L2 leaves

partition/roles/sonic/README.md

@@ -60,12 +60,31 @@ It depends on the `switch_facts` module from `ansible-common`, so make sure modu
 | sonic_interconnects.neighbors                              |           | Connect to this BGP neighbors - supports multiple neighbors and also BGP unnumbered by giving `Ethernet0 interface`. |
 | sonic_interconnects.unnumbered_interfaces                  |           | Connect with BGP unnumbered on these interfaces - also sets IPv6 options to make unnumbered work right.              |
 | sonic_interconnects.peer_group                             |           | Put the neighbor in this peer group.                                                                                 |
+| sonic_interconnects.evpn_peer                              |           | Whether the peer should take part in evpn routing (address-family l2vpn evpn)                                        |
 | sonic_interconnects.prefixlists                            |           | BGP prefix lists to configure.                                                                                       |
 | sonic_interconnects.remote_as                              |           | The AS of the BGP neighbor.                                                                                          |
 | sonic_interconnects.routemap_in                            |           | Apply an incoming routemap for this BGP session.                                                                     |
 | sonic_interconnects.routemap_out                           |           | Apply an outgoing routemap for this BGP session.                                                                     |
 | sonic_interconnects.vni                                    |           | This BGP session will connect the specified VNI within the CLOS topology with the given peer.                        |
 | sonic_interconnects.vrf                                    |           | Use a dedicated BGP session fenced with an VRF for this connection. Also it declares the virtual network as layer-3. |
+| sonic_mclag                                                |           | MCLAG (Multi-Chassis LAG / VPC) configuration for a switch connecting a machine with a LAG bond interface            |
+| sonic_mclag.system_mac                                     |           | The shared virtual MAC address used for MCLAG connections                                                            |
+| sonic_mclag.peer_ip                                        |           | The IP of the remote switch on the MCLAG peer-link. Corresponds to source_ip.                                        |
+| sonic_mclag.peer_link                                      |           | The PortChannel interface connecting the switch pair.                                                                |
+| sonic_mclag.source_ip                                      |           | The IP of this switch on the MCLAG peer-link. Corresponds to peer_ip.                                                |
+| sonic_mclag.keepalive_vlan                                 |           | The VLAN used for keepalive messages between the MCLAG pair over the peer-link.                                      |
+| sonic_mclag.member_port_channels                           |           | A list of the PortChannel numbers that take part in the MCLAG domain.                                                |
+| sonic_portchannels_default_mtu                             |           | MTU default value for portchannels                                                                                   |
+| sonic_portchannels                                         |           | Configuration for portchannels. These will be up by default.                                                         |
+| sonic_portchannels.number                                  |           | The portchannel number                                                                                               |
+| sonic_portchannels.mtu                                     |           | The MTU of the portchannel. Must match the MTU of the member ports.                                                  |
+| sonic_portchannels.fallback                                |           | Whether to fallback to single port when LAG negotiation fails. Defaults to false in Sonic; does not work with MCLAG. |
+| sonic_portchannels.members                                 |           | The list of the interfaces taking part in the portchannel.                                                           |
+| sonic_sag                                                  |           | Configuration for SAG (Static Anycast Gateway)                                                                       |
+| sonic_sag.mac                                              |           | The virtual MAC used for the SAG address                                                                             |
+| sonic_sag.vlans                                            |           | A list of VLANs that use SAG                                                                                         |
+| sonic_sag.vlans.id                                         |           | The VLAN ID of this VLAN                                                                                             |
+| sonic_sag.vlans.ip                                         |           | The SAG IP of this VLAN                                                                                              |
 | sonic_ssh_sourceranges                                     |           | The source ranges from which the switch should be reachable over SSH on its prod (non-management) addresses          |
 | sonic_extended_cacl.ipv4                                   |           | Iptables ipv4 rules that should be added as extended Control Plane ACLs (Edgecore Sonic specific feature)            |
 | sonic_extended_cacl.ipv6                                   |           | Iptables ipv6 rules that should be added as extended Control Plane ACLs (Edgecore Sonic specific feature)            |

partition/roles/sonic/tasks/main.yaml

@@ -24,6 +24,14 @@
       - sonic_ports_default_mtu
   when: sonic_ports
 
+- name: Check mandatory variables on non-empty sonic_portchannels are set
+  assert:
+    fail_msg: "default configuration is necessary on non-empty sonic_portchannels"
+    quiet: yes
+    that:
+      - sonic_portchannels_default_mtu
+  when: sonic_portchannels
+
 - name: Populate sonic_ports_dict
   set_fact:
     sonic_ports_dict: "{{ sonic_ports_dict|default({}) | combine( {item.name: item} ) }}"

partition/roles/sonic/templates/frr.conf.j2

@@ -37,15 +37,15 @@ router bgp {{ sonic_asn }}
  bgp router-id {{ sonic_loopback_address }}
  bgp bestpath as-path multipath-relax
  neighbor FABRIC peer-group
- neighbor FABRIC remote-as external
+ neighbor FABRIC remote-as {{ i.remote_as | default("external") }}
  neighbor FABRIC timers 1 3
 {% for port in sonic_bgp_ports %}
  neighbor {{ port }} interface peer-group FABRIC
 {% endfor %}
 {% for k, i in sonic_interconnects.items() %}
 {% if i.vrf is not defined %}
  neighbor {{ i.peer_group | default(sonic_interconnects_default_peer_group) }} peer-group
- neighbor {{ i.peer_group | default(sonic_interconnects_default_peer_group) }} remote-as external
+ neighbor {{ i.peer_group | default(sonic_interconnects_default_peer_group) }} remote-as {{ i.remote_as | default("external") }}
  neighbor {{ i.peer_group | default(sonic_interconnects_default_peer_group) }} timers {{ i.bgp_timers | default(sonic_interconnects_default_bgp_timers) }}
  {% if i.bfd_parameters is defined %}
  neighbor {{ i.peer_group }} bfd {{ i.bfd_parameters }}
@@ -94,6 +94,14 @@ router bgp {{ sonic_asn }}
 {% endif %}
   neighbor FABRIC activate
   neighbor FABRIC allowas-in 2
+{% for k, i in sonic_interconnects.items() %}
+{% if i.vrf is not defined %}
+{% if i.peer_group is defined and i.evpn_peer|default(false) %}
+  neighbor {{ i.peer_group }} activate
+  neighbor {{ i.peer_group }} allowas-in 2
+{% endif %}
+{% endif %}
+{% endfor %}
  exit-address-family
 {% endif %}
 {% for k, i in sonic_interconnects.items() %}
@@ -103,7 +111,7 @@ router bgp {{ sonic_asn }} vrf {{ i.vrf }}
  bgp router-id {{ sonic_loopback_address }}
  bgp bestpath as-path multipath-relax
  neighbor {{ i.peer_group | default(sonic_interconnects_default_peer_group) }} peer-group
- neighbor {{ i.peer_group | default(sonic_interconnects_default_peer_group) }} remote-as external
+ neighbor {{ i.peer_group | default(sonic_interconnects_default_peer_group) }} remote-as {{ i.remote_as | default("external") }}
  neighbor {{ i.peer_group | default(sonic_interconnects_default_peer_group) }} timers {{ i.bgp_timers | default(sonic_interconnects_default_bgp_timers) }}
  {% if i.bfd_parameters is defined %}
  neighbor {{ i.peer_group }} bfd {{ i.bfd_parameters }}
@@ -189,4 +197,4 @@ ip route {{ route }}
 {% endif %}
 !
 line vty
-!
+!

partition/roles/sonic/templates/metal.yaml.j2

@@ -30,6 +30,25 @@ LOOPBACK_INTERFACE:
   Loopback0: {}
   Loopback0|{{ sonic_loopback_address }}/32: {}
 
+{% if sonic_mclag is defined and sonic_mclag|length > 0 %}
+MCLAG_DOMAIN:
+  "1":
+    mclag_system_id: "{{ sonic_mclag.system_mac }}"
+    peer_ip: "{{ sonic_mclag.peer_ip }}"
+    peer_link: "{{ sonic_mclag.peer_link }}"
+    source_ip: "{{ sonic_mclag.source_ip }}"
+
+MCLAG_INTERFACE:
+{% for po in sonic_mclag.member_port_channels %}
+  "1|PortChannel{{ po }}":
+    if_type: "PortChannel"
+{% endfor %}
+
+MCLAG_UNIQUE_IP:
+  "Vlan{{ sonic_mclag.keepalive_vlan }}":
+    unique_ip: "enable"
+
+{% endif %}
 {% if sonic_mgmtif_ip is defined %}
 MGMT_INTERFACE:
 {% if sonic_mgmtif_gateway is defined %}
@@ -98,6 +117,45 @@ PORT:
     speed: "{{ running_cfg.speed }}"
     {% endif %}
   {% endfor %}
+{% if sonic_portchannels is defined and sonic_portchannels|length > 0 %}
+
+PORTCHANNEL:
+{% for po in sonic_portchannels %}
+  PortChannel{{ po.number }}:
+    admin_status: "up"
+{% if po.fallback is defined %}
+    fallback: "{{ po.fallback|bool }}"
+{% endif %}
+    fast_rate: "false"
+    lacp_key: "auto"
+    min_links: "1"
+    mix_speed: "false"
+    mtu: "{{ po.mtu|default(sonic_portchannels_default_mtu) }}"
+{% endfor %}
+
+PORTCHANNEL_MEMBER:
+{% for po in sonic_portchannels %}
+{% for member in po.members %}
+  PortChannel{{ po.number }}|{{ member }}:  {}
+{% endfor %}
+{% endfor %}
+{% endif %}
+{% if sonic_sag is defined and sonic_sag|length > 0 %}
+{% if sonic_sag.vlans is defined and sonic_sag.vlans|length > 0 %}
+
+SAG:
+{% for vlan in sonic_sag.vlans %}
+  "Vlan{{ vlan.id }}|IPv4":
+    gwip:
+    - "{{ vlan.ip }}"
+{% endfor %}
+{% endif %}
+
+SAG_GLOBAL:
+  IP:
+    IPv4: "enable"
+    gwmac: "{{ sonic_sag.mac }}"
+{% endif %}
 {% if sonic_vlans is defined and sonic_vlans|length > 0 %}
 
 VLAN:
@@ -159,6 +217,8 @@ VXLAN_TUNNEL_MAP:
 {% if sonic_interconnects is defined and sonic_interconnects|length > 0 %}
 
 VRF:
+{% endif %}
+{% if sonic_interconnects is defined and sonic_interconnects|length > 0 %}
 {% for k, i in sonic_interconnects.items() %}
   {% if i.vrf is defined %}
   {% if i.vni is defined %}

partition/roles/sonic/test/data/exit/frr.conf

@@ -57,7 +57,7 @@ router bgp 4200000000 vrf VrfMpls
  bgp router-id 10.0.0.1
  bgp bestpath as-path multipath-relax
  neighbor MPLS peer-group
- neighbor MPLS remote-as external
+ neighbor MPLS remote-as 65000
  neighbor MPLS timers 1 3
  neighbor 10.0.0.3 peer-group MPLS
  neighbor 10.0.0.3 password test

partition/roles/sonic/test/data/l2_leaf/frr.conf

@@ -0,0 +1,65 @@
+frr defaults datacenter
+hostname l2leaf01
+!
+service integrated-vtysh-config
+!
+log syslog informational
+!
+vrf Vrf46
+ vni 46
+exit-vrf
+!
+interface Ethernet120
+ ipv6 nd ra-interval 6
+ no ipv6 nd suppress-ra
+!
+interface Ethernet124
+ ipv6 nd ra-interval 6
+ no ipv6 nd suppress-ra
+!
+router bgp 4200000000
+ bgp router-id 10.0.0.1
+ bgp bestpath as-path multipath-relax
+ neighbor FABRIC peer-group
+ neighbor FABRIC remote-as external
+ neighbor FABRIC timers 1 3
+ neighbor Ethernet120 interface peer-group FABRIC
+ neighbor Ethernet124 interface peer-group FABRIC
+ neighbor XCONNECT peer-group
+ neighbor XCONNECT remote-as 4200000000
+ neighbor XCONNECT timers 1 3
+ neighbor 192.168.255.2 peer-group XCONNECT
+ !
+ address-family ipv4 unicast
+  redistribute connected route-map LOOPBACKS
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  advertise-all-vni
+  neighbor FABRIC activate
+  neighbor FABRIC allowas-in 2
+  neighbor XCONNECT activate
+  neighbor XCONNECT allowas-in 2
+ exit-address-family
+!
+router bgp 4200000000 vrf Vrf46
+ bgp router-id 10.0.0.1
+ bgp bestpath as-path multipath-relax
+ neighbor EXTERNAL peer-group
+ neighbor EXTERNAL remote-as external
+ neighbor EXTERNAL timers 1 3
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  neighbor EXTERNAL remove-private-AS all
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  advertise ipv4 unicast
+ exit-address-family
+!
+route-map LOOPBACKS permit 10
+  match interface Loopback0
+!
+line vty
+!