf.add_unit(intf_unit) family = Family(inet=FamilyInet()) intf_unit.set_family(family) intf_unit.set_service_domain("outside") self.forwarding_options_config = forwarding_options_config self.firewall_config = firewall_config self.policy_config = policy_config self.proto_config = proto_config self.interfaces_config = interfaces_config self.services_config = services_config self.route_targets |= import_targets | export_targets self.ri_config = ri_config
def set_chassis_config(self): device_count = DMUtils.get_max_ae_device_count() aggr_devices = AggregatedDevices(Ethernet(device_count=device_count)) if not self.chassis_config: self.chassis_config = Chassis() self.chassis_config.set_aggregated_devices(aggr_devices)
def add_routing_instance(self, ri_conf): ri_name = ri_conf.get("ri_name") vn = ri_conf.get("vn") is_l2 = ri_conf.get("is_l2", False) is_l2_l3 = ri_conf.get("is_l2_l3", False) import_targets = ri_conf.get("import_targets", set()) export_targets = ri_conf.get("export_targets", set()) prefixes = ri_conf.get("prefixes", []) gateways = ri_conf.get("gateways", []) interfaces = ri_conf.get("interfaces", []) vni = ri_conf.get("vni", None) network_id = ri_conf.get("network_id", None) is_internal_vn = True if '_contrail_lr_internal_vn_' in vn.name else False self.routing_instances[ri_name] = ri_conf ri_config = None policy_config = self.policy_config or \ PolicyOptions(comment=DMUtils.policy_options_comment()) ri = None ri_opt = None ri_config = self.ri_config or \ RoutingInstances(comment=DMUtils.routing_instances_comment()) ri = Instance(name=ri_name) if not is_l2: ri_config.add_instance(ri) ri.set_vrf_import(DMUtils.make_import_name(ri_name)) ri.set_vrf_export(DMUtils.make_export_name(ri_name)) has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes) has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes) if not is_l2: if ri_opt is None: ri_opt = RoutingInstanceRoutingOptions() ri.set_routing_options(ri_opt) ri.set_instance_type("vrf") for interface in interfaces: ri.add_interface(Interface(name=interface.name)) family = Family() if has_ipv4_prefixes: family.set_inet(FamilyInet(unicast='')) if has_ipv6_prefixes: family.set_inet6(FamilyInet6(unicast='')) if has_ipv4_prefixes or has_ipv6_prefixes: auto_export = AutoExport(family=family) ri_opt.set_auto_export(auto_export) if is_internal_vn: self.internal_vn_ris.append(ri) self.add_bogus_lo0(ri, network_id, vn) if self.is_spine() and is_l2_l3: self.add_irb_config(ri_conf) self.attach_irb(ri_conf, ri) # add policies for export route targets if self.is_spine(): ps = PolicyStatement(name=DMUtils.make_export_name(ri_name)) ps.set_comment(DMUtils.vn_ps_comment(vn, "Export")) then = Then() ps.add_term(Term(name="t1", then=then)) for route_target in export_targets: comm = Community( add='', community_name=DMUtils.make_community_name(route_target)) then.add_community(comm) then.set_accept('') policy_config.add_policy_statement(ps) self.add_to_global_switch_opts(DMUtils.make_export_name(ri_name), False) # add policies for import route targets ps = PolicyStatement(name=DMUtils.make_import_name(ri_name)) ps.set_comment(DMUtils.vn_ps_comment(vn, "Import")) # add term switch policy from_ = From() term = Term(name=DMUtils.get_switch_policy_name(), fromxx=from_) ps.add_term(term) from_.add_community(DMUtils.get_switch_policy_name()) term.set_then(Then(accept='')) from_ = From() term = Term(name="t1", fromxx=from_) ps.add_term(term) for route_target in import_targets: from_.add_community(DMUtils.make_community_name(route_target)) if not is_internal_vn: self.add_vni_option(vni or network_id, route_target) term.set_then(Then(accept='')) policy_config.add_policy_statement(ps) self.add_to_global_switch_opts(DMUtils.make_import_name(ri_name), True) # add L2 EVPN and BD config interfaces_config = self.interfaces_config if (is_l2 and vni is not None and self.is_family_configured(self.bgp_params, "e-vpn")): # add vlan config vlan_conf = self.add_vlan_config(ri_name, vni, is_l2_l3, "irb." + str(network_id)) interfaces_config = self.interfaces_config or Interfaces( comment=DMUtils.interfaces_comment()) self.build_l2_evpn_interface_config(interfaces_config, interfaces, vn, vlan_conf) if (not is_l2 and vni is not None and self.is_family_configured(self.bgp_params, "e-vpn")): ri.set_vtep_source_interface("lo0.0") evpn = self.build_evpn_config() if evpn: ri.set_protocols(RoutingInstanceProtocols(evpn=evpn)) #add vlans self.add_ri_vlan_config(ri, vni) if (not is_l2 and not is_l2_l3 and gateways): interfaces_config = self.interfaces_config or \ Interfaces(comment=DMUtils.interfaces_comment()) ifl_num = str(1000 + int(network_id)) lo_intf = Interface(name="lo0") interfaces_config.add_interface(lo_intf) intf_unit = Unit(name=ifl_num, comment=DMUtils.l3_lo_intf_comment(vn)) lo_intf.add_unit(intf_unit) family = Family() intf_unit.set_family(family) inet = None inet6 = None for (lo_ip, _) in gateways: subnet = lo_ip (ip, _) = lo_ip.split('/') if ':' in lo_ip: if not inet6: inet6 = FamilyInet6() family.set_inet6(inet6) addr = Address() inet6.add_address(addr) lo_ip = ip + '/' + '128' else: if not inet: inet = FamilyInet() family.set_inet(inet) addr = Address() inet.add_address(addr) lo_ip = ip + '/' + '32' addr.set_name(lo_ip) addr.set_comment(DMUtils.lo0_ip_comment(subnet)) ri.add_interface( Interface(name="lo0." + ifl_num, comment=DMUtils.lo0_ri_intf_comment(vn))) self.policy_config = policy_config self.interfaces_config = interfaces_config self.route_targets |= import_targets | export_targets self.ri_config = ri_config
def build_ri_config(self): if not self.is_spine(): esi_map = self.get_ae_alloc_esi_map() self.physical_router.evaluate_ae_id_map(esi_map) self.build_ae_config(esi_map) vn_dict = self.get_vn_li_map() vn_irb_ip_map = None if self.is_spine(): self.physical_router.evaluate_vn_irb_ip_map( set(vn_dict.keys()), 'l2_l3', 'irb', False) self.physical_router.evaluate_vn_irb_ip_map( set(vn_dict.keys()), 'l3', 'lo0', True) vn_irb_ip_map = self.physical_router.get_vn_irb_ip_map() for vn_id, interfaces in vn_dict.items(): vn_obj = VirtualNetworkDM.get(vn_id) if (vn_obj is None or vn_obj.get_vxlan_vni() is None or vn_obj.vn_network_id is None): continue export_set = None import_set = None for ri_id in vn_obj.routing_instances: # Find the primary RI by matching the name ri_obj = RoutingInstanceDM.get(ri_id) if ri_obj is None: continue if ri_obj.fq_name[-1] == vn_obj.fq_name[-1]: vrf_name_l2 = DMUtils.make_vrf_name( vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l2') vrf_name_l3 = DMUtils.make_vrf_name( vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l3') export_set = copy.copy(ri_obj.export_targets) import_set = copy.copy(ri_obj.import_targets) if self.is_spine(): for ri2_id in ri_obj.routing_instances: ri2 = RoutingInstanceDM.get(ri2_id) if ri2 is None: continue import_set |= ri2.export_targets if vn_obj.get_forwarding_mode() in ['l2', 'l2_l3']: irb_ips = None if vn_obj.get_forwarding_mode( ) == 'l2_l3' and self.is_spine(): irb_ips = vn_irb_ip_map['irb'].get(vn_id, []) ri_conf = { 'ri_name': vrf_name_l2, 'vn': vn_obj, 'is_l2': True, 'is_l2_l3': (vn_obj.get_forwarding_mode() == 'l2_l3'), 'import_targets': import_set, 'prefixes': vn_obj.get_prefixes(), 'gateways': irb_ips, 'router_external': vn_obj.router_external, 'interfaces': interfaces, 'vni': vn_obj.get_vxlan_vni(), 'network_id': vn_obj.vn_network_id, 'highest_encapsulation_priority': GlobalVRouterConfigDM.global_encapsulation_priority } if self.is_spine(): ri_conf['export_targets'] = export_set self.add_routing_instance(ri_conf) if vn_obj.get_forwarding_mode() in [ 'l3' ] and self.is_l3_supported(vn_obj): interfaces = [] lo0_ips = vn_irb_ip_map['lo0'].get(vn_id, []) ri_conf = { 'ri_name': vrf_name_l3, 'vn': vn_obj, 'is_l2': False, 'is_l2_l3': False, 'import_targets': import_set, 'export_targets': export_set, 'prefixes': vn_obj.get_prefixes(), 'router_external': vn_obj.router_external, 'interfaces': interfaces, 'gateways': lo0_ips, 'network_id': vn_obj.vn_network_id } self.add_routing_instance(ri_conf) break if export_set and len(vn_obj.instance_ip_map) > 0: vrf_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1], vn_obj.vn_network_id, 'l3', True) ri_conf = { 'ri_name': vrf_name, 'vn': vn_obj, 'import_targets': import_set, 'fip_map': vn_obj.instance_ip_map, 'network_id': vn_obj.vn_network_id } self.add_routing_instance(ri_conf) return
def add_routing_instance(self, ri_conf): ri_name = ri_conf.get("ri_name") vn = ri_conf.get("vn") is_l2 = ri_conf.get("is_l2", False) is_l2_l3 = ri_conf.get("is_l2_l3", False) import_targets = ri_conf.get("import_targets", set()) export_targets = ri_conf.get("export_targets", set()) prefixes = ri_conf.get("prefixes", []) gateways = ri_conf.get("gateways", []) router_external = ri_conf.get("router_external", False) interfaces = ri_conf.get("interfaces", []) vni = ri_conf.get("vni", None) fip_map = ri_conf.get("fip_map", None) network_id = ri_conf.get("network_id", None) is_internal_vn = True if '_contrail_lr_internal_vn_' in vn.name else False highest_encapsulation_priority = \ ri_conf.get("highest_encapsulation_priority") or "MPLSoGRE" self.routing_instances[ri_name] = ri_conf self.ri_config = self.ri_config or [] self.policy_config = self.policy_config or\ Policy(comment=DMUtils.policy_options_comment()) ri = RoutingInstance(name=ri_name) if vn: is_nat = True if fip_map else False ri.set_comment( DMUtils.vn_ri_comment(vn, is_l2, is_l2_l3, is_nat, router_external)) self.ri_config.append(ri) ri.set_is_public_network(router_external) has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes) has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes) if not is_l2: ri.set_instance_type("vrf") if fip_map is None: for interface in interfaces: ri.add_interfaces(LogicalInterface(name=interface.name)) else: if highest_encapsulation_priority == "VXLAN": ri.set_routing_instance_type("virtual-switch") elif highest_encapsulation_priority in ["MPLSoGRE", "MPLSoUDP"]: ri.set_routing_instance_type("evpn") if is_internal_vn: self.internal_vn_ris.append(ri) self.add_bogus_lo0(ri, network_id, vn) if self.is_spine() and is_l2_l3: self.add_irb_config(ri_conf) self.attach_irb(ri_conf, ri) if fip_map is not None: ri.add_interfaces(LogicalInterface(name=interfaces[0].name)) public_vrf_ips = {} for pip in fip_map.values(): if pip["vrf_name"] not in public_vrf_ips: public_vrf_ips[pip["vrf_name"]] = set() public_vrf_ips[pip["vrf_name"]].add(pip["floating_ip"]) for public_vrf, fips in public_vrf_ips.items(): floating_ips = [] ri.add_floating_ip_list( FloatingIpList(public_routing_instance=public_vrf, floating_ips=floating_ips)) for fip in fips: floating_ips.append(FloatingIpMap(floating_ip=fip)) # add policies for export route targets if self.is_spine(): p = PolicyRule(name=DMUtils.make_export_name(ri_name)) p.set_comment(DMUtils.vn_ps_comment(vn, "Export")) then = Then() p.add_term(Term(name="t1", then=then)) for route_target in export_targets: then.add_community(DMUtils.make_community_name(route_target)) then.set_accept_or_reject(True) self.policy_config.add_policy_rule(p) # add policies for import route targets p = PolicyRule(name=DMUtils.make_import_name(ri_name)) p.set_comment(DMUtils.vn_ps_comment(vn, "Import")) # add term switch policy from_ = From() term = Term(name=DMUtils.get_switch_policy_name(), fromxx=from_) p.add_term(term) from_.add_community(DMUtils.get_switch_policy_name()) term.set_then(Then(accept_or_reject=True)) from_ = From() term = Term(name="t1", fromxx=from_) p.add_term(term) for route_target in import_targets: from_.add_community(DMUtils.make_community_name(route_target)) if not is_internal_vn: self.add_vni_option(vni or network_id, route_target) term.set_then(Then(accept_or_reject=True)) self.policy_config.add_policy_rule(p) # add L2 EVPN and BD config if (is_l2 and vni is not None and self.is_family_configured(self.bgp_params, "e-vpn")): # add vlan config vlan_conf = self.add_vlan_config(ri_name, vni, is_l2_l3, "irb." + str(network_id)) self.interfaces_config = self.interfaces_config or [] self.build_l2_evpn_interface_config(self.interfaces_config, interfaces, vn, vlan_conf) if (not is_l2 and vni is not None and self.is_family_configured(self.bgp_params, "e-vpn")): ri.set_vtep_source_interface("lo0.0") evpn = self.build_evpn_config() if evpn: ri.set_protocols(RoutingInstanceProtocols(evpn=evpn)) #add vlans self.add_ri_vlan_config(ri, vni) if (not is_l2 and not is_l2_l3 and gateways): self.interfaces_config = self.interfaces_config or [] ifl_num = str(1000 + int(network_id)) lo_intf = Interface(name="lo0") interfaces_config.add_interface(lo_intf) intf_unit = Unit(name=ifl_num, comment=DMUtils.l3_lo_intf_comment(vn)) lo_intf.add_logical_interfaces(intf_unit) family = Family() intf_unit.set_family(family) inet = None inet6 = None for (lo_ip, _) in gateways: subnet = lo_ip (ip, _) = lo_ip.split('/') if ':' in lo_ip: if not inet6: inet6 = FamilyInet6() family.set_inet6(inet6) addr = Address() inet6.add_address(addr) lo_ip = ip + '/' + '128' else: if not inet: inet = FamilyInet() family.set_inet(inet) addr = Address() inet.add_address(addr) lo_ip = ip + '/' + '32' addr.set_name(lo_ip) addr.set_comment(DMUtils.lo0_ip_comment(subnet)) ri.add_interface( Interface(name="lo0." + ifl_num, comment=DMUtils.lo0_ri_intf_comment(vn))) self.route_targets |= import_targets | export_targets