diff --git a/demo/ansible-101-may2022/.gitignore b/demo/ansible-101-may2022/.gitignore new file mode 100644 index 00000000..bf99830b --- /dev/null +++ b/demo/ansible-101-may2022/.gitignore @@ -0,0 +1,133 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Containerlab Files +clab-*/ +.*.yml + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ \ No newline at end of file diff --git a/demo/ansible-101-may2022/README.md b/demo/ansible-101-may2022/README.md new file mode 100644 index 00000000..2f6f76ea --- /dev/null +++ b/demo/ansible-101-may2022/README.md @@ -0,0 +1,153 @@ +# Ansible 101 Automate Your Network + +![Simple Topology](images/topo.png) + +## Requirements + +- Install Python and Ansible requirements + + ```shell + git clone https://github.com/aristanetworks/netdevops-examples.git + cd netdevops-examples/demo/ansible-101-may2022/ + sudo apt install python3.8-venv python3-pip -y # Modify for local version + python3 -m venv venv + source venv/bin/activate + pip install wheel + pip install -r requirements.txt + ansible-galaxy collection install arista.eos + ``` + +## Lab Environment + +The lab included in this repository was deployed using Containerlab and cEOS nodes running on a simple Ubuntu 20.04 server. If you would like to use cEOS with Containerlab, please follow instructions below. If you would like to use another platform like EVE-NG or GNS3, those would work great as well. If management addresses or login credentials (admin/admin) are different, those changes would have to be updated in the respective files (inventory file/group_vars). + +- Install Docker + + ```shell + sudo apt update + sudo apt install apt-transport-https ca-certificates curl software-properties-common + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" + apt-cache policy docker-ce + sudo apt install docker-ce + sudo systemctl status docker + ``` + +- Docker without Sudo + + ```shell + sudo usermod -aG docker ${USER} + su - ${USER} + ``` + +- Install Containerlab + + ```shell + # download and install the latest release (may require sudo) + bash -c "$(curl -sL https://get.containerlab.dev)" + ``` + +- Import cEOS Images (can be found [here](https://www.arista.com/en/support/software-download) with guest login) + + ```shell + (venv) ➜ ~ ls + cEOS-lab-4.27.4M.tar cEOS-lab-4.28.0F.tar + (venv) ➜ ~ docker import cEOS-lab-4.28.0F.tar ceos:4.28.0F + ``` + +- Deploy Lab + + - If local cEOS versions are not the same as those described in `pyn.yml`, please update versions to reflect local lab + ```yml + # Example + topology: + kinds: + ceos: + image: ceos:4.28.0F + ``` + + ```shell + (venv) ➜ ansible-101-may2022 git:(master) ✗ sudo containerlab deploy -t pyn.yml + INFO[0000] Containerlab v0.26.0 started + INFO[0000] Parsing & checking topology file: pyn.yml + INFO[0000] Creating lab directory: /home/julio/repos/netdevops-examples/demo/ansible-101-may2022/clab-demo + INFO[0000] Creating docker network: Name="statics", IPv4Subnet="192.168.100.0/24", IPv6Subnet="", MTU="1500" + INFO[0000] Creating container: "host2" + INFO[0000] Creating container: "host1" + INFO[0000] Creating container: "leaf-102" + INFO[0000] Creating container: "leaf-101" + INFO[0000] Creating container: "spine-11" + INFO[0001] Creating virtual wire: leaf-102:eth1 <--> spine-11:eth2 + INFO[0001] Creating virtual wire: leaf-102:eth3 <--> host2:eth1 + INFO[0001] Creating virtual wire: leaf-101:eth1 <--> spine-11:eth1 + INFO[0001] Creating virtual wire: leaf-101:eth3 <--> host1:eth1 + INFO[0001] Running postdeploy actions for Arista cEOS 'spine-11' node + INFO[0001] Running postdeploy actions for Arista cEOS 'leaf-101' node + INFO[0001] Running postdeploy actions for Arista cEOS 'leaf-102' node + INFO[0093] Adding containerlab host entries to /etc/hosts file + +---+----------+--------------+--------------------------------------+-------+---------+-------------------+--------------+ + | # | Name | Container ID | Image | Kind | State | IPv4 Address | IPv6 Address | + +---+----------+--------------+--------------------------------------+-------+---------+-------------------+--------------+ + | 1 | host1 | 83ee3134caf0 | wbitt/network-multitool:alpine-extra | linux | running | 192.168.100.31/24 | N/A | + | 2 | host2 | 1b0cb0b196aa | wbitt/network-multitool:alpine-extra | linux | running | 192.168.100.32/24 | N/A | + | 3 | leaf-101 | 8788cb85f86a | ceos:4.28.0F | ceos | running | 192.168.100.11/24 | N/A | + | 4 | leaf-102 | 456339312b66 | ceos:4.27.4M | ceos | running | 192.168.100.12/24 | N/A | + | 5 | spine-11 | 1bfcc83ded3b | ceos:4.28.0F | ceos | running | 192.168.100.21/24 | N/A | + +---+----------+--------------+--------------------------------------+-------+---------+-------------------+--------------+ + (venv) ➜ ansible-101-may2022 git:(master) ✗ + ``` + +- Destroy Lab + + ```shell + sudo containerlab destroy -t pyn.yml + ``` + +## Arista AVD + +If you would like to edit any of the group variables and start getting experience with AVD, installation of the AVD collection is required. + +```shell +ansible-galaxy collection install arista.avd +``` + +Once that is complete, you can run `ansible-playbook fabric.yml` to recreate intended configurations. + +## Execute Playbooks + +At this point the local lab deployment is done and you can execute any playbooks in the playbooks directory. A simple bash script is included to save on typing. + +```shell +(venv) ➜ ansible-101-may2022 git:(master) ✗ ansible-playbook playbooks/3_backup.yml +PLAY [Device backup] + +TASK [Save configuration for EOS devices] +changed: [leaf-102] +changed: [spine-11] +changed: [leaf-101] + +PLAY RECAP +leaf-101 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +leaf-102 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +spine-11 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +(venv) ➜ ansible-101-may2022 git:(master) ✗ +``` + +```shell +(venv) ➜ ansible-101-may2022 git:(master) ✗ ./run.sh -n 3 +ansible-playbook playbooks/3_backup.yml +PLAY [Device backup] + +TASK [Save configuration for EOS devices] +ok: [leaf-102] +ok: [spine-11] +ok: [leaf-101] + +PLAY RECAP +leaf-101 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +leaf-102 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +spine-11 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +(venv) ➜ ansible-101-may2022 git:(master) ✗ +``` \ No newline at end of file diff --git a/demo/ansible-101-may2022/ansible.cfg b/demo/ansible-101-may2022/ansible.cfg new file mode 100644 index 00000000..6d7ab1e2 --- /dev/null +++ b/demo/ansible-101-may2022/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +host_key_checking = false +inventory = hosts.yml +deprecation_warnings = false +jinja2_extensions = jinja2.ext.loopcontrols,jinja2.ext.do +duplicate_dict_key = error \ No newline at end of file diff --git a/demo/ansible-101-may2022/documentation/devices/leaf-101.md b/demo/ansible-101-may2022/documentation/devices/leaf-101.md new file mode 100644 index 00000000..34bae7a5 --- /dev/null +++ b/demo/ansible-101-may2022/documentation/devices/leaf-101.md @@ -0,0 +1,505 @@ +# leaf-101 +# Table of Contents + +- [Management](#management) + - [Management Interfaces](#management-interfaces) + - [Name Servers](#name-servers) + - [Management API HTTP](#management-api-http) +- [Authentication](#authentication) + - [Local Users](#local-users) +- [Monitoring](#monitoring) +- [Internal VLAN Allocation Policy](#internal-vlan-allocation-policy) + - [Internal VLAN Allocation Policy Summary](#internal-vlan-allocation-policy-summary) + - [Internal VLAN Allocation Policy Configuration](#internal-vlan-allocation-policy-configuration) +- [VLANs](#vlans) + - [VLANs Summary](#vlans-summary) + - [VLANs Device Configuration](#vlans-device-configuration) +- [Interfaces](#interfaces) + - [Ethernet Interfaces](#ethernet-interfaces) + - [Loopback Interfaces](#loopback-interfaces) + - [VXLAN Interface](#vxlan-interface) +- [Routing](#routing) + - [Service Routing Protocols Model](#service-routing-protocols-model) + - [Virtual Router MAC Address](#virtual-router-mac-address) + - [IP Routing](#ip-routing) + - [IPv6 Routing](#ipv6-routing) + - [Static Routes](#static-routes) + - [Router BGP](#router-bgp) +- [BFD](#bfd) + - [Router BFD](#router-bfd) +- [Multicast](#multicast) + - [IP IGMP Snooping](#ip-igmp-snooping) +- [Filters](#filters) + - [Prefix-lists](#prefix-lists) + - [Route-maps](#route-maps) +- [ACL](#acl) +- [VRF Instances](#vrf-instances) + - [VRF Instances Summary](#vrf-instances-summary) + - [VRF Instances Device Configuration](#vrf-instances-device-configuration) +- [Quality Of Service](#quality-of-service) + +# Management + +## Management Interfaces + +### Management Interfaces Summary + +#### IPv4 + +| Management Interface | description | Type | VRF | IP Address | Gateway | +| -------------------- | ----------- | ---- | --- | ---------- | ------- | +| Management0 | oob_management | oob | MGMT | 192.168.100.11/24 | 192.168.100.1 | + +#### IPv6 + +| Management Interface | description | Type | VRF | IPv6 Address | IPv6 Gateway | +| -------------------- | ----------- | ---- | --- | ------------ | ------------ | +| Management0 | oob_management | oob | MGMT | - | - | + +### Management Interfaces Device Configuration + +```eos +! +interface Management0 + description oob_management + no shutdown + vrf MGMT + ip address 192.168.100.11/24 +``` + +## Name Servers + +### Name Servers Summary + +| Name Server | Source VRF | +| ----------- | ---------- | +| 1.1.1.1 | MGMT | +| 8.8.8.8 | MGMT | + +### Name Servers Device Configuration + +```eos +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +``` + +## Management API HTTP + +### Management API HTTP Summary + +| HTTP | HTTPS | +| ---- | ----- | +| False | True | + +### Management API VRF Access + +| VRF Name | IPv4 ACL | IPv6 ACL | +| -------- | -------- | -------- | +| MGMT | - | - | + +### Management API HTTP Configuration + +```eos +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +``` + +# Authentication + +## Local Users + +### Local Users Summary + +| User | Privilege | Role | +| ---- | --------- | ---- | +| admin | 15 | network-admin | + +### Local Users Device Configuration + +```eos +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +``` + +# Monitoring + +# Internal VLAN Allocation Policy + +## Internal VLAN Allocation Policy Summary + +| Policy Allocation | Range Beginning | Range Ending | +| ------------------| --------------- | ------------ | +| ascending | 1006 | 1199 | + +## Internal VLAN Allocation Policy Configuration + +```eos +! +vlan internal order ascending range 1006 1199 +``` + +# VLANs + +## VLANs Summary + +| VLAN ID | Name | Trunk Groups | +| ------- | ---- | ------------ | +| 10 | A-ELAN-10 | - | + +## VLANs Device Configuration + +```eos +! +vlan 10 + name A-ELAN-10 +``` + +# Interfaces + +## Ethernet Interfaces + +### Ethernet Interfaces Summary + +#### L2 + +| Interface | Description | Mode | VLANs | Native VLAN | Trunk Group | Channel-Group | +| --------- | ----------- | ---- | ----- | ----------- | ----------- | ------------- | +| Ethernet3 | host1_eth1 | access | 10 | - | - | - | + +*Inherited from Port-Channel Interface + +#### IPv4 + +| Interface | Description | Type | Channel Group | IP Address | VRF | MTU | Shutdown | ACL In | ACL Out | +| --------- | ----------- | -----| ------------- | ---------- | ----| ---- | -------- | ------ | ------- | +| Ethernet1 | P2P_LINK_TO_SPINE-11_Ethernet1 | routed | - | 172.31.255.201/31 | default | 9000 | false | - | - | + +### Ethernet Interfaces Device Configuration + +```eos +! +interface Ethernet1 + description P2P_LINK_TO_SPINE-11_Ethernet1 + no shutdown + mtu 9000 + no switchport + ip address 172.31.255.201/31 +! +interface Ethernet3 + description host1_eth1 + no shutdown + switchport access vlan 10 + switchport mode access + switchport +``` + +## Loopback Interfaces + +### Loopback Interfaces Summary + +#### IPv4 + +| Interface | Description | VRF | IP Address | +| --------- | ----------- | --- | ---------- | +| Loopback0 | EVPN_Overlay_Peering | default | 192.168.0.102/32 | +| Loopback1 | VTEP_VXLAN_Tunnel_Source | default | 192.168.50.102/32 | + +#### IPv6 + +| Interface | Description | VRF | IPv6 Address | +| --------- | ----------- | --- | ------------ | +| Loopback0 | EVPN_Overlay_Peering | default | - | +| Loopback1 | VTEP_VXLAN_Tunnel_Source | default | - | + + +### Loopback Interfaces Device Configuration + +```eos +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.0.102/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.50.102/32 +``` + +## VXLAN Interface + +### VXLAN Interface Summary + +| Setting | Value | +| ------- | ----- | +| Source Interface | Loopback1 | +| UDP port | 4789 | + +#### VLAN to VNI, Flood List and Multicast Group Mappings + +| VLAN | VNI | Flood List | Multicast Group | +| ---- | --- | ---------- | --------------- | +| 10 | 10010 | - | - | + +### VXLAN Interface Device Configuration + +```eos +! +interface Vxlan1 + description leaf-101_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10 vni 10010 +``` + +# Routing +## Service Routing Protocols Model + +Multi agent routing protocol model enabled + +```eos +! +service routing protocols model multi-agent +``` + +## Virtual Router MAC Address + +### Virtual Router MAC Address Summary + +#### Virtual Router MAC Address: 00:1c:73:00:dc:01 + +### Virtual Router MAC Address Configuration + +```eos +! +ip virtual-router mac-address 00:1c:73:00:dc:01 +``` + +## IP Routing + +### IP Routing Summary + +| VRF | Routing Enabled | +| --- | --------------- | +| default | true | +| MGMT | false | + +### IP Routing Device Configuration + +```eos +! +ip routing +no ip routing vrf MGMT +``` +## IPv6 Routing + +### IPv6 Routing Summary + +| VRF | Routing Enabled | +| --- | --------------- | +| default | false | +| MGMT | false | + +## Static Routes + +### Static Routes Summary + +| VRF | Destination Prefix | Next Hop IP | Exit interface | Administrative Distance | Tag | Route Name | Metric | +| --- | ------------------ | ----------------------- | ------------------- | ----------------------------- | ----------------- | ----------------------------- | -------------- | +| MGMT | 0.0.0.0/0 | 192.168.100.1 | - | 1 | - | - | - | + +### Static Routes Device Configuration + +```eos +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +``` + +## Router BGP + +### Router BGP Summary + +| BGP AS | Router ID | +| ------ | --------- | +| 65000| 192.168.0.102 | + +| BGP Tuning | +| ---------- | +| maximum-paths 4 ecmp 4 | + +### Router BGP Peer Groups + +#### EVPN-OVERLAY-PEERS + +| Settings | Value | +| -------- | ----- | +| Address Family | evpn | +| Source | Loopback0 | +| BFD | True | +| Ebgp multihop | 3 | +| Send community | all | +| Maximum routes | 0 (no limit) | + +#### IPv4-UNDERLAY-PEERS + +| Settings | Value | +| -------- | ----- | +| Address Family | ipv4 | +| Send community | all | +| Maximum routes | 12000 | + +### BGP Neighbors + +| Neighbor | Remote AS | VRF | Shutdown | Send-community | Maximum-routes | Allowas-in | BFD | RIB Pre-Policy Retain | +| -------- | --------- | --- | -------- | -------------- | -------------- | ---------- | --- | -------------- | +| 172.31.255.200 | 65099 | default | - | Inherited from peer group IPv4-UNDERLAY-PEERS | Inherited from peer group IPv4-UNDERLAY-PEERS | - | - | - | +| 192.168.0.11 | 65099 | default | - | Inherited from peer group EVPN-OVERLAY-PEERS | Inherited from peer group EVPN-OVERLAY-PEERS | - | Inherited from peer group EVPN-OVERLAY-PEERS | - | + +### Router BGP EVPN Address Family + +#### EVPN Peer Groups + +| Peer Group | Activate | +| ---------- | -------- | +| EVPN-OVERLAY-PEERS | True | + +### Router BGP VLANs + +| VLAN | Route-Distinguisher | Both Route-Target | Import Route Target | Export Route-Target | Redistribute | +| ---- | ------------------- | ----------------- | ------------------- | ------------------- | ------------ | +| 10 | 192.168.0.102:10010 | 10010:10010 | - | - | learned | + +### Router BGP Device Configuration + +```eos +! +router bgp 65000 + router-id 192.168.0.102 + maximum-paths 4 ecmp 4 + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.31.255.200 peer group IPv4-UNDERLAY-PEERS + neighbor 172.31.255.200 remote-as 65099 + neighbor 172.31.255.200 description spine-11_Ethernet1 + neighbor 192.168.0.11 peer group EVPN-OVERLAY-PEERS + neighbor 192.168.0.11 remote-as 65099 + neighbor 192.168.0.11 description spine-11 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd 192.168.0.102:10010 + route-target both 10010:10010 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate +``` + +# BFD + +## Router BFD + +### Router BFD Multihop Summary + +| Interval | Minimum RX | Multiplier | +| -------- | ---------- | ---------- | +| 300 | 300 | 3 | + +### Router BFD Device Configuration + +```eos +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +``` + +# Multicast + +## IP IGMP Snooping + +### IP IGMP Snooping Summary + +| IGMP Snooping | Fast Leave | Interface Restart Query | Proxy | Restart Query Interval | Robustness Variable | +| ------------- | ---------- | ----------------------- | ----- | ---------------------- | ------------------- | +| Enabled | - | - | - | - | - | + +### IP IGMP Snooping Device Configuration + +```eos +``` + +# Filters + +## Prefix-lists + +### Prefix-lists Summary + +#### PL-LOOPBACKS-EVPN-OVERLAY + +| Sequence | Action | +| -------- | ------ | +| 10 | permit 192.168.0.0/24 eq 32 | +| 20 | permit 192.168.50.0/24 eq 32 | + +### Prefix-lists Device Configuration + +```eos +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.0.0/24 eq 32 + seq 20 permit 192.168.50.0/24 eq 32 +``` + +## Route-maps + +### Route-maps Summary + +#### RM-CONN-2-BGP + +| Sequence | Type | Match and/or Set | +| -------- | ---- | ---------------- | +| 10 | permit | match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY | + +### Route-maps Device Configuration + +```eos +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +``` + +# ACL + +# VRF Instances + +## VRF Instances Summary + +| VRF Name | IP Routing | +| -------- | ---------- | +| MGMT | disabled | + +## VRF Instances Device Configuration + +```eos +! +vrf instance MGMT +``` + +# Quality Of Service diff --git a/demo/ansible-101-may2022/documentation/devices/leaf-102.md b/demo/ansible-101-may2022/documentation/devices/leaf-102.md new file mode 100644 index 00000000..4827bcaf --- /dev/null +++ b/demo/ansible-101-may2022/documentation/devices/leaf-102.md @@ -0,0 +1,505 @@ +# leaf-102 +# Table of Contents + +- [Management](#management) + - [Management Interfaces](#management-interfaces) + - [Name Servers](#name-servers) + - [Management API HTTP](#management-api-http) +- [Authentication](#authentication) + - [Local Users](#local-users) +- [Monitoring](#monitoring) +- [Internal VLAN Allocation Policy](#internal-vlan-allocation-policy) + - [Internal VLAN Allocation Policy Summary](#internal-vlan-allocation-policy-summary) + - [Internal VLAN Allocation Policy Configuration](#internal-vlan-allocation-policy-configuration) +- [VLANs](#vlans) + - [VLANs Summary](#vlans-summary) + - [VLANs Device Configuration](#vlans-device-configuration) +- [Interfaces](#interfaces) + - [Ethernet Interfaces](#ethernet-interfaces) + - [Loopback Interfaces](#loopback-interfaces) + - [VXLAN Interface](#vxlan-interface) +- [Routing](#routing) + - [Service Routing Protocols Model](#service-routing-protocols-model) + - [Virtual Router MAC Address](#virtual-router-mac-address) + - [IP Routing](#ip-routing) + - [IPv6 Routing](#ipv6-routing) + - [Static Routes](#static-routes) + - [Router BGP](#router-bgp) +- [BFD](#bfd) + - [Router BFD](#router-bfd) +- [Multicast](#multicast) + - [IP IGMP Snooping](#ip-igmp-snooping) +- [Filters](#filters) + - [Prefix-lists](#prefix-lists) + - [Route-maps](#route-maps) +- [ACL](#acl) +- [VRF Instances](#vrf-instances) + - [VRF Instances Summary](#vrf-instances-summary) + - [VRF Instances Device Configuration](#vrf-instances-device-configuration) +- [Quality Of Service](#quality-of-service) + +# Management + +## Management Interfaces + +### Management Interfaces Summary + +#### IPv4 + +| Management Interface | description | Type | VRF | IP Address | Gateway | +| -------------------- | ----------- | ---- | --- | ---------- | ------- | +| Management0 | oob_management | oob | MGMT | 192.168.100.12/24 | 192.168.100.1 | + +#### IPv6 + +| Management Interface | description | Type | VRF | IPv6 Address | IPv6 Gateway | +| -------------------- | ----------- | ---- | --- | ------------ | ------------ | +| Management0 | oob_management | oob | MGMT | - | - | + +### Management Interfaces Device Configuration + +```eos +! +interface Management0 + description oob_management + no shutdown + vrf MGMT + ip address 192.168.100.12/24 +``` + +## Name Servers + +### Name Servers Summary + +| Name Server | Source VRF | +| ----------- | ---------- | +| 1.1.1.1 | MGMT | +| 8.8.8.8 | MGMT | + +### Name Servers Device Configuration + +```eos +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +``` + +## Management API HTTP + +### Management API HTTP Summary + +| HTTP | HTTPS | +| ---- | ----- | +| False | True | + +### Management API VRF Access + +| VRF Name | IPv4 ACL | IPv6 ACL | +| -------- | -------- | -------- | +| MGMT | - | - | + +### Management API HTTP Configuration + +```eos +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +``` + +# Authentication + +## Local Users + +### Local Users Summary + +| User | Privilege | Role | +| ---- | --------- | ---- | +| admin | 15 | network-admin | + +### Local Users Device Configuration + +```eos +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +``` + +# Monitoring + +# Internal VLAN Allocation Policy + +## Internal VLAN Allocation Policy Summary + +| Policy Allocation | Range Beginning | Range Ending | +| ------------------| --------------- | ------------ | +| ascending | 1006 | 1199 | + +## Internal VLAN Allocation Policy Configuration + +```eos +! +vlan internal order ascending range 1006 1199 +``` + +# VLANs + +## VLANs Summary + +| VLAN ID | Name | Trunk Groups | +| ------- | ---- | ------------ | +| 10 | A-ELAN-10 | - | + +## VLANs Device Configuration + +```eos +! +vlan 10 + name A-ELAN-10 +``` + +# Interfaces + +## Ethernet Interfaces + +### Ethernet Interfaces Summary + +#### L2 + +| Interface | Description | Mode | VLANs | Native VLAN | Trunk Group | Channel-Group | +| --------- | ----------- | ---- | ----- | ----------- | ----------- | ------------- | +| Ethernet3 | host2_eth1 | access | 10 | - | - | - | + +*Inherited from Port-Channel Interface + +#### IPv4 + +| Interface | Description | Type | Channel Group | IP Address | VRF | MTU | Shutdown | ACL In | ACL Out | +| --------- | ----------- | -----| ------------- | ---------- | ----| ---- | -------- | ------ | ------- | +| Ethernet1 | P2P_LINK_TO_SPINE-11_Ethernet2 | routed | - | 172.31.255.203/31 | default | 9000 | false | - | - | + +### Ethernet Interfaces Device Configuration + +```eos +! +interface Ethernet1 + description P2P_LINK_TO_SPINE-11_Ethernet2 + no shutdown + mtu 9000 + no switchport + ip address 172.31.255.203/31 +! +interface Ethernet3 + description host2_eth1 + no shutdown + switchport access vlan 10 + switchport mode access + switchport +``` + +## Loopback Interfaces + +### Loopback Interfaces Summary + +#### IPv4 + +| Interface | Description | VRF | IP Address | +| --------- | ----------- | --- | ---------- | +| Loopback0 | EVPN_Overlay_Peering | default | 192.168.0.103/32 | +| Loopback1 | VTEP_VXLAN_Tunnel_Source | default | 192.168.50.103/32 | + +#### IPv6 + +| Interface | Description | VRF | IPv6 Address | +| --------- | ----------- | --- | ------------ | +| Loopback0 | EVPN_Overlay_Peering | default | - | +| Loopback1 | VTEP_VXLAN_Tunnel_Source | default | - | + + +### Loopback Interfaces Device Configuration + +```eos +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.0.103/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.50.103/32 +``` + +## VXLAN Interface + +### VXLAN Interface Summary + +| Setting | Value | +| ------- | ----- | +| Source Interface | Loopback1 | +| UDP port | 4789 | + +#### VLAN to VNI, Flood List and Multicast Group Mappings + +| VLAN | VNI | Flood List | Multicast Group | +| ---- | --- | ---------- | --------------- | +| 10 | 10010 | - | - | + +### VXLAN Interface Device Configuration + +```eos +! +interface Vxlan1 + description leaf-102_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10 vni 10010 +``` + +# Routing +## Service Routing Protocols Model + +Multi agent routing protocol model enabled + +```eos +! +service routing protocols model multi-agent +``` + +## Virtual Router MAC Address + +### Virtual Router MAC Address Summary + +#### Virtual Router MAC Address: 00:1c:73:00:dc:01 + +### Virtual Router MAC Address Configuration + +```eos +! +ip virtual-router mac-address 00:1c:73:00:dc:01 +``` + +## IP Routing + +### IP Routing Summary + +| VRF | Routing Enabled | +| --- | --------------- | +| default | true | +| MGMT | false | + +### IP Routing Device Configuration + +```eos +! +ip routing +no ip routing vrf MGMT +``` +## IPv6 Routing + +### IPv6 Routing Summary + +| VRF | Routing Enabled | +| --- | --------------- | +| default | false | +| MGMT | false | + +## Static Routes + +### Static Routes Summary + +| VRF | Destination Prefix | Next Hop IP | Exit interface | Administrative Distance | Tag | Route Name | Metric | +| --- | ------------------ | ----------------------- | ------------------- | ----------------------------- | ----------------- | ----------------------------- | -------------- | +| MGMT | 0.0.0.0/0 | 192.168.100.1 | - | 1 | - | - | - | + +### Static Routes Device Configuration + +```eos +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +``` + +## Router BGP + +### Router BGP Summary + +| BGP AS | Router ID | +| ------ | --------- | +| 65001| 192.168.0.103 | + +| BGP Tuning | +| ---------- | +| maximum-paths 4 ecmp 4 | + +### Router BGP Peer Groups + +#### EVPN-OVERLAY-PEERS + +| Settings | Value | +| -------- | ----- | +| Address Family | evpn | +| Source | Loopback0 | +| BFD | True | +| Ebgp multihop | 3 | +| Send community | all | +| Maximum routes | 0 (no limit) | + +#### IPv4-UNDERLAY-PEERS + +| Settings | Value | +| -------- | ----- | +| Address Family | ipv4 | +| Send community | all | +| Maximum routes | 12000 | + +### BGP Neighbors + +| Neighbor | Remote AS | VRF | Shutdown | Send-community | Maximum-routes | Allowas-in | BFD | RIB Pre-Policy Retain | +| -------- | --------- | --- | -------- | -------------- | -------------- | ---------- | --- | -------------- | +| 172.31.255.202 | 65099 | default | - | Inherited from peer group IPv4-UNDERLAY-PEERS | Inherited from peer group IPv4-UNDERLAY-PEERS | - | - | - | +| 192.168.0.11 | 65099 | default | - | Inherited from peer group EVPN-OVERLAY-PEERS | Inherited from peer group EVPN-OVERLAY-PEERS | - | Inherited from peer group EVPN-OVERLAY-PEERS | - | + +### Router BGP EVPN Address Family + +#### EVPN Peer Groups + +| Peer Group | Activate | +| ---------- | -------- | +| EVPN-OVERLAY-PEERS | True | + +### Router BGP VLANs + +| VLAN | Route-Distinguisher | Both Route-Target | Import Route Target | Export Route-Target | Redistribute | +| ---- | ------------------- | ----------------- | ------------------- | ------------------- | ------------ | +| 10 | 192.168.0.103:10010 | 10010:10010 | - | - | learned | + +### Router BGP Device Configuration + +```eos +! +router bgp 65001 + router-id 192.168.0.103 + maximum-paths 4 ecmp 4 + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.31.255.202 peer group IPv4-UNDERLAY-PEERS + neighbor 172.31.255.202 remote-as 65099 + neighbor 172.31.255.202 description spine-11_Ethernet2 + neighbor 192.168.0.11 peer group EVPN-OVERLAY-PEERS + neighbor 192.168.0.11 remote-as 65099 + neighbor 192.168.0.11 description spine-11 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd 192.168.0.103:10010 + route-target both 10010:10010 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate +``` + +# BFD + +## Router BFD + +### Router BFD Multihop Summary + +| Interval | Minimum RX | Multiplier | +| -------- | ---------- | ---------- | +| 300 | 300 | 3 | + +### Router BFD Device Configuration + +```eos +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +``` + +# Multicast + +## IP IGMP Snooping + +### IP IGMP Snooping Summary + +| IGMP Snooping | Fast Leave | Interface Restart Query | Proxy | Restart Query Interval | Robustness Variable | +| ------------- | ---------- | ----------------------- | ----- | ---------------------- | ------------------- | +| Enabled | - | - | - | - | - | + +### IP IGMP Snooping Device Configuration + +```eos +``` + +# Filters + +## Prefix-lists + +### Prefix-lists Summary + +#### PL-LOOPBACKS-EVPN-OVERLAY + +| Sequence | Action | +| -------- | ------ | +| 10 | permit 192.168.0.0/24 eq 32 | +| 20 | permit 192.168.50.0/24 eq 32 | + +### Prefix-lists Device Configuration + +```eos +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.0.0/24 eq 32 + seq 20 permit 192.168.50.0/24 eq 32 +``` + +## Route-maps + +### Route-maps Summary + +#### RM-CONN-2-BGP + +| Sequence | Type | Match and/or Set | +| -------- | ---- | ---------------- | +| 10 | permit | match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY | + +### Route-maps Device Configuration + +```eos +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +``` + +# ACL + +# VRF Instances + +## VRF Instances Summary + +| VRF Name | IP Routing | +| -------- | ---------- | +| MGMT | disabled | + +## VRF Instances Device Configuration + +```eos +! +vrf instance MGMT +``` + +# Quality Of Service diff --git a/demo/ansible-101-may2022/documentation/devices/spine-11.md b/demo/ansible-101-may2022/documentation/devices/spine-11.md new file mode 100644 index 00000000..4fee60cd --- /dev/null +++ b/demo/ansible-101-may2022/documentation/devices/spine-11.md @@ -0,0 +1,445 @@ +# spine-11 +# Table of Contents + +- [Management](#management) + - [Management Interfaces](#management-interfaces) + - [Name Servers](#name-servers) + - [Management API HTTP](#management-api-http) +- [Authentication](#authentication) + - [Local Users](#local-users) +- [Monitoring](#monitoring) +- [Spanning Tree](#spanning-tree) + - [Spanning Tree Summary](#spanning-tree-summary) + - [Spanning Tree Device Configuration](#spanning-tree-device-configuration) +- [Internal VLAN Allocation Policy](#internal-vlan-allocation-policy) + - [Internal VLAN Allocation Policy Summary](#internal-vlan-allocation-policy-summary) + - [Internal VLAN Allocation Policy Configuration](#internal-vlan-allocation-policy-configuration) +- [Interfaces](#interfaces) + - [Ethernet Interfaces](#ethernet-interfaces) + - [Loopback Interfaces](#loopback-interfaces) +- [Routing](#routing) + - [Service Routing Protocols Model](#service-routing-protocols-model) + - [IP Routing](#ip-routing) + - [IPv6 Routing](#ipv6-routing) + - [Static Routes](#static-routes) + - [Router BGP](#router-bgp) +- [BFD](#bfd) + - [Router BFD](#router-bfd) +- [Multicast](#multicast) +- [Filters](#filters) + - [Prefix-lists](#prefix-lists) + - [Route-maps](#route-maps) +- [ACL](#acl) +- [VRF Instances](#vrf-instances) + - [VRF Instances Summary](#vrf-instances-summary) + - [VRF Instances Device Configuration](#vrf-instances-device-configuration) +- [Quality Of Service](#quality-of-service) + +# Management + +## Management Interfaces + +### Management Interfaces Summary + +#### IPv4 + +| Management Interface | description | Type | VRF | IP Address | Gateway | +| -------------------- | ----------- | ---- | --- | ---------- | ------- | +| Management0 | oob_management | oob | MGMT | 192.168.100.21/24 | 192.168.100.1 | + +#### IPv6 + +| Management Interface | description | Type | VRF | IPv6 Address | IPv6 Gateway | +| -------------------- | ----------- | ---- | --- | ------------ | ------------ | +| Management0 | oob_management | oob | MGMT | - | - | + +### Management Interfaces Device Configuration + +```eos +! +interface Management0 + description oob_management + no shutdown + vrf MGMT + ip address 192.168.100.21/24 +``` + +## Name Servers + +### Name Servers Summary + +| Name Server | Source VRF | +| ----------- | ---------- | +| 1.1.1.1 | MGMT | +| 8.8.8.8 | MGMT | + +### Name Servers Device Configuration + +```eos +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +``` + +## Management API HTTP + +### Management API HTTP Summary + +| HTTP | HTTPS | +| ---- | ----- | +| False | True | + +### Management API VRF Access + +| VRF Name | IPv4 ACL | IPv6 ACL | +| -------- | -------- | -------- | +| MGMT | - | - | + +### Management API HTTP Configuration + +```eos +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +``` + +# Authentication + +## Local Users + +### Local Users Summary + +| User | Privilege | Role | +| ---- | --------- | ---- | +| admin | 15 | network-admin | + +### Local Users Device Configuration + +```eos +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +``` + +# Monitoring + +# Spanning Tree + +## Spanning Tree Summary + +STP mode: **none** + +## Spanning Tree Device Configuration + +```eos +! +spanning-tree mode none +``` + +# Internal VLAN Allocation Policy + +## Internal VLAN Allocation Policy Summary + +| Policy Allocation | Range Beginning | Range Ending | +| ------------------| --------------- | ------------ | +| ascending | 1006 | 1199 | + +## Internal VLAN Allocation Policy Configuration + +```eos +! +vlan internal order ascending range 1006 1199 +``` + +# Interfaces + +## Ethernet Interfaces + +### Ethernet Interfaces Summary + +#### L2 + +| Interface | Description | Mode | VLANs | Native VLAN | Trunk Group | Channel-Group | +| --------- | ----------- | ---- | ----- | ----------- | ----------- | ------------- | + +*Inherited from Port-Channel Interface + +#### IPv4 + +| Interface | Description | Type | Channel Group | IP Address | VRF | MTU | Shutdown | ACL In | ACL Out | +| --------- | ----------- | -----| ------------- | ---------- | ----| ---- | -------- | ------ | ------- | +| Ethernet1 | P2P_LINK_TO_LEAF-101_Ethernet1 | routed | - | 172.31.255.200/31 | default | 9000 | false | - | - | +| Ethernet2 | P2P_LINK_TO_LEAF-102_Ethernet1 | routed | - | 172.31.255.202/31 | default | 9000 | false | - | - | + +### Ethernet Interfaces Device Configuration + +```eos +! +interface Ethernet1 + description P2P_LINK_TO_LEAF-101_Ethernet1 + no shutdown + mtu 9000 + no switchport + ip address 172.31.255.200/31 +! +interface Ethernet2 + description P2P_LINK_TO_LEAF-102_Ethernet1 + no shutdown + mtu 9000 + no switchport + ip address 172.31.255.202/31 +``` + +## Loopback Interfaces + +### Loopback Interfaces Summary + +#### IPv4 + +| Interface | Description | VRF | IP Address | +| --------- | ----------- | --- | ---------- | +| Loopback0 | EVPN_Overlay_Peering | default | 192.168.0.11/32 | + +#### IPv6 + +| Interface | Description | VRF | IPv6 Address | +| --------- | ----------- | --- | ------------ | +| Loopback0 | EVPN_Overlay_Peering | default | - | + + +### Loopback Interfaces Device Configuration + +```eos +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.0.11/32 +``` + +# Routing +## Service Routing Protocols Model + +Multi agent routing protocol model enabled + +```eos +! +service routing protocols model multi-agent +``` + +## IP Routing + +### IP Routing Summary + +| VRF | Routing Enabled | +| --- | --------------- | +| default | true | +| MGMT | false | + +### IP Routing Device Configuration + +```eos +! +ip routing +no ip routing vrf MGMT +``` +## IPv6 Routing + +### IPv6 Routing Summary + +| VRF | Routing Enabled | +| --- | --------------- | +| default | false | +| MGMT | false | + +## Static Routes + +### Static Routes Summary + +| VRF | Destination Prefix | Next Hop IP | Exit interface | Administrative Distance | Tag | Route Name | Metric | +| --- | ------------------ | ----------------------- | ------------------- | ----------------------------- | ----------------- | ----------------------------- | -------------- | +| MGMT | 0.0.0.0/0 | 192.168.100.1 | - | 1 | - | - | - | + +### Static Routes Device Configuration + +```eos +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +``` + +## Router BGP + +### Router BGP Summary + +| BGP AS | Router ID | +| ------ | --------- | +| 65099| 192.168.0.11 | + +| BGP Tuning | +| ---------- | +| no bgp default ipv4-unicast | +| distance bgp 20 200 200 | +| graceful-restart restart-time 300 | +| graceful-restart | +| maximum-paths 4 ecmp 4 | + +### Router BGP Peer Groups + +#### EVPN-OVERLAY-PEERS + +| Settings | Value | +| -------- | ----- | +| Address Family | evpn | +| Next-hop unchanged | True | +| Source | Loopback0 | +| BFD | True | +| Ebgp multihop | 3 | +| Send community | all | +| Maximum routes | 0 (no limit) | + +#### IPv4-UNDERLAY-PEERS + +| Settings | Value | +| -------- | ----- | +| Address Family | ipv4 | +| Send community | all | +| Maximum routes | 12000 | + +### BGP Neighbors + +| Neighbor | Remote AS | VRF | Shutdown | Send-community | Maximum-routes | Allowas-in | BFD | RIB Pre-Policy Retain | +| -------- | --------- | --- | -------- | -------------- | -------------- | ---------- | --- | -------------- | +| 172.31.255.201 | 65000 | default | - | Inherited from peer group IPv4-UNDERLAY-PEERS | Inherited from peer group IPv4-UNDERLAY-PEERS | - | - | - | +| 172.31.255.203 | 65001 | default | - | Inherited from peer group IPv4-UNDERLAY-PEERS | Inherited from peer group IPv4-UNDERLAY-PEERS | - | - | - | +| 192.168.0.102 | 65000 | default | - | Inherited from peer group EVPN-OVERLAY-PEERS | Inherited from peer group EVPN-OVERLAY-PEERS | - | Inherited from peer group EVPN-OVERLAY-PEERS | - | +| 192.168.0.103 | 65001 | default | - | Inherited from peer group EVPN-OVERLAY-PEERS | Inherited from peer group EVPN-OVERLAY-PEERS | - | Inherited from peer group EVPN-OVERLAY-PEERS | - | + +### Router BGP EVPN Address Family + +#### EVPN Peer Groups + +| Peer Group | Activate | +| ---------- | -------- | +| EVPN-OVERLAY-PEERS | True | + +### Router BGP Device Configuration + +```eos +! +router bgp 65099 + router-id 192.168.0.11 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 ecmp 4 + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS next-hop-unchanged + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.31.255.201 peer group IPv4-UNDERLAY-PEERS + neighbor 172.31.255.201 remote-as 65000 + neighbor 172.31.255.201 description leaf-101_Ethernet1 + neighbor 172.31.255.203 peer group IPv4-UNDERLAY-PEERS + neighbor 172.31.255.203 remote-as 65001 + neighbor 172.31.255.203 description leaf-102_Ethernet1 + neighbor 192.168.0.102 peer group EVPN-OVERLAY-PEERS + neighbor 192.168.0.102 remote-as 65000 + neighbor 192.168.0.102 description leaf-101 + neighbor 192.168.0.103 peer group EVPN-OVERLAY-PEERS + neighbor 192.168.0.103 remote-as 65001 + neighbor 192.168.0.103 description leaf-102 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate +``` + +# BFD + +## Router BFD + +### Router BFD Multihop Summary + +| Interval | Minimum RX | Multiplier | +| -------- | ---------- | ---------- | +| 300 | 300 | 3 | + +### Router BFD Device Configuration + +```eos +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +``` + +# Multicast + +# Filters + +## Prefix-lists + +### Prefix-lists Summary + +#### PL-LOOPBACKS-EVPN-OVERLAY + +| Sequence | Action | +| -------- | ------ | +| 10 | permit 192.168.0.0/24 eq 32 | + +### Prefix-lists Device Configuration + +```eos +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.0.0/24 eq 32 +``` + +## Route-maps + +### Route-maps Summary + +#### RM-CONN-2-BGP + +| Sequence | Type | Match and/or Set | +| -------- | ---- | ---------------- | +| 10 | permit | match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY | + +### Route-maps Device Configuration + +```eos +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +``` + +# ACL + +# VRF Instances + +## VRF Instances Summary + +| VRF Name | IP Routing | +| -------- | ---------- | +| MGMT | disabled | + +## VRF Instances Device Configuration + +```eos +! +vrf instance MGMT +``` + +# Quality Of Service diff --git a/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-documentation.md b/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-documentation.md new file mode 100644 index 00000000..6c91a264 --- /dev/null +++ b/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-documentation.md @@ -0,0 +1,77 @@ +# DC1_FABRIC + +# Table of Contents + +- [Fabric Switches and Management IP](#fabric-switches-and-management-ip) + - [Fabric Switches with inband Management IP](#fabric-switches-with-inband-management-ip) +- [Fabric Topology](#fabric-topology) +- [Fabric IP Allocation](#fabric-ip-allocation) + - [Fabric Point-To-Point Links](#fabric-point-to-point-links) + - [Point-To-Point Links Node Allocation](#point-to-point-links-node-allocation) + - [Loopback Interfaces (BGP EVPN Peering)](#loopback-interfaces-bgp-evpn-peering) + - [Loopback0 Interfaces Node Allocation](#loopback0-interfaces-node-allocation) + - [VTEP Loopback VXLAN Tunnel Source Interfaces (VTEPs Only)](#vtep-loopback-vxlan-tunnel-source-interfaces-vteps-only) + - [VTEP Loopback Node allocation](#vtep-loopback-node-allocation) + +# Fabric Switches and Management IP + +| POD | Type | Node | Management IP | Platform | Provisioned in CloudVision | +| --- | ---- | ---- | ------------- | -------- | -------------------------- | +| DC1_FABRIC | l3leaf | leaf-101 | 192.168.100.11/24 | CEOS | Provisioned | +| DC1_FABRIC | l3leaf | leaf-102 | 192.168.100.12/24 | CEOS | Provisioned | +| DC1_FABRIC | spine | spine-11 | 192.168.100.21/24 | CEOS | Provisioned | + +> Provision status is based on Ansible inventory declaration and do not represent real status from CloudVision. + +## Fabric Switches with inband Management IP +| POD | Type | Node | Management IP | Inband Interface | +| --- | ---- | ---- | ------------- | ---------------- | + +# Fabric Topology + +| Type | Node | Node Interface | Peer Type | Peer Node | Peer Interface | +| ---- | ---- | -------------- | --------- | ----------| -------------- | +| l3leaf | leaf-101 | Ethernet1 | spine | spine-11 | Ethernet1 | +| l3leaf | leaf-102 | Ethernet1 | spine | spine-11 | Ethernet2 | + +# Fabric IP Allocation + +## Fabric Point-To-Point Links + +| Uplink IPv4 Pool | Available Addresses | Assigned addresses | Assigned Address % | +| ---------------- | ------------------- | ------------------ | ------------------ | +| 172.31.255.0/24 | 256 | 4 | 1.57 % | + +## Point-To-Point Links Node Allocation + +| Node | Node Interface | Node IP Address | Peer Node | Peer Interface | Peer IP Address | +| ---- | -------------- | --------------- | --------- | -------------- | --------------- | +| leaf-101 | Ethernet1 | 172.31.255.201/31 | spine-11 | Ethernet1 | 172.31.255.200/31 | +| leaf-102 | Ethernet1 | 172.31.255.203/31 | spine-11 | Ethernet2 | 172.31.255.202/31 | + +## Loopback Interfaces (BGP EVPN Peering) + +| Loopback Pool | Available Addresses | Assigned addresses | Assigned Address % | +| ------------- | ------------------- | ------------------ | ------------------ | +| 192.168.0.0/24 | 256 | 3 | 1.18 % | + +## Loopback0 Interfaces Node Allocation + +| POD | Node | Loopback0 | +| --- | ---- | --------- | +| DC1_FABRIC | leaf-101 | 192.168.0.102/32 | +| DC1_FABRIC | leaf-102 | 192.168.0.103/32 | +| DC1_FABRIC | spine-11 | 192.168.0.11/32 | + +## VTEP Loopback VXLAN Tunnel Source Interfaces (VTEPs Only) + +| VTEP Loopback Pool | Available Addresses | Assigned addresses | Assigned Address % | +| --------------------- | ------------------- | ------------------ | ------------------ | +| 192.168.50.0/24 | 256 | 2 | 0.79 % | + +## VTEP Loopback Node allocation + +| POD | Node | Loopback1 | +| --- | ---- | --------- | +| DC1_FABRIC | leaf-101 | 192.168.50.102/32 | +| DC1_FABRIC | leaf-102 | 192.168.50.103/32 | diff --git a/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-p2p-links.csv b/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-p2p-links.csv new file mode 100644 index 00000000..2a66081d --- /dev/null +++ b/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-p2p-links.csv @@ -0,0 +1,3 @@ +Type,Node,Node Interface,Leaf IP Address,Peer Type,Peer Node,Peer Interface,Peer IP Address +l3leaf,leaf-101,Ethernet1,172.31.255.201/31,spine,spine-11,Ethernet1,172.31.255.200/31 +l3leaf,leaf-102,Ethernet1,172.31.255.203/31,spine,spine-11,Ethernet2,172.31.255.202/31 diff --git a/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-topology.csv b/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-topology.csv new file mode 100644 index 00000000..566ea572 --- /dev/null +++ b/demo/ansible-101-may2022/documentation/fabric/DC1_FABRIC-topology.csv @@ -0,0 +1,7 @@ +Node Type,Node,Node Interface,Peer Type,Peer Node,Peer Interface +l3leaf,leaf-101,Ethernet1,spine,spine-11,Ethernet1 +l3leaf,leaf-101,Ethernet3,server,host1,eth1 +l3leaf,leaf-102,Ethernet1,spine,spine-11,Ethernet2 +l3leaf,leaf-102,Ethernet3,server,host2,eth1 +spine,spine-11,Ethernet1,l3leaf,leaf-101,Ethernet1 +spine,spine-11,Ethernet2,l3leaf,leaf-102,Ethernet1 diff --git a/demo/ansible-101-may2022/fabric.yml b/demo/ansible-101-may2022/fabric.yml new file mode 100644 index 00000000..bfae7cd5 --- /dev/null +++ b/demo/ansible-101-may2022/fabric.yml @@ -0,0 +1,20 @@ +--- +- name: Build Configurations + hosts: DC1_FABRIC + gather_facts: false + tasks: + + - name: build local folders + tags: [build] + import_role: + name: arista.avd.build_output_folders + + - name: generate intended variables + tags: [build] + import_role: + name: arista.avd.eos_designs + + - name: generate device intended config and documentation + tags: [build] + import_role: + name: arista.avd.eos_cli_config_gen \ No newline at end of file diff --git a/demo/ansible-101-may2022/group_vars/DC1.yml b/demo/ansible-101-may2022/group_vars/DC1.yml new file mode 100644 index 00000000..bd7e5fe9 --- /dev/null +++ b/demo/ansible-101-may2022/group_vars/DC1.yml @@ -0,0 +1,20 @@ +--- +# local users +local_users: + # Username with a password + admin: + privilege: 15 + role: network-admin + sha512_password: "$6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/" + +# OOB Management network default gateway. +mgmt_interface: Management0 +mgmt_gateway: 192.168.100.1 +mgmt_interface_vrf: MGMT +mgmt_destination_networks: + - 0.0.0.0/0 + +# dns servers. +name_servers: + - 1.1.1.1 + - 8.8.8.8 \ No newline at end of file diff --git a/demo/ansible-101-may2022/group_vars/DC1_FABRIC.yml b/demo/ansible-101-may2022/group_vars/DC1_FABRIC.yml new file mode 100644 index 00000000..7bb38e95 --- /dev/null +++ b/demo/ansible-101-may2022/group_vars/DC1_FABRIC.yml @@ -0,0 +1,57 @@ +--- + +fabric_name: DC1_FABRIC + +spine: + defaults: + platform: CEOS + bgp_as: 65099 + # Overlay loopback IP and same pool can be assigned to both spine and l3leaf switches + # If same loopback pool is defined for both spine and l3leaf, + # < loopback_ipv4_offset > must be set in either one of the node_types + loopback_ipv4_pool: 192.168.0.0/24 + # Recommended for vEOS + bgp_defaults: + - 'no bgp default ipv4-unicast' + - 'distance bgp 20 200 200' + - 'graceful-restart restart-time 300' + - 'graceful-restart' + nodes: + spine-11: + id: 11 + mgmt_ip: 192.168.100.21/24 + +l3leaf: + defaults: + platform: CEOS + virtual_router_mac_address: 00:1c:73:00:dc:01 + # VTEP VXLAN Tunnel source loopback IP for leaf switches, assigned in /32s + # Assign range larger than total leaf switches + vtep_loopback_ipv4_pool: 192.168.50.0/24 + loopback_ipv4_pool: 192.168.0.0/24 + # Offset must be >= number of spines + loopback_ipv4_offset: 1 + # Point to Point Network Summary range, assigned as /31 for each + # uplink interfaces + # Assign range larger than total [spines * total potential leafs * 2] + uplink_ipv4_pool: 172.31.255.0/24 + uplink_switches: [spine-11] + uplink_interfaces: [Ethernet1] + + node_groups: + DC1_LEAF1: + bgp_as: 65000 + nodes: + leaf-101: + id: 101 + mgmt_ip: 192.168.100.11/24 + # Interface configured on SPINES to connect to this leaf + uplink_switch_interfaces: [Ethernet1] + DC1_LEAF2: + bgp_as: 65001 + nodes: + leaf-102: + id: 102 + mgmt_ip: 192.168.100.12/24 + # Interface configured on SPINES to connect to this leaf + uplink_switch_interfaces: [Ethernet2] \ No newline at end of file diff --git a/demo/ansible-101-may2022/group_vars/DC1_SERVERS.yml b/demo/ansible-101-may2022/group_vars/DC1_SERVERS.yml new file mode 100644 index 00000000..18b0b027 --- /dev/null +++ b/demo/ansible-101-may2022/group_vars/DC1_SERVERS.yml @@ -0,0 +1,23 @@ +--- +port_profiles: + TENANT_A: + mode: access + vlans: "10" + +servers: + host1: + rack: POD01 + adapters: + - type: nic + endpoint_ports: [eth1] + switch_ports: [Ethernet3] + switches: [leaf-101] + profile: TENANT_A + host2: + rack: POD02 + adapters: + - type: nic + endpoint_ports: [eth1] + switch_ports: [Ethernet3] + switches: [leaf-102] + profile: TENANT_A \ No newline at end of file diff --git a/demo/ansible-101-may2022/group_vars/DC1_TENANTS_NETWORKS.yml b/demo/ansible-101-may2022/group_vars/DC1_TENANTS_NETWORKS.yml new file mode 100644 index 00000000..0a540048 --- /dev/null +++ b/demo/ansible-101-may2022/group_vars/DC1_TENANTS_NETWORKS.yml @@ -0,0 +1,9 @@ +--- +tenants: + # Tenant A Specific Information - Pure L2 tenant + Tenant_A: + mac_vrf_vni_base: 10000 + l2vlans: + 10: + name: 'A-ELAN-10' + tags: [DC1] \ No newline at end of file diff --git a/demo/ansible-101-may2022/hosts.ini b/demo/ansible-101-may2022/hosts.ini new file mode 100644 index 00000000..5f972e85 --- /dev/null +++ b/demo/ansible-101-may2022/hosts.ini @@ -0,0 +1,23 @@ +[DC1] +spine-11 ansible_host=192.168.100.21 +leaf-101 ansible_host=192.168.100.11 +leaf-102 ansible_host=192.168.100.12 + +[spine] +spine-11 + +[leaf] +leaf-101 +leaf-102 + +[DC1:vars] +ansible_user = admin +ansible_network_os = arista.eos.eos +# Configure privilege escalation +ansible_become = true +ansible_become_method = enable +# HTTPAPI configuration +ansible_connection = httpapi +ansible_httpapi_port = 443 +ansible_httpapi_use_ssl = true +ansible_httpapi_validate_certs = false diff --git a/demo/ansible-101-may2022/hosts.yml b/demo/ansible-101-may2022/hosts.yml new file mode 100644 index 00000000..ced9432f --- /dev/null +++ b/demo/ansible-101-may2022/hosts.yml @@ -0,0 +1,38 @@ +--- +DC1: + children: + DC1_FABRIC: + children: + DC1_SPINES: + vars: + type: spine + hosts: + spine-11: + DC1_L3LEAFS: + vars: + type: l3leaf + children: + DC1_LEAF1: + hosts: + leaf-101: + DC1_LEAF2: + hosts: + leaf-102: + DC1_TENANTS_NETWORKS: + children: + DC1_L3LEAFS: + DC1_SERVERS: + children: + DC1_L3LEAFS: + vars: + ansible_user: admin + ansible_ssh_pass: admin + ansible_network_os: arista.eos.eos + # Configure privilege escalation + ansible_become: true + ansible_become_method: enable + # HTTPAPI configuration + ansible_connection: httpapi + ansible_httpapi_port: 443 + ansible_httpapi_use_ssl: true + ansible_httpapi_validate_certs: false diff --git a/demo/ansible-101-may2022/images/topo.png b/demo/ansible-101-may2022/images/topo.png new file mode 100644 index 00000000..5cf887c2 Binary files /dev/null and b/demo/ansible-101-may2022/images/topo.png differ diff --git a/demo/ansible-101-may2022/intended/configs/leaf-101.cfg b/demo/ansible-101-may2022/intended/configs/leaf-101.cfg new file mode 100644 index 00000000..b7d22e1a --- /dev/null +++ b/demo/ansible-101-may2022/intended/configs/leaf-101.cfg @@ -0,0 +1,115 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname leaf-101 +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +! +no enable password +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +! +vlan 10 + name A-ELAN-10 +! +vrf instance MGMT +! +interface Ethernet1 + description P2P_LINK_TO_SPINE-11_Ethernet1 + no shutdown + mtu 9000 + no switchport + ip address 172.31.255.201/31 +! +interface Ethernet3 + description host1_eth1 + no shutdown + switchport access vlan 10 + switchport mode access + switchport +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.0.102/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.50.102/32 +! +interface Management0 + description oob_management + no shutdown + vrf MGMT + ip address 192.168.100.11/24 +! +interface Vxlan1 + description leaf-101_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10 vni 10010 +! +ip virtual-router mac-address 00:1c:73:00:dc:01 +! +ip routing +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.0.0/24 eq 32 + seq 20 permit 192.168.50.0/24 eq 32 +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.0.102 + maximum-paths 4 ecmp 4 + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.31.255.200 peer group IPv4-UNDERLAY-PEERS + neighbor 172.31.255.200 remote-as 65099 + neighbor 172.31.255.200 description spine-11_Ethernet1 + neighbor 192.168.0.11 peer group EVPN-OVERLAY-PEERS + neighbor 192.168.0.11 remote-as 65099 + neighbor 192.168.0.11 description spine-11 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd 192.168.0.102:10010 + route-target both 10010:10010 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/demo/ansible-101-may2022/intended/configs/leaf-102.cfg b/demo/ansible-101-may2022/intended/configs/leaf-102.cfg new file mode 100644 index 00000000..5990250f --- /dev/null +++ b/demo/ansible-101-may2022/intended/configs/leaf-102.cfg @@ -0,0 +1,115 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname leaf-102 +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +! +no enable password +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +! +vlan 10 + name A-ELAN-10 +! +vrf instance MGMT +! +interface Ethernet1 + description P2P_LINK_TO_SPINE-11_Ethernet2 + no shutdown + mtu 9000 + no switchport + ip address 172.31.255.203/31 +! +interface Ethernet3 + description host2_eth1 + no shutdown + switchport access vlan 10 + switchport mode access + switchport +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.0.103/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.50.103/32 +! +interface Management0 + description oob_management + no shutdown + vrf MGMT + ip address 192.168.100.12/24 +! +interface Vxlan1 + description leaf-102_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10 vni 10010 +! +ip virtual-router mac-address 00:1c:73:00:dc:01 +! +ip routing +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.0.0/24 eq 32 + seq 20 permit 192.168.50.0/24 eq 32 +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65001 + router-id 192.168.0.103 + maximum-paths 4 ecmp 4 + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.31.255.202 peer group IPv4-UNDERLAY-PEERS + neighbor 172.31.255.202 remote-as 65099 + neighbor 172.31.255.202 description spine-11_Ethernet2 + neighbor 192.168.0.11 peer group EVPN-OVERLAY-PEERS + neighbor 192.168.0.11 remote-as 65099 + neighbor 192.168.0.11 description spine-11 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd 192.168.0.103:10010 + route-target both 10010:10010 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/demo/ansible-101-may2022/intended/configs/spine-11.cfg b/demo/ansible-101-may2022/intended/configs/spine-11.cfg new file mode 100644 index 00000000..ffff747e --- /dev/null +++ b/demo/ansible-101-may2022/intended/configs/spine-11.cfg @@ -0,0 +1,106 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname spine-11 +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +no enable password +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +! +vrf instance MGMT +! +interface Ethernet1 + description P2P_LINK_TO_LEAF-101_Ethernet1 + no shutdown + mtu 9000 + no switchport + ip address 172.31.255.200/31 +! +interface Ethernet2 + description P2P_LINK_TO_LEAF-102_Ethernet1 + no shutdown + mtu 9000 + no switchport + ip address 172.31.255.202/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.0.11/32 +! +interface Management0 + description oob_management + no shutdown + vrf MGMT + ip address 192.168.100.21/24 +! +ip routing +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.0.0/24 eq 32 +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65099 + router-id 192.168.0.11 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 ecmp 4 + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS next-hop-unchanged + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.31.255.201 peer group IPv4-UNDERLAY-PEERS + neighbor 172.31.255.201 remote-as 65000 + neighbor 172.31.255.201 description leaf-101_Ethernet1 + neighbor 172.31.255.203 peer group IPv4-UNDERLAY-PEERS + neighbor 172.31.255.203 remote-as 65001 + neighbor 172.31.255.203 description leaf-102_Ethernet1 + neighbor 192.168.0.102 peer group EVPN-OVERLAY-PEERS + neighbor 192.168.0.102 remote-as 65000 + neighbor 192.168.0.102 description leaf-101 + neighbor 192.168.0.103 peer group EVPN-OVERLAY-PEERS + neighbor 192.168.0.103 remote-as 65001 + neighbor 192.168.0.103 description leaf-102 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/demo/ansible-101-may2022/intended/structured_configs/leaf-101.yml b/demo/ansible-101-may2022/intended/structured_configs/leaf-101.yml new file mode 100644 index 00000000..2d07c4b7 --- /dev/null +++ b/demo/ansible-101-may2022/intended/structured_configs/leaf-101.yml @@ -0,0 +1,148 @@ +router_bgp: + as: '65000' + router_id: 192.168.0.102 + bgp_defaults: + - maximum-paths 4 ecmp 4 + peer_groups: + IPv4-UNDERLAY-PEERS: + type: ipv4 + maximum_routes: 12000 + send_community: all + EVPN-OVERLAY-PEERS: + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: '3' + send_community: all + maximum_routes: 0 + address_family_ipv4: + peer_groups: + IPv4-UNDERLAY-PEERS: + activate: true + EVPN-OVERLAY-PEERS: + activate: false + redistribute_routes: + connected: + route_map: RM-CONN-2-BGP + neighbors: + 172.31.255.200: + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65099' + description: spine-11_Ethernet1 + 192.168.0.11: + peer_group: EVPN-OVERLAY-PEERS + description: spine-11 + remote_as: '65099' + address_family_evpn: + peer_groups: + EVPN-OVERLAY-PEERS: + activate: true + vlans: + 10: + tenant: Tenant_A + rd: 192.168.0.102:10010 + route_targets: + both: + - 10010:10010 + redistribute_routes: + - learned +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.100.1 +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +name_server: + source: + vrf: MGMT + nodes: + - 1.1.1.1 + - 8.8.8.8 +local_users: + admin: + privilege: 15 + role: network-admin + sha512_password: $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +vrfs: + MGMT: + ip_routing: false +management_interfaces: + Management0: + description: oob_management + shutdown: false + vrf: MGMT + ip_address: 192.168.100.11/24 + gateway: 192.168.100.1 + type: oob +management_api_http: + enable_vrfs: + MGMT: {} + enable_https: true +ethernet_interfaces: + Ethernet1: + peer: spine-11 + peer_interface: Ethernet1 + peer_type: spine + description: P2P_LINK_TO_SPINE-11_Ethernet1 + mtu: 9000 + type: routed + shutdown: false + ip_address: 172.31.255.201/31 + Ethernet3: + peer: host1 + peer_interface: eth1 + peer_type: server + description: host1_eth1 + type: switched + shutdown: false + mode: access + vlans: 10 +loopback_interfaces: + Loopback0: + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.0.102/32 + Loopback1: + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.50.102/32 +prefix_lists: + PL-LOOPBACKS-EVPN-OVERLAY: + sequence_numbers: + 10: + action: permit 192.168.0.0/24 eq 32 + 20: + action: permit 192.168.50.0/24 eq 32 +route_maps: + RM-CONN-2-BGP: + sequence_numbers: + 10: + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: + 10: + tenant: Tenant_A + name: A-ELAN-10 +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +vxlan_interface: + Vxlan1: + description: leaf-101_VTEP + vxlan: + source_interface: Loopback1 + udp_port: 4789 + vlans: + 10: + vni: 10010 diff --git a/demo/ansible-101-may2022/intended/structured_configs/leaf-102.yml b/demo/ansible-101-may2022/intended/structured_configs/leaf-102.yml new file mode 100644 index 00000000..c8159d24 --- /dev/null +++ b/demo/ansible-101-may2022/intended/structured_configs/leaf-102.yml @@ -0,0 +1,148 @@ +router_bgp: + as: '65001' + router_id: 192.168.0.103 + bgp_defaults: + - maximum-paths 4 ecmp 4 + peer_groups: + IPv4-UNDERLAY-PEERS: + type: ipv4 + maximum_routes: 12000 + send_community: all + EVPN-OVERLAY-PEERS: + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: '3' + send_community: all + maximum_routes: 0 + address_family_ipv4: + peer_groups: + IPv4-UNDERLAY-PEERS: + activate: true + EVPN-OVERLAY-PEERS: + activate: false + redistribute_routes: + connected: + route_map: RM-CONN-2-BGP + neighbors: + 172.31.255.202: + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65099' + description: spine-11_Ethernet2 + 192.168.0.11: + peer_group: EVPN-OVERLAY-PEERS + description: spine-11 + remote_as: '65099' + address_family_evpn: + peer_groups: + EVPN-OVERLAY-PEERS: + activate: true + vlans: + 10: + tenant: Tenant_A + rd: 192.168.0.103:10010 + route_targets: + both: + - 10010:10010 + redistribute_routes: + - learned +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.100.1 +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +name_server: + source: + vrf: MGMT + nodes: + - 1.1.1.1 + - 8.8.8.8 +local_users: + admin: + privilege: 15 + role: network-admin + sha512_password: $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +vrfs: + MGMT: + ip_routing: false +management_interfaces: + Management0: + description: oob_management + shutdown: false + vrf: MGMT + ip_address: 192.168.100.12/24 + gateway: 192.168.100.1 + type: oob +management_api_http: + enable_vrfs: + MGMT: {} + enable_https: true +ethernet_interfaces: + Ethernet1: + peer: spine-11 + peer_interface: Ethernet2 + peer_type: spine + description: P2P_LINK_TO_SPINE-11_Ethernet2 + mtu: 9000 + type: routed + shutdown: false + ip_address: 172.31.255.203/31 + Ethernet3: + peer: host2 + peer_interface: eth1 + peer_type: server + description: host2_eth1 + type: switched + shutdown: false + mode: access + vlans: 10 +loopback_interfaces: + Loopback0: + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.0.103/32 + Loopback1: + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.50.103/32 +prefix_lists: + PL-LOOPBACKS-EVPN-OVERLAY: + sequence_numbers: + 10: + action: permit 192.168.0.0/24 eq 32 + 20: + action: permit 192.168.50.0/24 eq 32 +route_maps: + RM-CONN-2-BGP: + sequence_numbers: + 10: + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: + 10: + tenant: Tenant_A + name: A-ELAN-10 +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +vxlan_interface: + Vxlan1: + description: leaf-102_VTEP + vxlan: + source_interface: Loopback1 + udp_port: 4789 + vlans: + 10: + vni: 10010 diff --git a/demo/ansible-101-may2022/intended/structured_configs/spine-11.yml b/demo/ansible-101-may2022/intended/structured_configs/spine-11.yml new file mode 100644 index 00000000..ca6f1e78 --- /dev/null +++ b/demo/ansible-101-may2022/intended/structured_configs/spine-11.yml @@ -0,0 +1,132 @@ +router_bgp: + as: '65099' + router_id: 192.168.0.11 + bgp_defaults: + - no bgp default ipv4-unicast + - distance bgp 20 200 200 + - graceful-restart restart-time 300 + - graceful-restart + - maximum-paths 4 ecmp 4 + peer_groups: + IPv4-UNDERLAY-PEERS: + type: ipv4 + maximum_routes: 12000 + send_community: all + EVPN-OVERLAY-PEERS: + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: '3' + send_community: all + maximum_routes: 0 + next_hop_unchanged: true + address_family_ipv4: + peer_groups: + IPv4-UNDERLAY-PEERS: + activate: true + EVPN-OVERLAY-PEERS: + activate: false + redistribute_routes: + connected: + route_map: RM-CONN-2-BGP + neighbors: + 172.31.255.201: + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: leaf-101_Ethernet1 + 172.31.255.203: + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + description: leaf-102_Ethernet1 + 192.168.0.102: + peer_group: EVPN-OVERLAY-PEERS + description: leaf-101 + remote_as: '65000' + 192.168.0.103: + peer_group: EVPN-OVERLAY-PEERS + description: leaf-102 + remote_as: '65001' + address_family_evpn: + peer_groups: + EVPN-OVERLAY-PEERS: + activate: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.100.1 +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +name_server: + source: + vrf: MGMT + nodes: + - 1.1.1.1 + - 8.8.8.8 +spanning_tree: + mode: none +local_users: + admin: + privilege: 15 + role: network-admin + sha512_password: $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +vrfs: + MGMT: + ip_routing: false +management_interfaces: + Management0: + description: oob_management + shutdown: false + vrf: MGMT + ip_address: 192.168.100.21/24 + gateway: 192.168.100.1 + type: oob +management_api_http: + enable_vrfs: + MGMT: {} + enable_https: true +ethernet_interfaces: + Ethernet1: + peer: leaf-101 + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_LEAF-101_Ethernet1 + mtu: 9000 + type: routed + shutdown: false + ip_address: 172.31.255.200/31 + Ethernet2: + peer: leaf-102 + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_LEAF-102_Ethernet1 + mtu: 9000 + type: routed + shutdown: false + ip_address: 172.31.255.202/31 +loopback_interfaces: + Loopback0: + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.0.11/32 +prefix_lists: + PL-LOOPBACKS-EVPN-OVERLAY: + sequence_numbers: + 10: + action: permit 192.168.0.0/24 eq 32 +route_maps: + RM-CONN-2-BGP: + sequence_numbers: + 10: + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 diff --git a/demo/ansible-101-may2022/playbooks/0_hello_world.yml b/demo/ansible-101-may2022/playbooks/0_hello_world.yml new file mode 100644 index 00000000..e2169184 --- /dev/null +++ b/demo/ansible-101-may2022/playbooks/0_hello_world.yml @@ -0,0 +1,28 @@ +--- +- name: This is a hello world example + hosts: DC1 + gather_facts: false + tasks: + + # Alternate from command line "ansible DC1 -m ping" + - name: Check connectivity on DC1 + ansible.builtin.ping: + register: ping_response + + - name: View response + ansible.builtin.debug: + msg: "{{ ping_response }}" + +- name: This is a hello world example 2 + hosts: leaf-101 + gather_facts: false + tasks: + + # Alternate from command line "ansible leaf-101 -m ping" + - name: Check connectivity on leaf-101 + ansible.builtin.ping: + register: ping_response + + - name: View response + ansible.builtin.debug: + msg: "{{ ping_response }}" diff --git a/demo/ansible-101-may2022/playbooks/1_command.yml b/demo/ansible-101-may2022/playbooks/1_command.yml new file mode 100644 index 00000000..03c504a7 --- /dev/null +++ b/demo/ansible-101-may2022/playbooks/1_command.yml @@ -0,0 +1,23 @@ +--- +- name: Send command + hosts: leaf-101 + gather_facts: false + tasks: + + # Alternate from the command line ansible leaf-101 -m arista.eos.eos_command -a "commands='show version | include image'" + - name: Get version + arista.eos.eos_command: + commands: show version | include image + register: switch_version + + - name: View version + ansible.builtin.debug: + msg: "{{ switch_version }}" + + - name: View version filtered dot + ansible.builtin.debug: + msg: "{{ switch_version.stdout.0 }}" + + - name: View version filtered bracket + ansible.builtin.debug: + msg: "{{ switch_version['stdout'][0] }}" diff --git a/demo/ansible-101-may2022/playbooks/2_facts.yml b/demo/ansible-101-may2022/playbooks/2_facts.yml new file mode 100644 index 00000000..cabaf268 --- /dev/null +++ b/demo/ansible-101-may2022/playbooks/2_facts.yml @@ -0,0 +1,23 @@ +--- +- name: Gather all the things + hosts: DC1 + gather_facts: true + tasks: + + - name: View version + ansible.builtin.debug: + msg: "{{ ansible_net_version }}" + register: version_check + failed_when: ansible_net_version != "4.28.0F-26924507.4280F (engineering build)" + + - name: Create version documentation + ansible.builtin.template: + src: ../templates/software.j2 + dest: ../documentation/software/software.md + mode: "u=rw" + delegate_to: localhost + run_once: true + + # - name: All facts + # debug: + # msg: "{{ ansible_facts }}" diff --git a/demo/ansible-101-may2022/playbooks/3_backup.yml b/demo/ansible-101-may2022/playbooks/3_backup.yml new file mode 100644 index 00000000..5e017d88 --- /dev/null +++ b/demo/ansible-101-may2022/playbooks/3_backup.yml @@ -0,0 +1,13 @@ +--- +- name: Device backup + hosts: DC1 + gather_facts: false + tasks: + + - name: Save configuration for EOS devices + arista.eos.eos_config: + backup: true + backup_options: + filename: "{{ inventory_hostname }}.cfg" + dir_path: ./backups + when: ansible_network_os == "arista.eos.eos" diff --git a/demo/ansible-101-may2022/playbooks/4_banner.yml b/demo/ansible-101-may2022/playbooks/4_banner.yml new file mode 100644 index 00000000..51fa243e --- /dev/null +++ b/demo/ansible-101-may2022/playbooks/4_banner.yml @@ -0,0 +1,20 @@ +--- +- name: Banner Playbook + hosts: DC1 + gather_facts: false + tasks: + + - name: Configure login and motd banners + arista.eos.eos_banner: + banner: "{{ item }}" + text: | + {% if item == "login" %} + Logging into {{ inventory_hostname }} + Unauthorized access to this device is prohibited + {% else %} + Welcome to {{ inventory_hostname }} + {% endif %} + state: present + loop: + - login + - motd diff --git a/demo/ansible-101-may2022/playbooks/5_deploy.yml b/demo/ansible-101-may2022/playbooks/5_deploy.yml new file mode 100644 index 00000000..035f1a2f --- /dev/null +++ b/demo/ansible-101-may2022/playbooks/5_deploy.yml @@ -0,0 +1,11 @@ +--- +- name: Deploy Configuration + hosts: DC1 + gather_facts: false + + tasks: + - name: Deploy configuration + arista.eos.eos_config: + src: ../intended/configs/{{ inventory_hostname }}.cfg + replace: config + save_when: changed diff --git a/demo/ansible-101-may2022/playbooks/6_validate.yml b/demo/ansible-101-may2022/playbooks/6_validate.yml new file mode 100644 index 00000000..d5b8b0cc --- /dev/null +++ b/demo/ansible-101-may2022/playbooks/6_validate.yml @@ -0,0 +1,21 @@ +--- +- name: Simple BGP check + hosts: DC1 + gather_facts: false + tasks: + + - name: Get BGP + arista.eos.eos_command: + commands: show ip bgp summary | json + register: bgp_check + + - name: Set fact for output + ansible.builtin.set_fact: + bgp_status: "{{ bgp_check.stdout.0.vrfs.default.peers }}" + + # Lookup plugin to return lists of key/value + - name: Check BGP neighbor status + ansible.builtin.debug: + msg: "Neighbor {{ item.key }} is in state: {{ item.value.peerState }}" + with_dict: "{{ bgp_status }}" + failed_when: "item.value.peerState != 'Established'" diff --git a/demo/ansible-101-may2022/pyn.yml b/demo/ansible-101-may2022/pyn.yml new file mode 100644 index 00000000..33f9d32e --- /dev/null +++ b/demo/ansible-101-may2022/pyn.yml @@ -0,0 +1,49 @@ +name: demo +prefix: "" + +mgmt: + network: statics + ipv4_subnet: 192.168.100.0/24 + +topology: + kinds: + ceos: + image: ceos:4.28.0F + linux: + image: wbitt/network-multitool:alpine-extra + + nodes: + leaf-101: + kind: ceos + mgmt_ipv4: 192.168.100.11 + group: 2 + startup-config: startup/leaf-101.cfg + leaf-102: + kind: ceos + image: ceos:4.27.4M + mgmt_ipv4: 192.168.100.12 + group: 2 + startup-config: startup/leaf-102.cfg + spine-11: + kind: ceos + mgmt_ipv4: 192.168.100.21 + group: 3 + startup-config: startup/spine-11.cfg + host1: + kind: linux + mgmt_ipv4: 192.168.100.31 + group: 1 + exec: + - ip a add 192.168.10.101/24 dev eth1 + host2: + kind: linux + mgmt_ipv4: 192.168.100.32 + group: 1 + exec: + - ip a add 192.168.10.102/24 dev eth1 + + links: + - endpoints: ["leaf-101:eth1", "spine-11:eth1"] + - endpoints: ["leaf-102:eth1", "spine-11:eth2"] + - endpoints: ["leaf-101:eth3", "host1:eth1"] + - endpoints: ["leaf-102:eth3", "host2:eth1"] \ No newline at end of file diff --git a/demo/ansible-101-may2022/requirements.txt b/demo/ansible-101-may2022/requirements.txt new file mode 100644 index 00000000..50ce9477 --- /dev/null +++ b/demo/ansible-101-may2022/requirements.txt @@ -0,0 +1,10 @@ +ansible-core>=2.11.3,<2.13.0 +netaddr>=0.7.19 +Jinja2>=2.11.3 +treelib>=1.5.5 +cvprac>=1.0.7 +paramiko>=2.7.1 +jsonschema>=3.2.0 +requests>=2.25.1 +PyYAML>=5.4.1 +md-toc>=7.1.0 \ No newline at end of file diff --git a/demo/ansible-101-may2022/run.sh b/demo/ansible-101-may2022/run.sh new file mode 100755 index 00000000..5eefd65e --- /dev/null +++ b/demo/ansible-101-may2022/run.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +Help() +{ + # Display Help + echo "Specify playbook number to run." + echo "Example: ./run.sh -n " + echo + echo "options:" + echo "0 runs ansible-playbook playbooks/0_hello_world.yml" + echo "1 runs ansible-playbook playbooks/1_command.yml" + echo "2 runs ansible-playbook playbooks/2_facts.yml" + echo "3 runs ansible-playbook playbooks/3_backup.yml" + echo "4 runs ansible-playbook playbooks/4_banner.yml" + echo "5 runs ansible-playbook playbooks/5_deploy.yml" + echo "6 runs ansible-playbook playbooks/6_validate.yml" + echo +} + +while getopts ":hn:" option; do + case $option in + h) # display Help + Help + exit;; + n) # Enter a number + Number=$OPTARG + if [ $Number == 0 ]; + then + echo "ansible-playbook playbooks/0_hello_world.yml" + ansible-playbook playbooks/0_hello_world.yml + elif [ $Number == 1 ]; + then + echo "ansible-playbook playbooks/1_command.yml" + ansible-playbook playbooks/1_command.yml + elif [ $Number == 2 ]; + then + echo "ansible-playbook playbooks/2_facts.yml" + ansible-playbook playbooks/2_facts.yml + elif [ $Number == 3 ]; + then + echo "ansible-playbook playbooks/3_backup.yml" + ansible-playbook playbooks/3_backup.yml + elif [ $Number == 4 ]; + then + echo "ansible-playbook playbooks/4_banner.yml" + ansible-playbook playbooks/4_banner.yml + elif [ $Number == 5 ]; + then + echo "ansible-playbook playbooks/5_deploy.yml" + ansible-playbook playbooks/5_deploy.yml + elif [ $Number == 6 ]; + then + echo "ansible-playbook playbooks/6_validate.yml" + ansible-playbook playbooks/6_validate.yml + else + echo "Sorry, no matching playbook found" + echo "'./run.sh -h' for help" + fi;; + \?) # Invalid option + echo "Error: Invalid option" + exit;; + esac +done diff --git a/demo/ansible-101-may2022/slides/Ansible-101.pdf b/demo/ansible-101-may2022/slides/Ansible-101.pdf new file mode 100644 index 00000000..a4434995 Binary files /dev/null and b/demo/ansible-101-may2022/slides/Ansible-101.pdf differ diff --git a/demo/ansible-101-may2022/startup/leaf-101.cfg b/demo/ansible-101-may2022/startup/leaf-101.cfg new file mode 100644 index 00000000..b9756d92 --- /dev/null +++ b/demo/ansible-101-may2022/startup/leaf-101.cfg @@ -0,0 +1,51 @@ +! Command: show running-config +! device: leaf-101 (cEOSLab, EOS-4.28.0F-26924507.4280F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname leaf-101 +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +management api gnmi + transport grpc default +! +management api netconf + transport ssh default +! +interface Ethernet1 + mtu 9000 + no switchport + ip address 172.31.255.201/31 +! +interface Ethernet3 +! +interface Management0 + description oob_management + vrf MGMT + ip address 192.168.100.11/24 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +! +end \ No newline at end of file diff --git a/demo/ansible-101-may2022/startup/leaf-102.cfg b/demo/ansible-101-may2022/startup/leaf-102.cfg new file mode 100644 index 00000000..5dd3ad79 --- /dev/null +++ b/demo/ansible-101-may2022/startup/leaf-102.cfg @@ -0,0 +1,51 @@ +! Command: show running-config +! device: leaf-102 (cEOSLab, EOS-4.28.0F-26924507.4280F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname leaf-102 +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +management api gnmi + transport grpc default +! +management api netconf + transport ssh default +! +interface Ethernet1 + mtu 9000 + no switchport + ip address 172.31.255.203/31 +! +interface Ethernet3 +! +interface Management0 + description oob_management + vrf MGMT + ip address 192.168.100.12/24 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +! +end \ No newline at end of file diff --git a/demo/ansible-101-may2022/startup/spine-11.cfg b/demo/ansible-101-may2022/startup/spine-11.cfg new file mode 100644 index 00000000..4c829cf8 --- /dev/null +++ b/demo/ansible-101-may2022/startup/spine-11.cfg @@ -0,0 +1,58 @@ +! Command: show running-config +! device: spine-11 (cEOSLab, EOS-4.28.0F-26924507.4280F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$ICfMofvulgyrSy.I$YNucN.yK.YDdxz4dtGR2o88CxtrhQM11W5O7SkzUlQoW8PqAKZCurrK1nQ2O8j0cEPQ.aS1oMOPuPHCt2LW5r/ +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname spine-11 +ip name-server vrf MGMT 1.1.1.1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +management api gnmi + transport grpc default +! +management api netconf + transport ssh default +! +interface Ethernet1 + mtu 9000 + no switchport + ip address 172.31.255.200/31 +! +interface Ethernet2 + mtu 9000 + no switchport + ip address 172.31.255.202/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + ip address 192.168.0.11/32 +! +interface Management0 + description oob_management + vrf MGMT + ip address 192.168.100.21/24 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 192.168.100.1 +! +end \ No newline at end of file diff --git a/demo/ansible-101-may2022/templates/software.j2 b/demo/ansible-101-may2022/templates/software.j2 new file mode 100644 index 00000000..bf9c9430 --- /dev/null +++ b/demo/ansible-101-may2022/templates/software.j2 @@ -0,0 +1,12 @@ +# DC1 Software Compliance Report + +{% for h in groups['all'] %} +## {{ h }} + +- Version: {{ hostvars[h].version_check.msg }} +{% if hostvars[h].version_check.failed %} +- In Compliance: NO +{% else %} +- In Compliance: YES +{% endif %} +{% endfor %}