You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Site public ASN that should be used for external bgp peer configuration.
[2]
rohAsn
nil
ASN for ROH (Routing on the Host) compute instances, should be unique within the scope of a site, can be same for different sites.
[3]
vmAsn
nil
ASN for ROH (Routing on the Host) virtual compute instances, should be unique within the scope of a site, can be same for different sites.
[4]
rohRoutingProfile
""
ROH Routing profile defines set of routing prefixes to be advertised to ROH instances. Possible values: default, default_agg, full. Default route only - Will advertise 0.0.0.0/0 + loopback address of physically connected switch. Default + Aggregate - Will add prefixes of defined subnets + "Default" profile. Full - Will advertise all prefixes available in the routing table of the connected switch.
[5]
siteMesh
""
Site to site VPN mode. Possible values: disabled, hub, spoke, dynamicSpoke.
[6]
aclDefaultPolicy
""
Possible values: permit or deny. Deny - Layer-3 packet forwarding is denied by default. ACLs are required to permit necessary traffic flows. Deny ACLs will be applied before Permit ACLs. Permit - Layer-3 packet forwarding is allowed by default. ACLs are required to deny unwanted traffic flows. Permit ACLs will be applied before Deny ACLs.
Users of this tenant will be permitted to edit this unit.
[2]
description
""
Optional. Switch description.
[3]
nos
""
Switch OS. Possible values: cumulus_linux, sonic, ubuntu_switch_dev.
[4]
site
""
The site where this device belongs.
[5]
asn
automatically
Optional. Switch AS numbers. If asn key isn't set, the controller will assign automatically from System ASN range.
[6]
profile
""
Optional. An inventory profile name to define global configuration (NTP, DNS, timezone, etc…).
[7]
mainIp
automatically
Optional. A unique IP address which will be used as a loopback address of this unit. If mainIp key isn't set the controller will assign automatically from subnets with relevant purpose.
[8]
mgmtIp
automatically
Optional. A unique IP address to be used on out of band management interface. If mgmtIp key isn't set the controller will assign automatically from subnets with relevant purpose.
[9]
portsCount
nil
Preliminary port count is used for definition of topology. Possible values: 16, 32, 48, 54, 56.
Users of this tenant will be permitted to edit this unit.
[2]
description
""
Optional. Softgate description.
[3]
site
""
The site where this device belongs.
[4]
profile
""
Optional. An inventory profile name to define global configuration (NTP, DNS, timezone, etc…).
[5]
mainIp
automatically
Optional. A unique IP address which will be used as a loopback address of this unit. If mainIp key isn't set the controller will assign automatically from subnets with relevant purpose.
[6]
mgmtIp
automatically
Optional. A unique IP address to be used on out of band management interface. If mgmtIp key isn't set the controller will assign automatically from subnets with relevant purpose.
Users of this tenant will be permitted to edit this unit.
[2]
description
""
Optional. Controller description.
[3]
site
""
The site where this controller belongs.
[4]
mainIp
automatically
Optional. A unique IP address which will be used as a loopback address of this unit. If mainIp key isn't set the controller will assign automatically from subnets with relevant purpose.
Users with permission to owner tenant can manage parameters of the V-Net as well as add/edit/remove ports assigned to any of tenants where user has permission.
[2]
guestTenants
[]
List of tenants allowed to add/edit/remove ports to the V-Net but not allowed to manage other parameters of the circuit.
[3]
state
active
V-Net state. Allowed values: active or disable.
[4]
sites
[]
List of sites. Ports from these sites will be allowed to participate to the V-Net. Multi-site circuits are possible for sites connected through a backbone port.
[5]
sites[n].name
""
Site's name.
[6]
sites[n].gateways
[]
List of gateways. Selected address will be serving as anycast default gateway for selected subnet. In case of multi-site V-Net, multi-site subnet should be configured under Subnets section.
[7]
sites[n].switchPorts
[]
List of switchPorts.
[8]
sites[n].switchPorts[n].name
""
SwitchPorts name.
[9]
sites[n].switchPorts[n].vlanId
nil
VLAN tag for current port. If vlanid is not set - means port untagged
Defines hardware for Layer-3 and BGP session termination. Ignoring when transport.type == vnet
[3]
neighborAs
0
BGP neighbor AS number
[4]
transport
{}
Physical port where BGP neighbor cable is connected or an existing V-Net service
[5]
transport.type
port
Possible values: port or vnet
[6]
transport.name
""
Possible values: portName@switchName or vnetName
[7]
transport.vlanId
nil
Ignoring when transport.type == vnet
[8]
localIP
""
BGP session local ip
[9]
remoteIP
""
BGP session remote ip
[10]
description
""
BGP session description
[11]
state
enabled
Possible values: enabled or disabled; enabled - initiating and waiting for BGP connections, disabled - disable Layer-2 tunnel and Layer-3 address.
[12]
multihop
{}
Multihop BGP session configurations
[13]
multihop.neighborAddress
""
-
[14]
multihop.updateSource
""
-
[15]
multihop.hops
0
-
[16]
bgpPassword
""
BGP session password
[17]
allowAsIn
0
Optionally allow number of occurrences of the own AS number in received prefix AS-path.
[18]
defaultOriginate
false
Originate default route to current neighbor.
[19]
prefixInboundMax
0
BGP session will be terminated if neighbor advertises more prefixes than defined.
[20]
inboundRouteMap
""
Reference to route-map resource.
[21]
outboundRouteMap
""
Reference to route-map resource.
[22]
localPreference
100
-
[23]
weight
0
-
[24]
prependInbound
0
Number of times to prepend self AS to as-path of received prefix advertisements.
[25]
prependOutbound
0
Number of times to prepend self AS to as-path being advertised to neighbors.
[26]
prefixListInbound
[]
-
[27]
prefixListOutbound
[]
Define outbound prefix list, if not defined autogenerated prefix list will apply which will permit defined allocations and assignments, and will deny all private addresses.
[28]
sendBGPCommunity
[]
Send BGP Community Unconditionally advertise defined list of BGP communities towards BGP neighbor. Format: AA:NN Community number in AA:NN format (where AA and NN are (0-65535)) or local-AS
Rule action. Possible values: dnat, snat, accept_snat, masquerade.
[5]
protocol
""
Possible values: all, tcp, udp, icmp.
[6]
srcAddress
""
Match traffic sourced from this subnet.
[7]
srcPort
""
Match traffic sourced from this port. Ignoring when protocol == all or icmp
[8]
dstAddress
""
Match traffic destined to this subnet.
[9]
dstPort
""
Match traffic destined to this port. Ignoring when protocol == all or icmp
[10]
dnatToIp
""
The internal IP address to which external hosts will gain access as a result of a DNAT translation. Only when action == dnat
[11]
dnatToPort
nil
The internal port to which external port will gain access as a result of a DNAT translation. Only when action == dnat
[12]
snatToIp
""
Replace the original address with the specified one. Only when action == snat
[13]
snatToPool
""
Replace the original address with the pool of ip addresses. Only when action == snat
Annotations
Annotation keys and values can only be strings. Other types, such as boolean or numeric values must be quoted, i.e. "true", "false", "100".
Name
Default
Values
Description
resource.k8s.netris.ai/import
"false"
"true" or "false"
Allow importing existing resources.
resource.k8s.netris.ai/reclaimPolicy
"delete"
"retain" or "delete"
Resources reclaim policy.
Calico Integration
Calico nodes exchange routing information over BGP to enable reachability for Calico networked workloads. Netris can also integrate with your Calico CNI. It will create BGP peers with your cluster's nodes, then will disable Calico Node to Node mesh. For more details, get familiar with calico docs.
Add this annotation to enable Netris-Calico Integration.