autovpn rcf policies

aristanetworks · Sep 5, 2024 · c229813 · c229813
1 parent 5993f0f
commit c229813
Show file tree

Hide file tree

Showing 6 changed files with 128 additions and 60 deletions.
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg
@@ -58,7 +58,7 @@ router path-selection
       ipsec profile IPSEC-PROFILE
       !
       local interface Ethernet2
-         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
+         stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2
       !
       peer dynamic
       !
@@ -162,27 +162,20 @@ ip route vrf MGMT 0.0.0.0/0 172.100.100.1
 !
 arp aging timeout default 1500
 !
-route-map RM-CONN-2-BGP permit 10
-   match ip address prefix-list PL-LOOPBACKS
-!
-route-map RM-CONN-2-BGP permit 20
-   match ip address prefix-list PL-P2P-UNDERLAY
-!
 router bgp 65000
    router-id 10.0.1.2
    no bgp default ipv4-unicast
    distance bgp 20 200 200
    graceful-restart restart-time 300
    graceful-restart
    neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
    neighbor LOCAL-EVPN-PEERS peer group
    neighbor LOCAL-EVPN-PEERS remote-as 65100
    neighbor LOCAL-EVPN-PEERS update-source Loopback0
    neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
-   neighbor LOCAL-EVPN-PEERS password 7 RxqKJj2uKvzsECQR+ApqjA==
-   neighbor IPv4-UNDERLAY-PEERS peer group
-   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
-   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
    neighbor WAN-OVERLAY-PEERS peer group
    neighbor WAN-OVERLAY-PEERS remote-as 65000
    neighbor WAN-OVERLAY-PEERS update-source Dps1
@@ -194,13 +187,13 @@ router bgp 65000
    neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
    neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
    neighbor 172.20.1.2 peer group IPv4-UNDERLAY-PEERS
-   redistribute connected route-map RM-CONN-2-BGP
+   redistribute connected rcf CONN_2_BGP()
    !
    address-family evpn
       neighbor LOCAL-EVPN-PEERS activate
-      neighbor LOCAL-EVPN-PEERS encapsulation vxlan
+      neighbor LOCAL-EVPN-PEERS encapsulation vxlan 
       neighbor WAN-OVERLAY-PEERS activate
-      neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
       neighbor WAN-OVERLAY-PEERS domain remote
       route import match-failure action discard
    !
@@ -230,6 +223,30 @@ router bgp 65000
       route-target export evpn domain remote 51:51
       redistribute connected
 !
+router general
+   control-functions
+      code
+      ##############################
+      ##### Reusable Functions #####
+      ##############################
+      function IS_LOOPBACK() {
+         return prefix match prefix_list_v4 PL-LOOPBACKS;
+      }
+      function IS_UNDERLAY() {
+         return prefix match prefix_list_v4 PL-P2P-UNDERLAY;
+      }
+      ##############################
+      ##### Main Functions     #####
+      ##############################
+      function CONN_2_BGP() {
+         if IS_LOOPBACK() or IS_UNDERLAY() {
+            return true;
+         }
+       return false;
+      }
+      #
+      EOF
+!
 stun
    client
       server-profile DC1-R2-Ethernet2
@@ -238,4 +255,4 @@ stun
       server-profile DC2-R2-Ethernet2
          ip address 192.0.2.14
 !
-end
+end
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg
@@ -153,12 +153,6 @@ ip route vrf MGMT 0.0.0.0/0 172.100.100.1
 !
 arp aging timeout default 1500
 !
-route-map RM-CONN-2-BGP permit 10
-   match ip address prefix-list PL-LOOPBACKS
-!
-route-map RM-CONN-2-BGP permit 20
-   match ip address prefix-list PL-P2P-UNDERLAY
-!
 router bgp 65000
    router-id 10.0.1.3
    no bgp default ipv4-unicast
@@ -168,14 +162,13 @@ router bgp 65000
    graceful-restart
    bgp listen range 10.0.0.0/8 peer-group WAN-OVERLAY-PEERS remote-as 65000
    neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
    neighbor LOCAL-EVPN-PEERS peer group
    neighbor LOCAL-EVPN-PEERS remote-as 65100
    neighbor LOCAL-EVPN-PEERS update-source Loopback0
    neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
-   neighbor LOCAL-EVPN-PEERS password 7 RxqKJj2uKvzsECQR+ApqjA==
-   neighbor IPv4-UNDERLAY-PEERS peer group
-   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
-   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
    neighbor WAN-OVERLAY-PEERS peer group
    neighbor WAN-OVERLAY-PEERS remote-as 65000
    neighbor WAN-OVERLAY-PEERS update-source Dps1
@@ -187,13 +180,13 @@ router bgp 65000
    neighbor 10.0.1.201 peer group LOCAL-EVPN-PEERS
    neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
    neighbor 172.20.1.4 peer group IPv4-UNDERLAY-PEERS
-   redistribute connected route-map RM-CONN-2-BGP
+   redistribute connected rcf CONN_2_BGP()
    !
    address-family evpn
       neighbor LOCAL-EVPN-PEERS activate
-      neighbor LOCAL-EVPN-PEERS encapsulation vxlan
+      neighbor LOCAL-EVPN-PEERS encapsulation vxlan 
       neighbor WAN-OVERLAY-PEERS activate
-      neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
       neighbor WAN-OVERLAY-PEERS domain remote
       route import match-failure action discard
    !
@@ -223,8 +216,32 @@ router bgp 65000
       route-target export evpn domain remote 51:51
       redistribute connected
 !
+router general
+   control-functions
+      code
+      ##############################
+      ##### Reusable Functions #####
+      ##############################
+      function IS_LOOPBACK() {
+         return prefix match prefix_list_v4 PL-LOOPBACKS;
+      }
+      function IS_UNDERLAY() {
+         return prefix match prefix_list_v4 PL-P2P-UNDERLAY;
+      }
+      ##############################
+      ##### Main Functions     #####
+      ##############################
+      function CONN_2_BGP() {
+         if IS_LOOPBACK() or IS_UNDERLAY() {
+            return true;
+         }
+       return false;
+      }
+      #
+      EOF
+!
 stun
    server
       local-interface Ethernet2
 !
-end
+end
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg
@@ -58,7 +58,7 @@ router path-selection
       ipsec profile IPSEC-PROFILE
       !
       local interface Ethernet2
-         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
+         stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2
       !
       peer dynamic
       !
@@ -162,27 +162,20 @@ ip route vrf MGMT 0.0.0.0/0 172.100.100.1
 !
 arp aging timeout default 1500
 !
-route-map RM-CONN-2-BGP permit 10
-   match ip address prefix-list PL-LOOPBACKS
-!
-route-map RM-CONN-2-BGP permit 20
-   match ip address prefix-list PL-P2P-UNDERLAY
-!
 router bgp 65000
    router-id 10.0.2.2
    no bgp default ipv4-unicast
    distance bgp 20 200 200
    graceful-restart restart-time 300
    graceful-restart
    neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
    neighbor LOCAL-EVPN-PEERS peer group
    neighbor LOCAL-EVPN-PEERS remote-as 65200
    neighbor LOCAL-EVPN-PEERS update-source Loopback0
    neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
-   neighbor LOCAL-EVPN-PEERS password 7 RxqKJj2uKvzsECQR+ApqjA==
-   neighbor IPv4-UNDERLAY-PEERS peer group
-   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
-   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
    neighbor WAN-OVERLAY-PEERS peer group
    neighbor WAN-OVERLAY-PEERS remote-as 65000
    neighbor WAN-OVERLAY-PEERS update-source Dps1
@@ -194,13 +187,13 @@ router bgp 65000
    neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
    neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
    neighbor 172.20.2.2 peer group IPv4-UNDERLAY-PEERS
-   redistribute connected route-map RM-CONN-2-BGP
+   redistribute connected rcf CONN_2_BGP()
    !
    address-family evpn
       neighbor LOCAL-EVPN-PEERS activate
-      neighbor LOCAL-EVPN-PEERS encapsulation vxlan
+      neighbor LOCAL-EVPN-PEERS encapsulation vxlan 
       neighbor WAN-OVERLAY-PEERS activate
-      neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
       neighbor WAN-OVERLAY-PEERS domain remote
       route import match-failure action discard
    !
@@ -230,6 +223,30 @@ router bgp 65000
       route-target export evpn domain remote 51:51
       redistribute connected
 !
+router general
+   control-functions
+      code
+      ##############################
+      ##### Reusable Functions #####
+      ##############################
+      function IS_LOOPBACK() {
+         return prefix match prefix_list_v4 PL-LOOPBACKS;
+      }
+      function IS_UNDERLAY() {
+         return prefix match prefix_list_v4 PL-P2P-UNDERLAY;
+      }
+      ##############################
+      ##### Main Functions     #####
+      ##############################
+      function CONN_2_BGP() {
+         if IS_LOOPBACK() or IS_UNDERLAY() {
+            return true;
+         }
+       return false;
+      }
+      #
+      EOF
+!
 stun
    client
       server-profile DC1-R2-Ethernet2
@@ -238,4 +255,4 @@ stun
       server-profile DC2-R2-Ethernet2
          ip address 192.0.2.14
 !
-end
+end
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg
@@ -153,12 +153,6 @@ ip route vrf MGMT 0.0.0.0/0 172.100.100.1
 !
 arp aging timeout default 1500
 !
-route-map RM-CONN-2-BGP permit 10
-   match ip address prefix-list PL-LOOPBACKS
-!
-route-map RM-CONN-2-BGP permit 20
-   match ip address prefix-list PL-P2P-UNDERLAY
-!
 router bgp 65000
    router-id 10.0.2.3
    no bgp default ipv4-unicast
@@ -168,14 +162,13 @@ router bgp 65000
    graceful-restart
    bgp listen range 10.0.0.0/8 peer-group WAN-OVERLAY-PEERS remote-as 65000
    neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
    neighbor LOCAL-EVPN-PEERS peer group
    neighbor LOCAL-EVPN-PEERS remote-as 65200
    neighbor LOCAL-EVPN-PEERS update-source Loopback0
    neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
-   neighbor LOCAL-EVPN-PEERS password 7 RxqKJj2uKvzsECQR+ApqjA==
-   neighbor IPv4-UNDERLAY-PEERS peer group
-   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
-   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
    neighbor WAN-OVERLAY-PEERS peer group
    neighbor WAN-OVERLAY-PEERS remote-as 65000
    neighbor WAN-OVERLAY-PEERS update-source Dps1
@@ -187,13 +180,13 @@ router bgp 65000
    neighbor 10.0.2.201 peer group LOCAL-EVPN-PEERS
    neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
    neighbor 172.20.2.4 peer group IPv4-UNDERLAY-PEERS
-   redistribute connected route-map RM-CONN-2-BGP
+   redistribute connected rcf CONN_2_BGP()
    !
    address-family evpn
       neighbor LOCAL-EVPN-PEERS activate
-      neighbor LOCAL-EVPN-PEERS encapsulation vxlan
+      neighbor LOCAL-EVPN-PEERS encapsulation vxlan 
       neighbor WAN-OVERLAY-PEERS activate
-      neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
       neighbor WAN-OVERLAY-PEERS domain remote
       route import match-failure action discard
    !
@@ -221,8 +214,32 @@ router bgp 65000
       route-target export evpn domain remote 51:51
       redistribute connected
 !
+router general
+   control-functions
+      code
+      ##############################
+      ##### Reusable Functions #####
+      ##############################
+      function IS_LOOPBACK() {
+         return prefix match prefix_list_v4 PL-LOOPBACKS;
+      }
+      function IS_UNDERLAY() {
+         return prefix match prefix_list_v4 PL-P2P-UNDERLAY;
+      }
+      ##############################
+      ##### Main Functions     #####
+      ##############################
+      function CONN_2_BGP() {
+         if IS_LOOPBACK() or IS_UNDERLAY() {
+            return true;
+         }
+       return false;
+      }
+      #
+      EOF
+!
 stun
    server
       local-interface Ethernet2
 !
-end
+end
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg
@@ -58,7 +58,7 @@ router path-selection
       ipsec profile IPSEC-PROFILE
       !
       local interface Ethernet2
-         stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2
+         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
       !
       peer dynamic
       !

diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg
@@ -58,7 +58,7 @@ router path-selection
       ipsec profile IPSEC-PROFILE
       !
       local interface Ethernet2
-         stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2
+         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
       !
       peer dynamic
       !