From f3cc2d263c2a07d38d73ba458a6195aa408ef760 Mon Sep 17 00:00:00 2001 From: "Amit M. Shenoy" Date: Thu, 21 Nov 2024 07:48:00 -0800 Subject: [PATCH] Feat(eos_designs): Add revised schema to support L3 Port-Channel interfaces --- ...ode-type-l3-port-channels-configuration.md | 797 ++++++++++++++++++ .../schema/eos_designs.schema.yml | 238 ++++++ .../defs_node_type.schema.yml | 8 + ...defs_node_type_l3_port_channels.schema.yml | 227 +++++ 4 files changed, 1270 insertions(+) create mode 100644 ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md create mode 100644 python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md new file mode 100644 index 00000000000..00496f9888a --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md @@ -0,0 +1,797 @@ + +=== "Table" + + | Variable | Type | Required | Default | Value Restrictions | Description | + | -------- | ---- | -------- | ------- | ------------------ | ----------- | + | [<node_type_keys.key>](## "") | Dictionary | | | | | + | [  defaults](## ".defaults") | Dictionary | | | | Define variables for all nodes of this type. | + | [    l3_port_channels](## ".defaults.l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [      - name](## ".defaults.l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | + | [        description](## ".defaults.l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | + | [        mode](## ".defaults.l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [        member_interfaces](## ".defaults.l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | + | [          - name](## ".defaults.l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | + | [            description](## ".defaults.l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | + | [            peer](## ".defaults.l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | + | [            peer_interface](## ".defaults.l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | + | [            speed](## ".defaults.l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [        ip_address](## ".defaults.l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | + | [        dhcp_ip](## ".defaults.l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | + | [        public_ip](## ".defaults.l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | + | [        encapsulation_dot1q_vlan](## ".defaults.l3_port_channels.[].encapsulation_dot1q_vlan") | Integer | | | Min: 1
Max: 4094 | For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. | + | [        dhcp_accept_default_route](## ".defaults.l3_port_channels.[].dhcp_accept_default_route") | Boolean | | `True` | | Accept a default route from DHCP if `ip_address` is set to `dhcp`. | + | [        enabled](## ".defaults.l3_port_channels.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | + | [        peer](## ".defaults.l3_port_channels.[].peer") | String | | | | The peer device name. Used for description and documentation. | + | [        peer_port_channel](## ".defaults.l3_port_channels.[].peer_port_channel") | String | | | | The peer device port-channel interface. Used for description and documentation. | + | [        peer_ip](## ".defaults.l3_port_channels.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [        bgp](## ".defaults.l3_port_channels.[].bgp") | Dictionary | | | | Enforce IPv4 BGP peering for the peer | + | [          peer_as](## ".defaults.l3_port_channels.[].bgp.peer_as") | String | Required | | | BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. | + | [          ipv4_prefix_list_in](## ".defaults.l3_port_channels.[].bgp.ipv4_prefix_list_in") | String | | | | Prefix List Name. Accept routes for only these prefixes from the peer.
Required for wan interfaces. | + | [          ipv4_prefix_list_out](## ".defaults.l3_port_channels.[].bgp.ipv4_prefix_list_out") | String | | | | Prefix List Name. Advertise routes for only these prefixes.
If not specified, nothing would be advertised. | + | [        ipv4_acl_in](## ".defaults.l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [        ipv4_acl_out](## ".defaults.l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | + | [        static_routes](## ".defaults.l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | + | [          - prefix](## ".defaults.l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [        qos_profile](## ".defaults.l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | + | [        wan_carrier](## ".defaults.l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | + | [        wan_circuit_id](## ".defaults.l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [        connected_to_pathfinder](## ".defaults.l3_port_channels.[].connected_to_pathfinder") | Boolean | | `True` | | For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. | + | [        cv_pathfinder_internet_exit](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit") | Dictionary | | | | PREVIEW: This key is in preview mode | + | [          policies](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | + | [            - name](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | + | [              tunnel_interface_numbers](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | + | [        raw_eos_cli](## ".defaults.l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | + | [        flow_tracking](## ".defaults.l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [          enabled](## ".defaults.l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | + | [          name](## ".defaults.l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | + | [        structured_config](## ".defaults.l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | + | [  node_groups](## ".node_groups") | List, items: Dictionary | | | | Define variables related to all nodes part of this group. | + | [    - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
| + | [      nodes](## ".node_groups.[].nodes") | List, items: Dictionary | | | | Define variables per node. | + | [        - name](## ".node_groups.[].nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | + | [          l3_port_channels](## ".node_groups.[].nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [            - name](## ".node_groups.[].nodes.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | + | [              description](## ".node_groups.[].nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | + | [              mode](## ".node_groups.[].nodes.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [              member_interfaces](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | + | [                - name](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | + | [                  description](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | + | [                  peer](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | + | [                  peer_interface](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | + | [                  speed](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [              ip_address](## ".node_groups.[].nodes.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | + | [              dhcp_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | + | [              public_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | + | [              encapsulation_dot1q_vlan](## ".node_groups.[].nodes.[].l3_port_channels.[].encapsulation_dot1q_vlan") | Integer | | | Min: 1
Max: 4094 | For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. | + | [              dhcp_accept_default_route](## ".node_groups.[].nodes.[].l3_port_channels.[].dhcp_accept_default_route") | Boolean | | `True` | | Accept a default route from DHCP if `ip_address` is set to `dhcp`. | + | [              enabled](## ".node_groups.[].nodes.[].l3_port_channels.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | + | [              peer](## ".node_groups.[].nodes.[].l3_port_channels.[].peer") | String | | | | The peer device name. Used for description and documentation. | + | [              peer_port_channel](## ".node_groups.[].nodes.[].l3_port_channels.[].peer_port_channel") | String | | | | The peer device port-channel interface. Used for description and documentation. | + | [              peer_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [              bgp](## ".node_groups.[].nodes.[].l3_port_channels.[].bgp") | Dictionary | | | | Enforce IPv4 BGP peering for the peer | + | [                peer_as](## ".node_groups.[].nodes.[].l3_port_channels.[].bgp.peer_as") | String | Required | | | BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. | + | [                ipv4_prefix_list_in](## ".node_groups.[].nodes.[].l3_port_channels.[].bgp.ipv4_prefix_list_in") | String | | | | Prefix List Name. Accept routes for only these prefixes from the peer.
Required for wan interfaces. | + | [                ipv4_prefix_list_out](## ".node_groups.[].nodes.[].l3_port_channels.[].bgp.ipv4_prefix_list_out") | String | | | | Prefix List Name. Advertise routes for only these prefixes.
If not specified, nothing would be advertised. | + | [              ipv4_acl_in](## ".node_groups.[].nodes.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [              ipv4_acl_out](## ".node_groups.[].nodes.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | + | [              static_routes](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | + | [                - prefix](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [              qos_profile](## ".node_groups.[].nodes.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | + | [              wan_carrier](## ".node_groups.[].nodes.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | + | [              wan_circuit_id](## ".node_groups.[].nodes.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [              connected_to_pathfinder](## ".node_groups.[].nodes.[].l3_port_channels.[].connected_to_pathfinder") | Boolean | | `True` | | For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. | + | [              cv_pathfinder_internet_exit](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit") | Dictionary | | | | PREVIEW: This key is in preview mode | + | [                policies](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | + | [                  - name](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | + | [                    tunnel_interface_numbers](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | + | [              raw_eos_cli](## ".node_groups.[].nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | + | [              flow_tracking](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [                enabled](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | + | [                name](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | + | [              structured_config](## ".node_groups.[].nodes.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | + | [      l3_port_channels](## ".node_groups.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [        - name](## ".node_groups.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | + | [          description](## ".node_groups.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | + | [          mode](## ".node_groups.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [          member_interfaces](## ".node_groups.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | + | [            - name](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | + | [              description](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | + | [              peer](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | + | [              peer_interface](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | + | [              speed](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [          ip_address](## ".node_groups.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | + | [          dhcp_ip](## ".node_groups.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | + | [          public_ip](## ".node_groups.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | + | [          encapsulation_dot1q_vlan](## ".node_groups.[].l3_port_channels.[].encapsulation_dot1q_vlan") | Integer | | | Min: 1
Max: 4094 | For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. | + | [          dhcp_accept_default_route](## ".node_groups.[].l3_port_channels.[].dhcp_accept_default_route") | Boolean | | `True` | | Accept a default route from DHCP if `ip_address` is set to `dhcp`. | + | [          enabled](## ".node_groups.[].l3_port_channels.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | + | [          peer](## ".node_groups.[].l3_port_channels.[].peer") | String | | | | The peer device name. Used for description and documentation. | + | [          peer_port_channel](## ".node_groups.[].l3_port_channels.[].peer_port_channel") | String | | | | The peer device port-channel interface. Used for description and documentation. | + | [          peer_ip](## ".node_groups.[].l3_port_channels.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [          bgp](## ".node_groups.[].l3_port_channels.[].bgp") | Dictionary | | | | Enforce IPv4 BGP peering for the peer | + | [            peer_as](## ".node_groups.[].l3_port_channels.[].bgp.peer_as") | String | Required | | | BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. | + | [            ipv4_prefix_list_in](## ".node_groups.[].l3_port_channels.[].bgp.ipv4_prefix_list_in") | String | | | | Prefix List Name. Accept routes for only these prefixes from the peer.
Required for wan interfaces. | + | [            ipv4_prefix_list_out](## ".node_groups.[].l3_port_channels.[].bgp.ipv4_prefix_list_out") | String | | | | Prefix List Name. Advertise routes for only these prefixes.
If not specified, nothing would be advertised. | + | [          ipv4_acl_in](## ".node_groups.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [          ipv4_acl_out](## ".node_groups.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | + | [          static_routes](## ".node_groups.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | + | [            - prefix](## ".node_groups.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [          qos_profile](## ".node_groups.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | + | [          wan_carrier](## ".node_groups.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | + | [          wan_circuit_id](## ".node_groups.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [          connected_to_pathfinder](## ".node_groups.[].l3_port_channels.[].connected_to_pathfinder") | Boolean | | `True` | | For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. | + | [          cv_pathfinder_internet_exit](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit") | Dictionary | | | | PREVIEW: This key is in preview mode | + | [            policies](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | + | [              - name](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | + | [                tunnel_interface_numbers](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | + | [          raw_eos_cli](## ".node_groups.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | + | [          flow_tracking](## ".node_groups.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [            enabled](## ".node_groups.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | + | [            name](## ".node_groups.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | + | [          structured_config](## ".node_groups.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | + | [  nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. | + | [    - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | + | [      l3_port_channels](## ".nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. | + | [        - name](## ".nodes.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. | + | [          description](## ".nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. | + | [          mode](## ".nodes.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on | Port-Channel mode.
Should not be set on Port-Channel subinterfaces. | + | [          member_interfaces](## ".nodes.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. | + | [            - name](## ".nodes.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. | + | [              description](## ".nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. | + | [              peer](## ".nodes.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. | + | [              peer_interface](## ".nodes.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | + | [              speed](## ".nodes.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | + | [          ip_address](## ".nodes.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. | + | [          dhcp_ip](## ".nodes.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. | + | [          public_ip](## ".nodes.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).

This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`

The determined Public IP is used by WAN routers when peering with this interface. | + | [          encapsulation_dot1q_vlan](## ".nodes.[].l3_port_channels.[].encapsulation_dot1q_vlan") | Integer | | | Min: 1
Max: 4094 | For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. | + | [          dhcp_accept_default_route](## ".nodes.[].l3_port_channels.[].dhcp_accept_default_route") | Boolean | | `True` | | Accept a default route from DHCP if `ip_address` is set to `dhcp`. | + | [          enabled](## ".nodes.[].l3_port_channels.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | + | [          peer](## ".nodes.[].l3_port_channels.[].peer") | String | | | | The peer device name. Used for description and documentation. | + | [          peer_port_channel](## ".nodes.[].l3_port_channels.[].peer_port_channel") | String | | | | The peer device port-channel interface. Used for description and documentation. | + | [          peer_ip](## ".nodes.[].l3_port_channels.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [          bgp](## ".nodes.[].l3_port_channels.[].bgp") | Dictionary | | | | Enforce IPv4 BGP peering for the peer | + | [            peer_as](## ".nodes.[].l3_port_channels.[].bgp.peer_as") | String | Required | | | BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. | + | [            ipv4_prefix_list_in](## ".nodes.[].l3_port_channels.[].bgp.ipv4_prefix_list_in") | String | | | | Prefix List Name. Accept routes for only these prefixes from the peer.
Required for wan interfaces. | + | [            ipv4_prefix_list_out](## ".nodes.[].l3_port_channels.[].bgp.ipv4_prefix_list_out") | String | | | | Prefix List Name. Advertise routes for only these prefixes.
If not specified, nothing would be advertised. | + | [          ipv4_acl_in](## ".nodes.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [          ipv4_acl_out](## ".nodes.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | + | [          static_routes](## ".nodes.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | + | [            - prefix](## ".nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | + | [          qos_profile](## ".nodes.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. | + | [          wan_carrier](## ".nodes.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. | + | [          wan_circuit_id](## ".nodes.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [          connected_to_pathfinder](## ".nodes.[].l3_port_channels.[].connected_to_pathfinder") | Boolean | | `True` | | For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. | + | [          cv_pathfinder_internet_exit](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit") | Dictionary | | | | PREVIEW: This key is in preview mode | + | [            policies](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. | + | [              - name](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. | + | [                tunnel_interface_numbers](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' | + | [          raw_eos_cli](## ".nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | + | [          flow_tracking](## ".nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. | + | [            enabled](## ".nodes.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | | + | [            name](## ".nodes.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | + | [          structured_config](## ".nodes.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. | + +=== "YAML" + + ```yaml + : + + # Define variables for all nodes of this type. + defaults: + + # L3 Port-Channel interfaces to configure on the node. + # Used to define the node for WAN interfaces when `wan_carrier` is set. + l3_port_channels: + + # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + # For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + - name: + + # Interface description. + # If not set a default description will be configured with '[[ ]]'. + description: + + # Port-Channel mode. + # Should not be set on Port-Channel subinterfaces. + mode: + + # Port-Channel member interfaces. + # Should not be set on Port-Channel subinterfaces. + member_interfaces: + + # Ethernet interface name like 'Ethernet2'. + # Member interface cannot be subinterface. + - name: + + # Interface description for this member. + # If not set a default description will be configured with '[[ ]]'. + description: + + # The peer device name. Used for description and documentation. + # If not set, this inherits the peer setting on the port-channel interface. + peer: + + # The peer device interface. Used for description and documentation. + peer_interface: + + # Speed should be set in the format `` or `forced ` or `auto `. + speed: + + # Node IPv4 address/Mask or 'dhcp'. + ip_address: + + # When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + # IPv4 address (without mask) to be allocated on the interface if known. + # This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + # set under `ipv4_acl_in` and `ipv4_acl_out`. + dhcp_ip: + + # Node IPv4 address (no mask). + # + # This is used to get the public IP (if known) when the device is behind NAT. + # This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + # with the following preference: + # `wan_route_servers.path_groups.interfaces.ip_address` + # -> `l3_port_channels.public_ip` + # -> `l3_port_channels.ip_address` + # + # The determined Public IP is used by WAN routers when peering with this interface. + public_ip: + + # For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + encapsulation_dot1q_vlan: + + # Accept a default route from DHCP if `ip_address` is set to `dhcp`. + dhcp_accept_default_route: + + # Enable or Shutdown the interface. + enabled: + + # The peer device name. Used for description and documentation. + peer: + + # The peer device port-channel interface. Used for description and documentation. + peer_port_channel: + + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + peer_ip: + + # Enforce IPv4 BGP peering for the peer + bgp: + + # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. + peer_as: + + # Prefix List Name. Accept routes for only these prefixes from the peer. + # Required for wan interfaces. + ipv4_prefix_list_in: + + # Prefix List Name. Advertise routes for only these prefixes. + # If not specified, nothing would be advertised. + ipv4_prefix_list_out: + + # Name of the IPv4 access-list to be assigned in the ingress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + ipv4_acl_in: + + # Name of the IPv4 Access-list to be assigned in the egress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + ipv4_acl_out: + + # Configure IPv4 static routes pointing to `peer_ip`. + static_routes: # >=1 items + + # IPv4_network/Mask. + - prefix: + + # QOS service profile. + qos_profile: + + # The WAN carrier this interface is connected to. + # This is used to infer the path-groups in which this interface should be configured. + # Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_carrier: + + # The WAN circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + connected_to_pathfinder: + + # PREVIEW: This key is in preview mode + cv_pathfinder_internet_exit: + + # List of Internet-exit policies using this interface as exit. + policies: + + # Internet-exit policy name. + - name: + + # Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + # Examples: '1-3' or '100,200,300' + tunnel_interface_numbers: + + # EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: + + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + flow_tracking: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + + # Custom structured config for the Port-Channel interface. + structured_config: + + # Define variables related to all nodes part of this group. + node_groups: + + # The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'. + # The Node Group Name is also used for peer description on downstream switches' uplinks. + - group: + + # Define variables per node. + nodes: + + # The Node Name is used as "hostname". + - name: + + # L3 Port-Channel interfaces to configure on the node. + # Used to define the node for WAN interfaces when `wan_carrier` is set. + l3_port_channels: + + # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + # For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + - name: + + # Interface description. + # If not set a default description will be configured with '[[ ]]'. + description: + + # Port-Channel mode. + # Should not be set on Port-Channel subinterfaces. + mode: + + # Port-Channel member interfaces. + # Should not be set on Port-Channel subinterfaces. + member_interfaces: + + # Ethernet interface name like 'Ethernet2'. + # Member interface cannot be subinterface. + - name: + + # Interface description for this member. + # If not set a default description will be configured with '[[ ]]'. + description: + + # The peer device name. Used for description and documentation. + # If not set, this inherits the peer setting on the port-channel interface. + peer: + + # The peer device interface. Used for description and documentation. + peer_interface: + + # Speed should be set in the format `` or `forced ` or `auto `. + speed: + + # Node IPv4 address/Mask or 'dhcp'. + ip_address: + + # When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + # IPv4 address (without mask) to be allocated on the interface if known. + # This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + # set under `ipv4_acl_in` and `ipv4_acl_out`. + dhcp_ip: + + # Node IPv4 address (no mask). + # + # This is used to get the public IP (if known) when the device is behind NAT. + # This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + # with the following preference: + # `wan_route_servers.path_groups.interfaces.ip_address` + # -> `l3_port_channels.public_ip` + # -> `l3_port_channels.ip_address` + # + # The determined Public IP is used by WAN routers when peering with this interface. + public_ip: + + # For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + encapsulation_dot1q_vlan: + + # Accept a default route from DHCP if `ip_address` is set to `dhcp`. + dhcp_accept_default_route: + + # Enable or Shutdown the interface. + enabled: + + # The peer device name. Used for description and documentation. + peer: + + # The peer device port-channel interface. Used for description and documentation. + peer_port_channel: + + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + peer_ip: + + # Enforce IPv4 BGP peering for the peer + bgp: + + # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. + peer_as: + + # Prefix List Name. Accept routes for only these prefixes from the peer. + # Required for wan interfaces. + ipv4_prefix_list_in: + + # Prefix List Name. Advertise routes for only these prefixes. + # If not specified, nothing would be advertised. + ipv4_prefix_list_out: + + # Name of the IPv4 access-list to be assigned in the ingress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + ipv4_acl_in: + + # Name of the IPv4 Access-list to be assigned in the egress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + ipv4_acl_out: + + # Configure IPv4 static routes pointing to `peer_ip`. + static_routes: # >=1 items + + # IPv4_network/Mask. + - prefix: + + # QOS service profile. + qos_profile: + + # The WAN carrier this interface is connected to. + # This is used to infer the path-groups in which this interface should be configured. + # Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_carrier: + + # The WAN circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + connected_to_pathfinder: + + # PREVIEW: This key is in preview mode + cv_pathfinder_internet_exit: + + # List of Internet-exit policies using this interface as exit. + policies: + + # Internet-exit policy name. + - name: + + # Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + # Examples: '1-3' or '100,200,300' + tunnel_interface_numbers: + + # EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: + + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + flow_tracking: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + + # Custom structured config for the Port-Channel interface. + structured_config: + + # L3 Port-Channel interfaces to configure on the node. + # Used to define the node for WAN interfaces when `wan_carrier` is set. + l3_port_channels: + + # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + # For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + - name: + + # Interface description. + # If not set a default description will be configured with '[[ ]]'. + description: + + # Port-Channel mode. + # Should not be set on Port-Channel subinterfaces. + mode: + + # Port-Channel member interfaces. + # Should not be set on Port-Channel subinterfaces. + member_interfaces: + + # Ethernet interface name like 'Ethernet2'. + # Member interface cannot be subinterface. + - name: + + # Interface description for this member. + # If not set a default description will be configured with '[[ ]]'. + description: + + # The peer device name. Used for description and documentation. + # If not set, this inherits the peer setting on the port-channel interface. + peer: + + # The peer device interface. Used for description and documentation. + peer_interface: + + # Speed should be set in the format `` or `forced ` or `auto `. + speed: + + # Node IPv4 address/Mask or 'dhcp'. + ip_address: + + # When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + # IPv4 address (without mask) to be allocated on the interface if known. + # This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + # set under `ipv4_acl_in` and `ipv4_acl_out`. + dhcp_ip: + + # Node IPv4 address (no mask). + # + # This is used to get the public IP (if known) when the device is behind NAT. + # This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + # with the following preference: + # `wan_route_servers.path_groups.interfaces.ip_address` + # -> `l3_port_channels.public_ip` + # -> `l3_port_channels.ip_address` + # + # The determined Public IP is used by WAN routers when peering with this interface. + public_ip: + + # For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + encapsulation_dot1q_vlan: + + # Accept a default route from DHCP if `ip_address` is set to `dhcp`. + dhcp_accept_default_route: + + # Enable or Shutdown the interface. + enabled: + + # The peer device name. Used for description and documentation. + peer: + + # The peer device port-channel interface. Used for description and documentation. + peer_port_channel: + + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + peer_ip: + + # Enforce IPv4 BGP peering for the peer + bgp: + + # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. + peer_as: + + # Prefix List Name. Accept routes for only these prefixes from the peer. + # Required for wan interfaces. + ipv4_prefix_list_in: + + # Prefix List Name. Advertise routes for only these prefixes. + # If not specified, nothing would be advertised. + ipv4_prefix_list_out: + + # Name of the IPv4 access-list to be assigned in the ingress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + ipv4_acl_in: + + # Name of the IPv4 Access-list to be assigned in the egress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + ipv4_acl_out: + + # Configure IPv4 static routes pointing to `peer_ip`. + static_routes: # >=1 items + + # IPv4_network/Mask. + - prefix: + + # QOS service profile. + qos_profile: + + # The WAN carrier this interface is connected to. + # This is used to infer the path-groups in which this interface should be configured. + # Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_carrier: + + # The WAN circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + connected_to_pathfinder: + + # PREVIEW: This key is in preview mode + cv_pathfinder_internet_exit: + + # List of Internet-exit policies using this interface as exit. + policies: + + # Internet-exit policy name. + - name: + + # Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + # Examples: '1-3' or '100,200,300' + tunnel_interface_numbers: + + # EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: + + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + flow_tracking: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + + # Custom structured config for the Port-Channel interface. + structured_config: + + # Define variables per node. + nodes: + + # The Node Name is used as "hostname". + - name: + + # L3 Port-Channel interfaces to configure on the node. + # Used to define the node for WAN interfaces when `wan_carrier` is set. + l3_port_channels: + + # Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + # For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + - name: + + # Interface description. + # If not set a default description will be configured with '[[ ]]'. + description: + + # Port-Channel mode. + # Should not be set on Port-Channel subinterfaces. + mode: + + # Port-Channel member interfaces. + # Should not be set on Port-Channel subinterfaces. + member_interfaces: + + # Ethernet interface name like 'Ethernet2'. + # Member interface cannot be subinterface. + - name: + + # Interface description for this member. + # If not set a default description will be configured with '[[ ]]'. + description: + + # The peer device name. Used for description and documentation. + # If not set, this inherits the peer setting on the port-channel interface. + peer: + + # The peer device interface. Used for description and documentation. + peer_interface: + + # Speed should be set in the format `` or `forced ` or `auto `. + speed: + + # Node IPv4 address/Mask or 'dhcp'. + ip_address: + + # When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + # IPv4 address (without mask) to be allocated on the interface if known. + # This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + # set under `ipv4_acl_in` and `ipv4_acl_out`. + dhcp_ip: + + # Node IPv4 address (no mask). + # + # This is used to get the public IP (if known) when the device is behind NAT. + # This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + # with the following preference: + # `wan_route_servers.path_groups.interfaces.ip_address` + # -> `l3_port_channels.public_ip` + # -> `l3_port_channels.ip_address` + # + # The determined Public IP is used by WAN routers when peering with this interface. + public_ip: + + # For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + encapsulation_dot1q_vlan: + + # Accept a default route from DHCP if `ip_address` is set to `dhcp`. + dhcp_accept_default_route: + + # Enable or Shutdown the interface. + enabled: + + # The peer device name. Used for description and documentation. + peer: + + # The peer device port-channel interface. Used for description and documentation. + peer_port_channel: + + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + peer_ip: + + # Enforce IPv4 BGP peering for the peer + bgp: + + # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. + peer_as: + + # Prefix List Name. Accept routes for only these prefixes from the peer. + # Required for wan interfaces. + ipv4_prefix_list_in: + + # Prefix List Name. Advertise routes for only these prefixes. + # If not specified, nothing would be advertised. + ipv4_prefix_list_out: + + # Name of the IPv4 access-list to be assigned in the ingress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + ipv4_acl_in: + + # Name of the IPv4 Access-list to be assigned in the egress direction. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + ipv4_acl_out: + + # Configure IPv4 static routes pointing to `peer_ip`. + static_routes: # >=1 items + + # IPv4_network/Mask. + - prefix: + + # QOS service profile. + qos_profile: + + # The WAN carrier this interface is connected to. + # This is used to infer the path-groups in which this interface should be configured. + # Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_carrier: + + # The WAN circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + connected_to_pathfinder: + + # PREVIEW: This key is in preview mode + cv_pathfinder_internet_exit: + + # List of Internet-exit policies using this interface as exit. + policies: + + # Internet-exit policy name. + - name: + + # Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + # Examples: '1-3' or '100,200,300' + tunnel_interface_numbers: + + # EOS CLI rendered directly on the interface in the final EOS configuration. + raw_eos_cli: + + # Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + flow_tracking: + enabled: + + # Flow tracker name as defined in flow_tracking_settings. + name: + + # Custom structured config for the Port-Channel interface. + structured_config: + ``` diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml index b241f60331a..df00851d787 100644 --- a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml @@ -9233,6 +9233,14 @@ $defs: description: 'L3 interface profile name. Profile defined under `l3_interface_profiles`. ' + l3_port_channels: + type: list + $ref: eos_designs#/$defs/node_type_l3_port_channels + documentation_options: + table: node-type-l3-port-channels-configuration + description: 'L3 Port-Channel interfaces to configure on the node. + + Used to define the node for WAN interfaces when `wan_carrier` is set.' data_plane_cpu_allocation_max: documentation_options: table: system-settings @@ -9512,6 +9520,236 @@ $defs: hide_keys: true description: Custom structured config for the Ethernet interface. $ref: eos_cli_config_gen#/keys/ethernet_interfaces/items + node_type_l3_port_channels: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + required: true + description: 'Port-Channel interface name like ''Port-Channel2'' or subinterface + name like ''Port-Channel2.42''. + + For a Port-Channel subinterface, the parent Port-Channel interface must + be defined as well.' + pattern: Port-Channel[\d/]+(.[\d]+)? + description: + type: str + description: 'Interface description. + + If not set a default description will be configured with ''[[ ]]''.' + mode: + type: str + description: 'Port-Channel mode. + + Should not be set on Port-Channel subinterfaces.' + valid_values: + - active + - passive + - 'on' + default: 'on' + member_interfaces: + description: 'Port-Channel member interfaces. + + Should not be set on Port-Channel subinterfaces.' + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + required: true + description: 'Ethernet interface name like ''Ethernet2''. + + Member interface cannot be subinterface.' + pattern: Ethernet[\d/]+ + description: + type: str + description: 'Interface description for this member. + + If not set a default description will be configured with ''[[ + ]]''.' + peer: + type: str + description: 'The peer device name. Used for description and documentation. + + If not set, this inherits the peer setting on the port-channel interface.' + peer_interface: + type: str + description: The peer device interface. Used for description and documentation. + speed: + type: str + description: Speed should be set in the format `` + or `forced ` or `auto `. + ip_address: + type: str + description: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + type: str + description: 'When the `ip_address` is `dhcp`, this optional field allows + to indicate the expected + + IPv4 address (without mask) to be allocated on the interface if known. + + This is not rendered in the configuration but can be used for substitution + of ''interface_ip'' in the Access-list + + set under `ipv4_acl_in` and `ipv4_acl_out`.' + public_ip: + type: str + description: "Node IPv4 address (no mask).\n\nThis is used to get the public + IP (if known) when the device is behind NAT.\nThis is only used for `wan_rr` + routers (AutoVPN RRs and Pathfinders) to determine the Public IP\nwith + the following preference:\n `wan_route_servers.path_groups.interfaces.ip_address`\n + \ -> `l3_port_channels.public_ip`\n -> `l3_port_channels.ip_address`\n\nThe + determined Public IP is used by WAN routers when peering with this interface." + encapsulation_dot1q_vlan: + description: For subinterfaces the dot1q vlan is derived from the interface + name by default, but can also be specified. + type: int + convert_types: + - str + min: 1 + max: 4094 + dhcp_accept_default_route: + type: bool + default: true + description: Accept a default route from DHCP if `ip_address` is set to + `dhcp`. + enabled: + type: bool + default: true + description: Enable or Shutdown the interface. + peer: + type: str + description: The peer device name. Used for description and documentation. + peer_port_channel: + type: str + description: The peer device port-channel interface. Used for description + and documentation. + peer_ip: + type: str + description: The peer device IPv4 address (no mask). Used as default route + gateway if `set_default_route` is true and `ip` is an IP address. + bgp: + type: dict + description: Enforce IPv4 BGP peering for the peer + keys: + peer_as: + type: str + required: true + convert_types: + - int + description: 'BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>". + + For asdot notation in YAML inputs, the value must be put in quotes, + to prevent it from being interpreted as a float number.' + ipv4_prefix_list_in: + type: str + description: 'Prefix List Name. Accept routes for only these prefixes + from the peer. + + Required for wan interfaces.' + ipv4_prefix_list_out: + type: str + description: 'Prefix List Name. Advertise routes for only these prefixes. + + If not specified, nothing would be advertised.' + ipv4_acl_in: + description: 'Name of the IPv4 access-list to be assigned in the ingress + direction. + + The access-list must be defined under `ipv4_acls` and supports field substitution + for "interface_ip" and "peer_ip". + + Required for all WAN interfaces (`wan_carrier` is set) unless the carrier + is marked as ''trusted'' under `wan_carriers`.' + type: str + convert_types: + - int + ipv4_acl_out: + description: 'Name of the IPv4 Access-list to be assigned in the egress + direction. + + The access-list must be defined under `ipv4_acls` and supports field substitution + for "interface_ip" and "peer_ip".' + type: str + convert_types: + - int + static_routes: + description: Configure IPv4 static routes pointing to `peer_ip`. + type: list + min_length: 1 + items: + type: dict + keys: + prefix: + type: str + required: true + description: IPv4_network/Mask. + qos_profile: + type: str + description: QOS service profile. + wan_carrier: + type: str + description: 'The WAN carrier this interface is connected to. + + This is used to infer the path-groups in which this interface should be + configured. + + Unless the carrier is marked as ''trusted'' under `wan_carriers`, `ipv4_acl_in` + is also required on all WAN interfaces.' + wan_circuit_id: + type: str + convert_types: + - int + description: 'The WAN circuit ID for this interface. + + This is not rendered in the configuration but used for WAN designs.' + connected_to_pathfinder: + type: bool + default: true + description: For a WAN interface (`wan_carrier` is set), allow to disable + the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + description: 'PREVIEW: This key is in preview mode' + type: dict + keys: + policies: + type: list + primary_key: name + description: List of Internet-exit policies using this interface as + exit. + items: + type: dict + keys: + name: + type: str + description: Internet-exit policy name. + tunnel_interface_numbers: + type: str + description: 'Number range to use for Tunnel interfaces to an + internet-exit service provider using this local interface. + + Examples: ''1-3'' or ''100,200,300''' + raw_eos_cli: + type: str + description: EOS CLI rendered directly on the interface in the final EOS + configuration. + flow_tracking: + type: dict + $ref: eos_designs#/$defs/flow_tracking_link + description: Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` + setting. + structured_config: + type: dict + documentation_options: + hide_keys: true + description: Custom structured config for the Port-Channel interface. + $ref: eos_cli_config_gen#/keys/port_channel_interfaces/items p2p_links: type: list items: diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml index af03a895337..3d3eb02d7e4 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml @@ -1384,6 +1384,14 @@ $defs: type: str description: | L3 interface profile name. Profile defined under `l3_interface_profiles`. + l3_port_channels: + type: list + $ref: "eos_designs#/$defs/node_type_l3_port_channels" + documentation_options: + table: node-type-l3-port-channels-configuration + description: |- + L3 Port-Channel interfaces to configure on the node. + Used to define the node for WAN interfaces when `wan_carrier` is set. data_plane_cpu_allocation_max: documentation_options: table: system-settings diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml new file mode 100644 index 00000000000..2478adf2783 --- /dev/null +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type_l3_port_channels.schema.yml @@ -0,0 +1,227 @@ +# Copyright (c) 2023-2024 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. +# yaml-language-server: $schema=../../../_schema/avd_meta_schema.json +# Line above is used by RedHat's YAML Schema vscode extension +# Use Ctrl + Space to get suggestions for every field. Autocomplete will pop up after typing 2 letters. +type: dict +$defs: + node_type_l3_port_channels: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + required: true + description: |- + Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'. + For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. + pattern: "Port-Channel[\\d/]+(.[\\d]+)?" + description: + type: str + description: |- + Interface description. + If not set a default description will be configured with '[[ ]]'. + mode: + type: str + description: |- + Port-Channel mode. + Should not be set on Port-Channel subinterfaces. + valid_values: + - "active" + - "passive" + - "on" + default: "on" + member_interfaces: + description: |- + Port-Channel member interfaces. + Should not be set on Port-Channel subinterfaces. + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + required: true + description: |- + Ethernet interface name like 'Ethernet2'. + Member interface cannot be subinterface. + pattern: "Ethernet[\\d/]+" + description: + type: str + description: |- + Interface description for this member. + If not set a default description will be configured with '[[ ]]'. + peer: + type: str + description: |- + The peer device name. Used for description and documentation. + If not set, this inherits the peer setting on the port-channel interface. + peer_interface: + type: str + description: |- + The peer device interface. Used for description and documentation. + speed: + type: str + description: |- + Speed should be set in the format `` or `forced ` or `auto `. + ip_address: + type: str + description: Node IPv4 address/Mask or 'dhcp'. + dhcp_ip: + type: str + description: |- + When the `ip_address` is `dhcp`, this optional field allows to indicate the expected + IPv4 address (without mask) to be allocated on the interface if known. + This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list + set under `ipv4_acl_in` and `ipv4_acl_out`. + public_ip: + type: str + description: |- + Node IPv4 address (no mask). + + This is used to get the public IP (if known) when the device is behind NAT. + This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP + with the following preference: + `wan_route_servers.path_groups.interfaces.ip_address` + -> `l3_port_channels.public_ip` + -> `l3_port_channels.ip_address` + + The determined Public IP is used by WAN routers when peering with this interface. + encapsulation_dot1q_vlan: + description: For subinterfaces the dot1q vlan is derived from the interface name by default, but can also be specified. + type: int + convert_types: + - str + min: 1 + max: 4094 + dhcp_accept_default_route: + type: bool + default: true + description: Accept a default route from DHCP if `ip_address` is set to `dhcp`. + enabled: + type: bool + default: true + description: Enable or Shutdown the interface. + peer: + type: str + description: |- + The peer device name. Used for description and documentation. + peer_port_channel: + type: str + description: |- + The peer device port-channel interface. Used for description and documentation. + peer_ip: + type: str + description: |- + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + bgp: + type: dict + description: |- + Enforce IPv4 BGP peering for the peer + keys: + peer_as: + type: str + required: true + convert_types: + - int + description: 'BGP AS <1-4294967295> or AS number in asdot notation + "<1-65535>.<0-65535>". + + For asdot notation in YAML inputs, the value must be put in + quotes, to prevent it from being interpreted as a float number.' + ipv4_prefix_list_in: + type: str + description: |- + Prefix List Name. Accept routes for only these prefixes from the peer. + Required for wan interfaces. + ipv4_prefix_list_out: + type: str + description: |- + Prefix List Name. Advertise routes for only these prefixes. + If not specified, nothing would be advertised. + ipv4_acl_in: + description: |- + Name of the IPv4 access-list to be assigned in the ingress direction. + The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. + type: str + convert_types: + - int + ipv4_acl_out: + description: |- + Name of the IPv4 Access-list to be assigned in the egress direction. + The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". + type: str + convert_types: + - int + static_routes: + description: Configure IPv4 static routes pointing to `peer_ip`. + type: list + min_length: 1 + items: + type: dict + keys: + prefix: + type: str + required: true + description: IPv4_network/Mask. + qos_profile: + type: str + description: QOS service profile. + wan_carrier: + type: str + description: |- + The WAN carrier this interface is connected to. + This is used to infer the path-groups in which this interface should be configured. + Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. + wan_circuit_id: + type: str + convert_types: + - int + description: |- + The WAN circuit ID for this interface. + This is not rendered in the configuration but used for WAN designs. + connected_to_pathfinder: + type: bool + default: true + description: |- + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + cv_pathfinder_internet_exit: + description: |- + PREVIEW: This key is in preview mode + type: dict + keys: + policies: + type: list + primary_key: name + description: List of Internet-exit policies using this interface as exit. + items: + type: dict + keys: + name: + type: str + description: Internet-exit policy name. + tunnel_interface_numbers: + type: str + description: |- + Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface. + Examples: '1-3' or '100,200,300' + raw_eos_cli: + type: str + description: EOS CLI rendered directly on the interface in the final EOS configuration. + flow_tracking: + type: dict + $ref: "eos_designs#/$defs/flow_tracking_link" + description: |- + Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. + structured_config: + type: dict + documentation_options: + hide_keys: true + description: |- + Custom structured config for the Port-Channel interface. + $ref: "eos_cli_config_gen#/keys/port_channel_interfaces/items"