Skip to content

Commit

Permalink
Refactor(eos_cli_config_gen):Add support for ingress in system.contro…
Browse files Browse the repository at this point in the history
…l_plane.ipv4/6_access_group
  • Loading branch information
Vibhu-gslab committed Sep 19, 2024
1 parent cbf8ea3 commit b6f6e0f
Show file tree
Hide file tree
Showing 9 changed files with 87 additions and 26 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -48,16 +48,21 @@ interface Management1

#### Control-Plane Access-Groups

| Protocol | VRF | Access-list |
| -------- | --- | ------------|
| IPv4 | default | acl4_1 |
| IPv4 | red | acl4_2 |
| IPv4 | red_1 | acl4_2 |
| IPv4 | default | acl4_3 |
| IPv6 | default | acl6_1 |
| IPv6 | blue | acl6_2 |
| IPv6 | blue_1 | acl6_2 |
| IPv6 | default | acl6_3 |
| Protocol | VRF | Access-list | Ingress-default |
| -------- | --- | ------------| --------------- |
| IPv4 | default | acl4_1 | - |
| IPv4 | red | acl4_2 | - |
| IPv4 | red_1 | acl4_2 | - |
| IPv4 | default | acl4_3 | - |
| IPv4 | red_2 | acl4_4 | True |
| IPv4 | red_3 | acl4_5 | False |
| IPv4 | red_4 | ingress | - |
| IPv6 | default | acl6_1 | - |
| IPv6 | blue | acl6_2 | - |
| IPv6 | blue_1 | acl6_2 | - |
| IPv6 | default | acl6_3 | - |
| IPv6 | default | acl6_4 | True |
| IPv6 | blue_2 | ingress | - |

#### System Control-Plane Device Configuration

Expand All @@ -69,10 +74,15 @@ system control-plane
ip access-group acl4_2 vrf red in
ip access-group acl4_2 vrf red_1 in
ip access-group acl4_3 vrf default in
ip access-group ingress default acl4_4
ip access-group acl4_5 vrf red_3 in
ip access-group ingress vrf red_4 in
ipv6 access-group acl6_1 in
ipv6 access-group acl6_2 vrf blue in
ipv6 access-group acl6_2 vrf blue_1 in
ipv6 access-group acl6_3 vrf default in
ipv6 access-group ingress default acl6_4
ipv6 access-group ingress vrf blue_2 in
```

## System L1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@ system control-plane
ip access-group acl4_2 vrf red in
ip access-group acl4_2 vrf red_1 in
ip access-group acl4_3 vrf default in
ip access-group ingress default acl4_4
ip access-group acl4_5 vrf red_3 in
ip access-group ingress vrf red_4 in
ipv6 access-group acl6_1 in
ipv6 access-group acl6_2 vrf blue in
ipv6 access-group acl6_2 vrf blue_1 in
ipv6 access-group acl6_3 vrf default in
ipv6 access-group ingress default acl6_4
ipv6 access-group ingress vrf blue_2 in
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@ system:
vrf: red_1
- acl_name: "acl4_3"
vrf: default
- acl_name: "acl4_4"
vrf: red_2
ingress_default: true
- acl_name: "acl4_5"
vrf: red_3
ingress_default: false
- acl_name: "ingress"
vrf: red_4
ipv6_access_groups:
- acl_name: "acl6_1"
- acl_name: "acl6_2"
Expand All @@ -19,6 +27,10 @@ system:
vrf: blue_1
- acl_name: "acl6_3"
vrf: default
- acl_name: "acl6_4"
ingress_default: true
- acl_name: "ingress"
vrf: blue_2
l1:
unsupported_speed_action: warn
unsupported_error_correction_action: error

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,15 @@

#### Control-Plane Access-Groups

| Protocol | VRF | Access-list |
| -------- | --- | ------------|
| Protocol | VRF | Access-list | Ingress-default |
| -------- | --- | ------------| --------------- |
{# IPv4 Access-groups #}
{% for acl_set in system.control_plane.ipv4_access_groups | arista.avd.natural_sort %}
| IPv4 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} |
| IPv4 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} | {{ acl_set.ingress_default | arista.avd.default('-') }} |
{% endfor %}
{# IPv6 Access-groups #}
{% for acl_set in system.control_plane.ipv6_access_groups | arista.avd.natural_sort %}
| IPv6 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} |
| IPv6 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} | {{ acl_set.ingress_default | arista.avd.default('-') }} |
{% endfor %}
{% endif %}

Expand Down
24 changes: 16 additions & 8 deletions python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/system.j2
Original file line number Diff line number Diff line change
Expand Up @@ -20,20 +20,28 @@ system control-plane
{% endif %}
{# control_plane access_groups ipv4 #}
{% for acl_set in system.control_plane.ipv4_access_groups | arista.avd.natural_sort %}
{% set cp_ipv4_access_grp = "ip access-group " ~ acl_set.acl_name %}
{% if acl_set.vrf is arista.avd.defined %}
{% set cp_ipv4_access_grp = cp_ipv4_access_grp ~ " vrf " ~ acl_set.vrf %}
{% if acl_set.ingress_default is arista.avd.defined(true) %}
{% set cp_ipv4_access_grp = "ip access-group ingress default " ~ acl_set.acl_name %}
{% else %}
{% set cp_ipv4_access_grp = "ip access-group " ~ acl_set.acl_name %}
{% if acl_set.vrf is arista.avd.defined %}
{% set cp_ipv4_access_grp = cp_ipv4_access_grp ~ " vrf " ~ acl_set.vrf %}
{% endif %}
{% set cp_ipv4_access_grp = cp_ipv4_access_grp ~ " in" %}
{% endif %}
{% set cp_ipv4_access_grp = cp_ipv4_access_grp ~ " in" %}
{{ cp_ipv4_access_grp }}
{% endfor %}
{# control_plane access_groups ipv6 #}
{% for acl_set in system.control_plane.ipv6_access_groups | arista.avd.natural_sort %}
{% set cp_ipv6_access_grp = "ipv6 access-group " ~ acl_set.acl_name %}
{% if acl_set.vrf is arista.avd.defined %}
{% set cp_ipv6_access_grp = cp_ipv6_access_grp ~ " vrf " ~ acl_set.vrf %}
{% if acl_set.ingress_default is arista.avd.defined(true) %}
{% set cp_ipv6_access_grp = "ipv6 access-group ingress default " ~ acl_set.acl_name %}
{% else %}
{% set cp_ipv6_access_grp = "ipv6 access-group " ~ acl_set.acl_name %}
{% if acl_set.vrf is arista.avd.defined %}
{% set cp_ipv6_access_grp = cp_ipv6_access_grp ~ " vrf " ~ acl_set.vrf %}
{% endif %}
{% set cp_ipv6_access_grp = cp_ipv6_access_grp ~ " in" %}
{% endif %}
{% set cp_ipv6_access_grp = cp_ipv6_access_grp ~ " in" %}
{{ cp_ipv6_access_grp }}
{% endfor %}
{% endif %}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ keys:
type: str
convert_types:
- int
description: "'vrf' and 'ingress_default' are mutual exclusive."
ingress_default:
type: bool
description: "'vrf' and 'ingress_default' are mutual exclusive."
ipv6_access_groups:
type: list
unique_keys:
Expand All @@ -50,6 +54,10 @@ keys:
type: str
convert_types:
- int
description: "'vrf' and 'ingress_default' are mutual exclusive."
ingress_default:
type: bool
description: "'vrf' and 'ingress_default' are mutual exclusive."
l1:
type: dict
keys:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -310,8 +310,6 @@ def _get_port_channel_member_cfg(self: AvdStructuredConfigCoreInterfacesAndL3Edg
Return partial structured_config for one p2p_link.
Covers config for ethernet interfaces that are port-channel members.
TODO: Change description for members to be the physical peer interface instead of port-channel
"""
peer = p2p_link["data"]["peer"]
peer_interface = member["peer_interface"]
Expand Down

0 comments on commit b6f6e0f

Please sign in to comment.