Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat(eos_designs): Add support for directly connected WAN HA #3720

Draft
wants to merge 39 commits into
base: devel
Choose a base branch
from
Draft

Feat(eos_designs): Add support for directly connected WAN HA #3720

wants to merge 39 commits into from

Conversation

gmuloc
Copy link
Contributor

@gmuloc gmuloc commented Mar 7, 2024
edited

NOTE blocked by #4107

Change Summary

This PR contains

  • new model for directly connected HA link
  • modification of eBGP LAN route-maps
  • Addition of iBGP session(s) between WAN HA peers using
  • Routes received from peer are set with Local Preference 50 to still prefer WAN routes

Pros of iBGP EVPN session:

  • This will support WAN HA in EVERY possible LAN scenario

PLEASE refer to internal documentation

Related Issue(s)

Discussion with CV Pathfinder team

Component(s) name

arista.avd.eos_designs

Proposed changes

cf summary

How to test

molecule + lab

Checklist

User Checklist

  • Update documentation

To discuss with reviewers

  • dhcp support for HA link
  • cross iBGP sessions
    -> only one direct link approved

Repository Checklist

  • My code has been rebased from devel before I start
  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation and documentation have been updated accordingly.
  • I have updated molecule CI testing accordingly. (check the box if not applicable)

@github-actions github-actions bot added state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated role: eos_designs issue related to eos_designs role labels Mar 7, 2024
gmuloc
gmuloc commented Mar 11, 2024
View reviewed changes
..._collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml
@@ -1259,6 +1259,33 @@ $defs:
type: bool
default: true
description: Enable / Disable IPsec over HA path-group when HA is enabled.
ha_interfaces:
Copy link
Contributor Author

@gmuloc gmuloc Mar 11, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this could using dhcp IP addresses (in cloud in particular) so probably we need to change this model to something along the line of

ha_interfaces:
  - name:
     ip_address: < dhcp | IPv4 >
     peer_ip_address: <need an IP to know where to connect, can be the known one allocated by DHCP>

@ClausHolbechArista for further discussion

disadvantage is no pool - so maybe we need to add ip_address: < dhcp | pool | IPv4 > with default pool

@github-actions github-actions bot added the state: conflict PR with conflict label Mar 18, 2024
@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions github-actions bot removed the state: conflict PR with conflict label Mar 18, 2024
@gmuloc gmuloc marked this pull request as ready for review March 19, 2024 22:09
@gmuloc gmuloc requested review from a team as code owners March 19, 2024 22:09
@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot added the state: conflict PR with conflict label Mar 26, 2024
@gmuloc gmuloc marked this pull request as draft April 5, 2024 15:59
@github-actions github-actions bot removed the state: conflict PR with conflict label Jun 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 3, 2024

Conflicts have been resolved. A maintainer will review the pull request shortly.

ClausHolbechArista
ClausHolbechArista requested changes Jun 7, 2024
View reviewed changes
...ections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg Outdated Show resolved Hide resolved
...ections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg Outdated Show resolved Hide resolved
...ections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg Outdated
Comment on lines 381 to 383
route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20
description Advertise local routes towards LAN
match route-type local
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are missing routes learned from an l3_interface or other edge kind of interface with dynamic routing, like a firewall.
Maybe we should set a tag everywhere instead of these route-type matches. It will also be useful for the ospf lan case.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

l3_interface learned route can configure an extra route-map entry right? This may not even be a use case today.
For OSPF we can use the same route-map I think

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 9d5e835

...ections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg Outdated Show resolved Hide resolved
...ections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg Outdated Show resolved Hide resolved
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 7, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot added the state: conflict PR with conflict label Jun 7, 2024
@github-actions github-actions bot removed the state: conflict PR with conflict label Jun 10, 2024
@github-actions GitHub Actions
Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jun 10, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

gmuloc
gmuloc commented Jun 12, 2024
View reviewed changes
...eos_designs_unit_tests/intended/configs/cv-pathfinder-custom-control-plane-policy-edge-1.cfg Outdated
@@ -215,14 +215,6 @@ route-map RM-BGP-UNDERLAY-PEERS-IN permit 40
description Mark prefixes originated from the LAN
set extcommunity soo 192.168.42.1:511 additive
!
route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

breaking change -> we should warn every one we know using this.

gmuloc
gmuloc commented Jun 12, 2024
View reviewed changes
...eos_designs_unit_tests/intended/configs/cv-pathfinder-custom-control-plane-policy-edge-1.cfg Outdated
@@ -215,14 +215,6 @@ route-map RM-BGP-UNDERLAY-PEERS-IN permit 40
description Mark prefixes originated from the LAN
set extcommunity soo 192.168.42.1:511 additive
!
route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10
description Advertise local routes towards LAN
match extcommunity ECL-EVPN-SOO
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add limitation regading route from eBGP peer in VRF default not advertised to the WAN - TODO

gmuloc
gmuloc commented Jun 12, 2024
View reviewed changes
...ections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg
route-map RM-BGP-UNDERLAY-PEERS-OUT permit 40
description Advertise WAN HA prefixes towards LAN
match ip address prefix-list PL-WAN-HA-PREFIXES
description Permit every other valid route
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
description Permit every other valid route

@gmuloc gmuloc mentioned this pull request Jun 12, 2024
Merged
4 tasks
@carlbuchmann carlbuchmann marked this pull request as draft June 14, 2024 12:17
@github-actions github-actions bot added the state: conflict PR with conflict label Jun 14, 2024
@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot removed the state: conflict PR with conflict label Jun 17, 2024
@github-actions GitHub Actions
Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions github-actions bot added the state: conflict PR with conflict label Jun 17, 2024
@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClausHolbechArista ClausHolbechArista ClausHolbechArista requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@gmuloc gmuloc

Labels
EPIC - AVD AutoVPN/WAN role: eos_designs issue related to eos_designs role state: CI Updated CI scenario have been updated in the PR state: conflict PR with conflict state: Documentation role Updated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@gmuloc @ClausHolbechArista