Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat(eos_cli_config_gen): Add global IP NAT support #2747

Merged
merged 11 commits into from
Apr 28, 2023
Merged

Feat(eos_cli_config_gen): Add global IP NAT support #2747

merged 11 commits into from
Apr 28, 2023

Conversation

kornoa
Copy link
Contributor

@kornoa kornoa commented Apr 20, 2023

Change Summary

Adding support to render IP NAT global EOS configuration.

  • ip nat pool ...
  • ip nat kernel buffer size ...
  • ip nat synchronization
  • ip nat translation ...

Related Issue(s)

Fixes #2724

Component(s) name

arista.avd.eos_cli_config_gen

Proposed changes

added ip_nat

How to test

structured config:

### IP NAT ###
ip_nat:
  kernel_buffer_size: 64
  pools:
    - name: prefix_16
      prefix_length: 16
      ranges:
        - first_ip: 10.0.0.1
          last_ip: 10.0.255.254
        - first_ip: 10.1.0.0
          last_ip: 10.1.255.255
          first_port: 1024
          last_port: 65535
      utilization_log_threshold: 1
    - name: prefix_32
      prefix_length: 32
      ranges:
        - first_ip: 10.2.0.1
          last_ip: 10.2.0.1
    - name: prefix_24
      prefix_length: 24
      ranges:
        - first_ip: 10.3.0.1
          last_ip: 10.3.0.254
        - first_ip: 10.3.1.0
          last_ip: 10.3.1.255
          first_port: 1024
          last_port: 65535
      utilization_log_threshold: 100
  synchronization:
    description: 'test sync config'
    expiry_interval: 60
    local_interface: Ethernet1
    peer_address: 1.1.1.1
    port_range:
      first_port: 1024
      last_port: 65535
      split_disabled: true
    shutdown: true
  translation:
    address_selection:
      any: true
      hash_field_source_ip: true
    counters: true
    low_mark:
      percentage: 50
      host_percentage: 50
    max_entries:
      limit: 100000
      host_limit: 1000
      ip_limits:
        - ip: 10.0.0.1
          limit: 100
        - ip: 10.0.0.2
          limit: 200
    timeouts:
      - protocol: udp
        timeout: 3600
      - protocol: tcp
        timeout: 7200

result in EOS CLI config:

!
ip nat translation address selection any
ip nat translation address selection hash field source-ip
ip nat translation udp-timeout 3600
ip nat translation tcp-timeout 7200
ip nat translation max-entries 100000
ip nat translation low-mark 50
ip nat translation max-entries 1000 host
ip nat translation low-mark 50 host
ip nat translation max-entries 100 10.0.0.1
ip nat translation max-entries 200 10.0.0.2
ip nat kernel buffer size 64
ip nat pool prefix_16 prefix-length 16
   range 10.0.0.1 10.0.255.254
   range 10.1.0.0 10.1.255.255 1024 65535
   utilization threshold 1 action log
ip nat pool prefix_32 prefix-length 32
   range 10.2.0.1 10.2.0.1
ip nat pool prefix_24 prefix-length 24
   range 10.3.0.1 10.3.0.254
   range 10.3.1.0 10.3.1.255 1024 65535
   utilization threshold 100 action log
ip nat synchronization
   description test sync config
   expiry-interval 60
   shutdown
   peer-address 1.1.1.1
   local-interface Ethernet1
   port-range 1024 65535
   port-range split disabled

Checklist

User Checklist

  • N/A

Repository Checklist

  • My code has been rebased from devel before I start
  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation and documentation have been updated accordingly.
  • I have updated molecule CI testing accordingly. (check the box if not applicable)

@kornoa kornoa requested a review from a team as a code owner April 20, 2023 14:32
@github-actions github-actions bot added role: eos_cli_config_gen issue related to eos_cli_config_gen role state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated labels Apr 20, 2023
@kornoa
Doc(eos_cli_config_gen): Fix IP NAT schema doc
c2f4f3d
@kornoa
Fix(eos_cli_config_gen): IP NAT device doc
dd6feb8 
- Respect blank lines before/after headings
- List NAT pools as headings
- Use tables for settings
- Inlcude EOS device configuration
@kornoa
Doc(eos_cli_config_gen): IP NAT schema descriptions
032eed3
gmuloc
gmuloc reviewed Apr 21, 2023
View reviewed changes
Copy link
Contributor

@gmuloc gmuloc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kornoa for the PR and the updates after @ClausHolbechArista comments!

Added a couple of my own - some of them more for discussions than changes really.

...e_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/ip_nat.schema.yml Outdated Show resolved Hide resolved
...e_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/ip_nat.schema.yml Show resolved Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/ip-nat.j2 Outdated Show resolved Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2 Outdated Show resolved Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/ip-nat.j2 Outdated Show resolved Hide resolved
@gmuloc gmuloc requested a review from a team April 24, 2023 07:31
@kornoa
Fix(eos_cli_config_gen): IP NAT EOS config order
dbb7ed0 
- Split global IP NAT config into two sections
gmuloc
gmuloc approved these changes Apr 25, 2023
View reviewed changes
Copy link
Contributor

@gmuloc gmuloc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gmuloc gmuloc requested a review from a team April 25, 2023 07:46
@gmuloc gmuloc added this to the v4.0.0-dev11 milestone Apr 27, 2023
carlbuchmann
carlbuchmann approved these changes Apr 28, 2023
View reviewed changes
Copy link
Member

@carlbuchmann carlbuchmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you for this significant contribution!

@carlbuchmann carlbuchmann merged commit 69ab0b4 into aristanetworks:devel Apr 28, 2023
34 checks passed
@kornoa kornoa deleted the ip_nat_support branch May 3, 2023 09:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClausHolbechArista ClausHolbechArista ClausHolbechArista left review comments

@gmuloc gmuloc gmuloc approved these changes

@carlbuchmann carlbuchmann carlbuchmann approved these changes

Assignees

@kornoa kornoa

Labels
rn: Feat(eos_cli_config_gen) role: eos_cli_config_gen issue related to eos_cli_config_gen role state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated
Projects
None yet
Milestone
v4.0.0-dev11
Development

Successfully merging this pull request may close these issues.

Feat(eos_cli_config_gen): Global NAT configuration options
4 participants
@kornoa @gmuloc @carlbuchmann @ClausHolbechArista