Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat(eos_cli_config_gen): Add interface IP NAT support #2750

Merged
merged 14 commits into from
May 11, 2023
Merged

Feat(eos_cli_config_gen): Add interface IP NAT support #2750

merged 14 commits into from
May 11, 2023

Conversation

kornoa
Copy link
Contributor

@kornoa kornoa commented Apr 21, 2023
edited

Change Summary

Adding support to render IP NAT interface EOS configuration.

  • ip nat source static ...
  • ip nat source dynamic ...
  • ip nat destination static ...
  • ip nat destination dynamic ...

Supported Interface Types:

  • Ethernet
  • Port-Channel
  • VLAN

Related Issue(s)

Fixes #2725

Component(s) name

arista.avd.eos_cli_config_gen

Proposed changes

added ip_nat under support interface types

How to test

structured config:

< supported interfaces>:
  - ip_nat:
      destination:
        dynamic:
          - access_list: ACL1
            pool_name: POOL1
          - access_list: ACL2
            pool_name: POOL1
            comment: POOL1 shared with ACL1/2
          - access_list: ACL3
            pool_name: POOL3
            priority: 10
          - access_list: ACL4
            pool_name: POOL4
            comment: Priority low end
            priority: 1
          - access_list: ACL6
            pool_name: POOL6
            comment: Priority default
            priority: 0
          - access_list: ACL5
            pool_name: POOL5
            comment: Priority high end
            priority: 4294967295
        static:
          - original_ip: 1.0.0.1
            translated_ip: 2.0.0.1
          - original_ip: 1.0.0.2
            translated_ip: 2.0.0.2
            original_port: 22
          - original_ip: 1.0.0.3
            translated_ip: 2.0.0.3
            original_port: 22
            translated_port: 23
          - original_ip: 1.0.0.4
            translated_ip: 2.0.0.4
            original_port: 22
            translated_port: 23
            protocol: udp
          - original_ip: 1.0.0.5
            translated_ip: 2.0.0.5
            original_port: 22
            translated_port: 23
            protocol: tcp
            group: 1
          - original_ip: 1.0.0.6
            translated_ip: 2.0.0.6
            original_port: 22
            translated_port: 23
            protocol: tcp
            group: 2
            priority: 5
            comment: 'Comment Test'
          - original_ip: 1.0.0.7
            translated_ip: 2.0.0.7
            access_list: ACL21
          - original_ip: 239.0.0.1
            translated_ip: 239.0.0.2
            direction: egress
      source:
        dynamic:
          - access_list: ACL11
            pool_name: POOL11
            nat_type: pool
          - access_list: ACL12
            pool_name: POOL11
            comment: POOL11 shared with ACL11/12
            nat_type: pool
          - access_list: ACL13
            pool_name: POOL13
            priority: 10
            nat_type: pool
          - access_list: ACL14
            pool_name: POOL14
            comment: Priority low end
            priority: 1
            nat_type: pool
          - access_list: ACL16
            pool_name: POOL16
            comment: Priority default
            priority: 0
            nat_type: pool
          - access_list: ACL15
            pool_name: POOL15
            comment: Priority high end
            priority: 4294967295
            nat_type: pool
          - access_list: ACL17
            comment: Priority_10
            priority: 10
            nat_type: overload
          - access_list: ACL18
            pool_name: POOL18
            comment: Priority_10
            priority: 10
            nat_type: pool-address-only
          - access_list: ACL19
            pool_name: POOL19
            comment: Priority_10
            priority: 10
            nat_type: pool-full-cone
        static:
          - original_ip: 3.0.0.1
            translated_ip: 4.0.0.1
          - original_ip: 3.0.0.2
            translated_ip: 4.0.0.2
            original_port: 22
          - original_ip: 3.0.0.3
            translated_ip: 4.0.0.3
            original_port: 22
            translated_port: 23
          - original_ip: 3.0.0.4
            translated_ip: 4.0.0.4
            original_port: 22
            translated_port: 23
            protocol: udp
          - original_ip: 3.0.0.5
            translated_ip: 4.0.0.5
            original_port: 22
            translated_port: 23
            protocol: tcp
            group: 1
          - original_ip: 3.0.0.6
            translated_ip: 4.0.0.6
            original_port: 22
            translated_port: 23
            protocol: tcp
            group: 2
            priority: 5
            comment: 'Comment Test'
          - original_ip: 3.0.0.7
            translated_ip: 4.0.0.7
            access_list: ACL21
          - original_ip: 3.0.0.8
            translated_ip: 4.0.0.8
            direction: ingress

result in EOS CLI config:

interface <supported type>
   ip nat source static 3.0.0.1 4.0.0.1
   ip nat source static 3.0.0.2 22 4.0.0.2
   ip nat source static 3.0.0.3 22 4.0.0.3 23
   ip nat source static 3.0.0.4 22 4.0.0.4 23 protocol udp
   ip nat source static 3.0.0.5 22 4.0.0.5 23 protocol tcp group 1
   ip nat source static 3.0.0.6 22 4.0.0.6 23 protocol tcp group 2 comment Comment Test
   ip nat source static 3.0.0.7 access-list ACL21 4.0.0.7
   ip nat source ingress static 3.0.0.8 4.0.0.8
   ip nat source dynamic access-list ACL11 pool POOL11
   ip nat source dynamic access-list ACL12 pool POOL11 comment POOL11 shared with ACL11/12
   ip nat source dynamic access-list ACL13 pool POOL13 priority 10
   ip nat source dynamic access-list ACL14 pool POOL14 priority 1 comment Priority low end
   ip nat source dynamic access-list ACL15 pool POOL15 priority 4294967295 comment Priority high end
   ip nat source dynamic access-list ACL16 pool POOL16 comment Priority default
   ip nat source dynamic access-list ACL17 overload priority 10 comment Priority_10
   ip nat source dynamic access-list ACL18 pool POOL18 address-only priority 10 comment Priority_10
   ip nat source dynamic access-list ACL19 pool POOL19 full-cone priority 10 comment Priority_10
   ip nat destination static 1.0.0.1 2.0.0.1
   ip nat destination static 1.0.0.2 22 2.0.0.2
   ip nat destination static 1.0.0.3 22 2.0.0.3 23
   ip nat destination static 1.0.0.4 22 2.0.0.4 23 protocol udp
   ip nat destination static 1.0.0.5 22 2.0.0.5 23 protocol tcp group 1
   ip nat destination static 1.0.0.6 22 2.0.0.6 23 protocol tcp group 2 comment Comment Test
   ip nat destination static 1.0.0.7 access-list ACL21 2.0.0.7
   ip nat destination egress static 239.0.0.1 239.0.0.2
   ip nat destination dynamic access-list ACL1 pool POOL1
   ip nat destination dynamic access-list ACL2 pool POOL1 comment POOL1 shared with ACL1/2
   ip nat destination dynamic access-list ACL3 pool POOL3 priority 10
   ip nat destination dynamic access-list ACL4 pool POOL4 priority 1 comment Priority low end
   ip nat destination dynamic access-list ACL5 pool POOL5 priority 4294967295 comment Priority high end
   ip nat destination dynamic access-list ACL6 pool POOL6 comment Priority default

Checklist

User Checklist

  • N/A

Repository Checklist

  • My code has been rebased from devel before I start
  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation and documentation have been updated accordingly.
  • I have updated molecule CI testing accordingly. (check the box if not applicable)

@kornoa
Feat(eos_cli_config_gen): Add IF ip nat support (#2725)
ee3590f 
- Support Destination Dynamic NAT
- Support on ethernet, port-channel, tunnel and vlan interfaces
@kornoa
Feat(eos_cli_config_gen): Extend IF ip nat support (#2725)
5aa507d 
    - Support Source Dynamic NAT
    - Support on ethernet, port-channel, tunnel and vlan interfaces
@kornoa
Feat(eos_cli_config_gen): Extend IF ip nat support (#2725)
b6097cd 
- Support Source Static NAT
- Support Destination Static NAT
- Support on ethernet, port-channel, tunnel and vlan interfaces
@kornoa kornoa requested a review from a team as a code owner April 21, 2023 14:13
@github-actions github-actions bot added role: eos_cli_config_gen issue related to eos_cli_config_gen role state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated labels Apr 21, 2023
ClausHolbechArista
ClausHolbechArista reviewed May 4, 2023
View reviewed changes
...le_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/tunnel-interfaces.cfg Outdated Show resolved Hide resolved
...llections/arista/avd/roles/eos_cli_config_gen/templates/documentation/ethernet-interfaces.j2 Outdated Show resolved Hide resolved
...tions/arista/avd/roles/eos_cli_config_gen/templates/documentation/port-channel-interfaces.j2 Outdated Show resolved Hide resolved
...collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/tunnel-interfaces.j2 Outdated Show resolved Hide resolved
...e_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/vlan-interfaces.j2 Outdated Show resolved Hide resolved
...tions/arista/avd/roles/eos_cli_config_gen/templates/documentation/port-channel-interfaces.j2 Show resolved Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/ethernet-interfaces.j2 Outdated Show resolved Hide resolved
ClausHolbechArista
ClausHolbechArista reviewed May 8, 2023
View reviewed changes
Copy link
Contributor

@ClausHolbechArista ClausHolbechArista left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost there. Still pending the other maintainers' view on interface vs. feature documentation.

...ble_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/port-channel-interfaces.j2 Outdated Show resolved Hide resolved
...tions/arista/avd/roles/eos_cli_config_gen/templates/documentation/port-channel-interfaces.j2 Show resolved Hide resolved
@ClausHolbechArista ClausHolbechArista requested a review from a team May 9, 2023 09:36
gmuloc
gmuloc approved these changes May 11, 2023
View reviewed changes
Copy link
Contributor

@gmuloc gmuloc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ignoring mkdocs failure as it is docker website sending back 403. investigation under way

LGTM

Thanks @kornoa for the work!

@gmuloc gmuloc merged commit fc41fff into aristanetworks:devel May 11, 2023
34 of 35 checks passed
@gmuloc gmuloc added this to the v4.0.0-dev12 milestone May 11, 2023
@ClausHolbechArista ClausHolbechArista changed the title Feat(eos_cli_config_gen): Add IF ip nat support Feat(eos_cli_config_gen): Add interface IP NAT support May 11, 2023
@SomaliRaven SomaliRaven mentioned this pull request Apr 23, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carlbuchmann carlbuchmann carlbuchmann left review comments

@kmueller68 kmueller68 kmueller68 left review comments

@gmuloc gmuloc gmuloc approved these changes

@ClausHolbechArista ClausHolbechArista ClausHolbechArista approved these changes

Assignees

@kornoa kornoa

Labels
rn: Feat(eos_cli_config_gen) role: eos_cli_config_gen issue related to eos_cli_config_gen role state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated
Projects
None yet
Milestone
v4.0.0-dev12
Development

Successfully merging this pull request may close these issues.

Feat(eos_cli_config_gen): Interface NAT configuration options
5 participants
@kornoa @gmuloc @carlbuchmann @ClausHolbechArista @kmueller68