diff options
| author | Ole Mathias Heggem <olemathias.aa.heggem@gmail.com> | 2023-04-26 23:03:11 +0200 |
|---|---|---|
| committer | Ole Mathias Heggem <olemathias.aa.heggem@gmail.com> | 2023-04-26 23:03:11 +0200 |
| commit | d5b0d60c5362d03de2968864cd81e0f82b3a95d0 (patch) | |
| tree | 444d6daecbfaaf25134f4b3ec7b4c4080ff25fdc | |
| parent | 04862e4eebba26c6d90685fa63051d1f3cc81234 (diff) | |
TG23 Templates 🔥
19 files changed, 4617 insertions, 0 deletions
diff --git a/examples/tg23/templates/README.md b/examples/tg23/templates/README.md new file mode 100644 index 0000000..0615f52 --- /dev/null +++ b/examples/tg23/templates/README.md @@ -0,0 +1,4 @@ +# Tech Templates +The jira2 templates used to generate all network config for TG23 + +Check out [https://github.com/gathering/templating/](https://github.com/gathering/templating/) for how to use the templates
\ No newline at end of file diff --git a/examples/tg23/templates/ae-event-lol.conf b/examples/tg23/templates/ae-event-lol.conf new file mode 100644 index 0000000..0a35942 --- /dev/null +++ b/examples/tg23/templates/ae-event-lol.conf @@ -0,0 +1,9 @@ +{% set switch_name = options["switch"] %} +{% import "vars.conf" as v with context %} + +{% for ae_name, if_state in v.states[switch_name].ifs.items() if 'ae' in ae_name %} + {% if if_state.live and ae_name != "ae0" %} +activate interfaces ge-0/0/{{ ae_name[2:] | int - 100 }} ether-options +deactivate interfaces ge-0/0/{{ ae_name[2:] | int - 100 }} unit 0 + {% endif %} +{% endfor %} diff --git a/examples/tg23/templates/core-dynamic-networks.conf b/examples/tg23/templates/core-dynamic-networks.conf new file mode 100644 index 0000000..2f06e7b --- /dev/null +++ b/examples/tg23/templates/core-dynamic-networks.conf @@ -0,0 +1,160 @@ +{%- set floor_distros = [ + 'd1.floor', + 'd2.floor', + 'd3.floor', + 'd4.floor', + 'd5.floor', + 'd6.floor', + ] +%} + +{% set ae10_networks = [] %} {# networks via roof #} +{% set ae11_networks = [] %} {# networks via ring #} + +{% for key, switchname in v.tree['d1.ring'].items() %} +{# some switches might not have networks. For instance wifi or "utskutt-distro" #} + {% if switchname in v.distro_networks %} + {% do ae11_networks.append(v.distro_networks[switchname]) %} + {% endif %} + {% if "distro-utskutt" in objects["public/switches"].switches[switchname].tags %} + {% if switchname in v.tree %} + {% for key, switchname2 in v.tree[switchname].items() %} + {% do ae11_networks.append(v.distro_networks[switchname2]) %} + {% endfor %} + {% endif %} + {% endif %} +{% endfor %} + + +{% for distro in floor_distros %} + {% if v.tree[distro] %} + {% for key, switchname in v.tree[distro].items() %} + {% do ae10_networks.append(v.distro_networks[switchname]) %} + {% endfor %} + {% endif %} +{% endfor %} + + +{# NAT stuff gulvet #} +routing-instances { + NAT-LAN { +{% for distro in floor_distros %} + {% if v.tree[distro] %} + {% for key, switchname in v.tree[distro].items() %} + {% if "nat" in objects["public/switches"].switches[switchname].tags %} + {% set network = v.distro_networks[switchname] %} + interface ae10.{{ network.vlan }}; + {% endif %} + {% endfor %} + {% endif %} +{% endfor %} + +{# NAT stuff ringen #} +{% if v.tree['d1.ring'] %} + {% for key, switchname in v.tree['d1.ring'].items() %} + {% set network = v.distro_networks[switchname] %} + {% if "nat" in objects["public/switches"].switches[switchname].tags %} + interface ae11.{{ network.vlan }}; + {% endif %} + {% endfor %} +{% endif %} + } +} +{# Roof / Floor stuff #} +interfaces { + ae10 { + {% for network in ae10_networks %} + unit {{ network.vlan }} { + description "C: {{ network.name }} - VLAN {{ network.vlan }}"; + no-traps; + vlan-tags outer {{ network.vlan }}; + family inet { + no-redirects; + address {{ network.gw4 }}/{{ network.subnet4|cidr }}; + } + family inet6 { + address {{ network.gw6 }}/{{ network.subnet6|cidr }}; + } + } + {% endfor %} + } +} + +protocols { + router-advertisement { + {% for network in ae10_networks %} + interface ae10.{{ network.vlan }} { + max-advertisement-interval 30; + managed-configuration; + other-stateful-configuration; + } + {% endfor %} + } +} + +forwarding-options { + dhcp-relay { + dhcpv6 { + group all-networks { + {% for network in ae10_networks %} + interface ae10.{{ network.vlan }}; + {% endfor %} + } + } + group all-networks { + {% for network in ae10_networks %} + interface ae10.{{ network.vlan }}; + {% endfor %} + } + } +} + +{# Ring stuff #} +{% if v.tree['d1.ring'] %} +interfaces { + ae11 { + {% for network in ae11_networks %} + unit {{ network.vlan }} { + description "C: {{ network.name }} - VLAN {{ network.vlan }}"; + no-traps; + vlan-tags outer {{ network.vlan }}; + family inet { + no-redirects; + address {{ network.gw4 }}/{{ network.subnet4|cidr }}; + } + family inet6 { + address {{ network.gw6 }}/{{ network.subnet6|cidr }}; + } + } + {% endfor %} + } +} +protocols { + router-advertisement { + {% for network in ae11_networks %} + interface ae11.{{ network.vlan }} { + max-advertisement-interval 30; + managed-configuration; + other-stateful-configuration; + } + {% endfor %} + } +} + +forwarding-options { + dhcp-relay { + dhcpv6 { + group all-networks { + {% for network in ae11_networks %} + interface ae11.{{ network.vlan }}; + {% endfor %} + } + } + group all-networks { + {% for network in ae11_networks %} + interface ae11.{{ network.vlan }}; + {% endfor %} + } + } +} +{% endif %} diff --git a/examples/tg23/templates/core-routing.conf b/examples/tg23/templates/core-routing.conf new file mode 100644 index 0000000..05895c5 --- /dev/null +++ b/examples/tg23/templates/core-routing.conf @@ -0,0 +1,253 @@ +routing-instances { + NAT-LAN { + forwarding-options { + dhcp-relay { + dhcpv6 { + overrides { + allow-snooped-clients; + } + group all-networks { + active-server-group v6-dhcp; + route-suppression access-internal; + interface ae999.30; + {% for distro in floor_distros %} + {% if v.tree[distro] %} + {% for key, switchname in v.tree[distro].items() %} + {% if "nat" in objects["public/switches"].switches[switchname].tags %} + {% set network = v.distro_networks[switchname] %} + interface ae10.{{ network.vlan }}; + {% endif %} + {% endfor %} + {% endif %} + {% endfor %} + + {# NAT stuff ringen #} + {% if v.tree['d1.ring'] %} + {% for key, switchname in v.tree['d1.ring'].items() %} + {% set network = v.distro_networks[switchname] %} + {% if "nat" in objects["public/switches"].switches[switchname].tags %} + interface ae11.{{ network.vlan }}; + {% endif %} + {% endfor %} + {% endif %} + + } + server-group { + v6-dhcp { + 2a06:5841:f:d::98; + } + } + } + server-group { + v4-dhcp { + 185.110.148.98; + } + } + group all-networks { + active-server-group v4-dhcp; + overrides { + allow-snooped-clients; + trust-option-82; + } + route-suppression { + access-internal; + } + interface ae999.30; + {% for distro in floor_distros %} + {% if v.tree[distro] %} + {% for key, switchname in v.tree[distro].items() %} + {% if "nat" in objects["public/switches"].switches[switchname].tags %} + {% set network = v.distro_networks[switchname] %} + interface ae10.{{ network.vlan }}; + {% endif %} + {% endfor %} + {% endif %} + {% endfor %} + + {# NAT stuff ringen #} + {% if v.tree['d1.ring'] %} + {% for key, switchname in v.tree['d1.ring'].items() %} + {% set network = v.distro_networks[switchname] %} + {% if "nat" in objects["public/switches"].switches[switchname].tags %} + interface ae11.{{ network.vlan }}; + {% endif %} + {% endfor %} + {% endif %} + } + } + } + protocols { + ospf3 { + realm ipv4-unicast { + area 0.0.0.0 { + /* natfw1 zone: NAT-LAN */ + interface ae999.30; + } + reference-bandwidth 1000g; + export v4-from-direct-to-ospf; + import v4-only-default-from-ospf; + } + area 0.0.0.0 { + /* natfw1 zone: NAT-LAN */ + interface ae999.30; + } + reference-bandwidth 1000g; + export v6-from-direct-to-ospf + import v6-only-default-from-ospf; + } + } + instance-type virtual-router; + + /* natfw1 zone: NAT-LAN */ + interface ae999.30; + + /* Test interface */ + interface lo0.2; + } + NAT-WIFI { + forwarding-options { + dhcp-relay { + dhcpv6 { + overrides { + allow-snooped-clients; + } + group all-networks { + active-server-group v6-dhcp; + route-suppression access-internal; + interface irb.778; + } + server-group { + v6-dhcp { + 2a06:5841:f:d::98; + } + } + } + server-group { + v4-dhcp { + 185.110.148.98; + } + } + group all-networks { + active-server-group v4-dhcp; + overrides { + allow-snooped-clients; + trust-option-82; + } + route-suppression { + access-internal; + } + interface ae999.20; + interface irb.778; + } + } + } + protocols { + ospf3 { + realm ipv4-unicast { + area 0.0.0.0 { + interface ae999.20; + } + reference-bandwidth 1000g; + import v4-only-default-from-ospf; + export v4-from-direct-to-ospf; + } + area 0.0.0.0 { + /* natfw1 zone: NAT-WIFI */ + interface ae999.20; + } + reference-bandwidth 1000g; + import v6-only-default-from-ospf; + export v6-from-direct-to-ospf; + } + } + instance-type virtual-router; + + /* natfw1 zone: NAT-WIFI */ + interface ae999.20; + + /* s1.tele mgmt and lab (static-ip) */ + interface ae11.20; + + /* Test interface */ + interface lo0.1; + + /* All wifi clients for SSID The Gathering */ + interface irb.778; + } +} + +routing-options { + nonstop-routing; + rib inet6.0 { + static { + route 2a06:5840::/29 { + discard; + no-install; + } + } + } + rib inet.0 { + static { + /* NAT POOL */ + route 185.110.150.0/24 next-hop 185.110.148.163; + + /* vpn.tg23.gathering.org */ + route 151.216.255.0/24 next-hop 185.110.148.110; + + /* Telenor */ + route 88.92.0.0/17 { + discard; + no-install; + } + /* RIPE */ + route 151.216.128.0/17 { + discard; + no-install; + } + /* KANDU */ + route 185.110.148.0/22 { + discard; + no-install; + } + } + } + router-id 185.110.148.0; + autonomous-system 21067; +} + +protocols { + ospf3 { + realm ipv4-unicast { + area 0.0.0.0 { + /* natfw1 zone: inet */ + interface ae999.10; + /* stand */ + interface ae12.0; + } + reference-bandwidth 1000g; + export [ static-to-ospf direct-to-ospf v4-default-from-bgp ]; + } + area 0.0.0.0 { + /* natfw1 zone: inet */ + interface ae999.10; + /* stand */ + interface ae12.0; + } + export [ static-to-ospf direct-to-ospf v6-default-from-bgp ]; + reference-bandwidth 1000g; + } + bgp { + group telenor { + authentication-key "<removed>"; ## SECRET-DATA + peer-as 2119; + neighbor 193.212.22.1 { + import telenor-in-v4; + export telenor-out-v4; + } + neighbor 2001:4600:9:300::291 { + import telenor-in-v6; + export telenor-out-v6; + } + } + } +} diff --git a/examples/tg23/templates/core.conf b/examples/tg23/templates/core.conf new file mode 100644 index 0000000..4c8ee54 --- /dev/null +++ b/examples/tg23/templates/core.conf @@ -0,0 +1,853 @@ +{# Query parameters: ?switch=e1-1 #} +{%- if options["switch"] %} +{%- set switch_name = options["switch"] %} +{%- import "vars.conf" as v with context %} + +{% include "core-dynamic-networks.conf" %} + +{% include "core-routing.conf" %} + +{% include "global.conf" %} + +chassis { + redundancy { + graceful-switchover; + routing-engine 0 master; + routing-engine 1 backup; + failover { + on-loss-of-keepalives; + on-disk-failure; + } + } + fpc 2 { + pic 0 { + pic-mode 10G; + } + pic 1 { + pic-mode 10G; + } + } + fpc 3 { + pic 0 { + pic-mode 10G; + } + pic 1 { + pic-mode 10G; + } + } + fpc 4 { + pic 0 { + pic-mode 40G; + } + pic 1 { + pic-mode 100G; + } + } + fpc 5 { + pic 0 { + pic-mode 40G; + } + pic 1 { + pic-mode 100G; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + network-services enhanced-ip; +} + +{# Static interfaces #} +interfaces { + lo0 { + description "B: loopback interface"; + unit 0 { + description "B: Loopback global routing table"; + family inet { + address 185.110.148.0/32; + } + family inet6 { + address 2a06:5841:f:a::/128; + } + } + unit 1 { + description "B: Loopback NAT-WIFI routing instance"; + family inet { + address 192.168.0.0/32; + } + family inet6 { + address 2a06:5841:f:e:b00b::/128; + } + } + unit 2 { + description "B: Loopback NAT-LAN routing instance"; + family inet { + address 192.168.0.1/32; + } + family inet6 { + address 2a06:5841:f:e:d00d::/128; + } + } + + } + xe-2/0/0 { + description "G: Telenor #1 (ae0)"; + gigether-options { + 802.3ad ae0; + } + } + xe-3/0/0 { + description "G: Telenor #2 (ae0)"; + gigether-options { + 802.3ad ae0; + } + } + xe-2/0/1 { + description "G: Telenor #3 (ae0)"; + gigether-options { + 802.3ad ae0; + } + } + xe-3/0/1 { + description "G: Telenor #4 (ae0)"; + gigether-options { + 802.3ad ae0; + } + } + xe-2/0/2 { + description "G: Telenor #5 (ae0)"; + gigether-options { + 802.3ad ae0; + } + } + xe-2/0/5 { + description "G: bamsemums #1 (ae2)"; + gigether-options { + 802.3ad ae2; + } + } + xe-3/0/5 { + description "G: bamsemums #2 (ae2)"; + gigether-options { + 802.3ad ae2; + } + } + xe-2/0/6 { + description "G: bamsemums #3 (ae2)"; + gigether-options { + 802.3ad ae2; + } + } + xe-3/0/6 { + description "G: bamsemums #4 (ae2)"; + gigether-options { + 802.3ad ae2; + } + } + + xe-2/0/7 { + description "C: krokodille (storage) (ae3)"; + gigether-options { + 802.3ad ae3; + } + } + + xe-2/0/8 { + description "C: krokodille (storage) (ae3)"; + gigether-options { + 802.3ad ae3; + } + } + + xe-3/0/7 { + description "C: krokodille (storage) (ae3)"; + gigether-options { + 802.3ad ae3; + } + } + + xe-3/0/8 { + description "C: krokodille (storage) (ae3)"; + gigether-options { + 802.3ad ae3; + } + } + + et-4/0/2 { + description "G: r1.stand et-0/0/48 (ae12)"; + gigether-options { + 802.3ad ae12; + } + } + et-5/0/2 { + description "G: r1.stand et-1/0/48 (ae12)"; + gigether-options { + 802.3ad ae12; + } + } + et-4/0/0 { + description "G: d1.roof et-0/0/48 (ae10)"; + gigether-options { + 802.3ad ae10; + } + } + et-5/0/0 { + description "G: d1.roof et-1/0/48 (ae10)"; + gigether-options { + 802.3ad ae10; + } + } + et-4/0/1 { + description "G: d1.ring et-4/0/24 (4/noc) (ae11)"; + gigether-options { + 802.3ad ae11; + } + } + et-5/0/1 { + description "G: d1.ring et-5/1/0 (5/tele) (ae11)"; + gigether-options { + 802.3ad ae11; + } + } + et-4/0/3 { + description "G: natfw1.tele <et-1/0/0> (ae999) - node0"; + gigether-options { + 802.3ad { + ae999; + primary; + } + } + } + et-4/1/2 { + description "C: dumle eth1 port mirror"; + } + + et-5/0/3 { + description "G: natfw1.tele <et-8/0/0> (ae999) - node1"; + gigether-options { + 802.3ad { + ae999; + backup; + } + } + } + ae0 { + description "P: Telenor - AS2119 - (Telenor rtr: ti0010a400)"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + filter { + input internet-ingress-v4; + output internet-egress-v4; + } + address 193.212.22.2/30; + } + family inet6 { + filter { + input internet-ingress-v6; + output internet-egress-v6; + } + address 2001:4600:9:300::292/126; + } + } + } + ae2 { + description "C: bamsemums bond0"; + flexible-vlan-tagging; + encapsulation flexible-ethernet-services; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 100 { + description "C: bamsemums vm-host" + vlan-tags outer 100; + family inet { + address 185.110.148.32/31; + } + family inet6 { + address 2a06:5841:f:b::0/127 + } + } + unit 101 { + description "C: bamsemums tech-vms"; + vlan-tags outer 101; + family inet { + address 185.110.148.97/27; + } + family inet6 { + address 2a06:5841:f:d::1/64; + } + } + unit 102 { + description "C: bamsemums vms"; + vlan-tags outer 102; + family inet { + address 151.216.248.1/25; + } + family inet6 { + address 2a06:5841:100::1/64; + } + } + } + + ae3 { + description "C: krokodille (storage) bond0"; + flexible-vlan-tagging; + encapsulation flexible-ethernet-services; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 100 { + description "C: krokodille vm-host"; + vlan-tags outer 100; + family inet { + address 185.110.148.34/31; + } + family inet6 { + address 2a06:5841:f:b::2/127; + } + } + unit 101 { + description "C: krokodille vms"; + vlan-tags outer 101; + family inet { + address 151.216.248.129/28; + } + family inet6 { + address 2a06:5841:100:2::1/64; + } + } + } + + ae10 { + description "B: d1.roof ae20"; + flexible-vlan-tagging; + encapsulation flexible-ethernet-services; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 666 { + description "B: d1.roof edge mgmt"; + vlan-tags outer 666; + family inet { + address 151.216.130.1/24; + } + family inet6 { + address 2a06:5841:f:10::1/64; + } + } + unit 667 { + description "B: d1.roof distro mgmt"; + vlan-tags outer 667; + family inet { + address 185.110.148.17/28; + } + family inet6 { + address 2a06:5841:f:11::1/64; + } + } + unit 777 { + description "B: d1.roof AP mgmt"; + encapsulation vlan-bridge; + vlan-id 777; + } + unit 778 { + description "C: d1.roof wifi clients"; + encapsulation vlan-bridge; + vlan-id 778; + } + } + ae11 { + description "B: d1.ring ae0"; + flexible-vlan-tagging; + encapsulation flexible-ethernet-services; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 10 { + description "C: southcam - VLAN 10 (static-ip)"; + vlan-tags outer 10; + family inet { + address 192.168.0.9/30; + } + } + unit 11 { + description "C: tele-ipmi - VLAN 11 (static-ip)"; + vlan-tags outer 11; + family inet { + address 185.110.148.41/29; + } + family inet6 { + address 2a06:5841:f:f::1/64; + } + } + unit 20 { + description "C:s1.tele mgmt and lab (static-ip)"; + vlan-id 20; + family inet { + address 185.110.148.177/28; + } + family inet6 { + address 2a06:5841:f:1336::1/64; + } + } + unit 666 { + description "B: d1.ring edge mgmt"; + vlan-tags outer 666; + family inet { + address 151.216.131.1/25; + } + family inet6 { + address 2a06:5841:f:20::1/64; + } + } + unit 667 { + description "B: d1.ring distro mgmt"; + vlan-tags outer 667; + family inet { + address 185.110.148.9/29; + } + family inet6 { + address 2a06:5841:f:21::1/64; + } + } + unit 777 { + description "B: d1.ring AP mgmt"; + encapsulation vlan-bridge; + vlan-id 777; + } + unit 778 { + description "C: d1.ring wifi clients"; + encapsulation vlan-bridge; + vlan-id 778; + } + } + ae12 { + description "B: r1.stand ae0"; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 0 { + family inet { + address 185.110.148.160/31; + } + family inet6 { + address 2a06:5841:f:100::1/64; + } + } + } + ae999 { + description "B: natfw1.tele reth0"; + vlan-tagging; + aggregated-ether-options { + link-protection; + } + unit 10 { + description OUTSIDE/INET; + vlan-id 10; + family inet { + address 185.110.148.162/31; + } + family inet6 { + address 2a06:5841:f:101::/127; + } + } + unit 20 { + description NAT-WIFI; + vlan-id 20; + family inet { + address 185.110.148.164/31; + } + family inet6 { + address 2a06:5841:f:101::2/127; + } + } + unit 30 { + description NAT-LAN; + vlan-id 30; + family inet { + address 185.110.148.166/31; + } + family inet6 { + address 2a06:5841:f:101::4/127; + } + } + } + irb { + unit 777 { + description "B: wifi AP mgmt"; + family inet { + address 151.216.131.129/25; + } + family inet6 { + address 2a06:5841:f:12::1/64; + } + } + unit 778 { + description "B: wifi clients"; + family inet { + address 151.216.144.1/20; + } + family inet6 { + address 2a06:5841:6e::1/64; + } + } + } +} + +bridge-domains { + BD-WIFI-MGMT { + domain-type bridge; + vlan-id 777; + interface ae10.777; + interface ae11.777; + routing-interface irb.777; + } + BD-WIFI-NAT { + domain-type bridge; + vlan-id 778; + interface ae10.778; + interface ae11.778; + routing-interface irb.778; + } +} + + +{# Static forwarding options for mgmt #} +forwarding-options { + storm-control-profiles default { + all; + } + dhcp-relay { + dhcpv6 { + overrides { + allow-snooped-clients; + } + group all-networks { + active-server-group v6-dhcp; + route-suppression access-internal; + interface irb.777; + interface irb.778; + interface ae2.102; + interface ae10.666; + interface ae10.667; + interface ae11.666; + interface ae11.667; + interface ae999.10; + } + server-group { + v6-dhcp { + 2a06:5841:f:d::98; + } + } + } + server-group { + v4-dhcp { + 185.110.148.98; + } + } + group all-networks { + active-server-group v4-dhcp; + overrides { + allow-snooped-clients; + trust-option-82; + } + route-suppression { + access-internal; + } + interface irb.777; + interface irb.778; + interface ae2.102; + interface ae10.666; + interface ae10.667; + interface ae11.666; + interface ae11.667; + interface ae999.10; + } + } + analyzer { + INTERNETSPAM { + input { + ingress { + interface ae0.0; + } + egress { + interface ae0.0; + } + } + output { + interface et-4/1/2.0; + } + } + } +} + +protocols { + lldp { + port-id-subtype interface-name; + port-description-type interface-description; + interface all; + } + layer2-control { + nonstop-bridging; + } + router-advertisement{ + interface irb.777 { + max-advertisement-interval 30; + managed-configuration; + other-stateful-configuration; + } + interface irb.778 { + max-advertisement-interval 30; + managed-configuration; + other-stateful-configuration; + } + } + sflow { + agent-id 185.110.148.0 inet6 2a06:5841:f:a::; + sample-rate { + ingress 1; + egress 1; + } + collector 185.110.148.137; + interfaces all-ports; + } +} + +policy-options { + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement telenor-in-v4 { + term accept-default { + from { + route-filter 0.0.0.0/0 exact; + } + then accept; + } + term reject-all { + then reject; + } + } + policy-statement telenor-in-v6 { + term accept-default { + from { + route-filter ::/0 exact; + } + then accept; + } + term reject-all { + then reject; + } + } + policy-statement telenor-out-v4 { + term accept-our-routes { + from { + route-filter 88.92.0.0/17 exact; + route-filter 151.216.128.0/17 exact; + route-filter 194.143.120.0/21 upto /24; + route-filter 185.110.148.0/22 upto /24; + } + then accept; + } + term reject-all { + then reject; + } + } + policy-statement telenor-out-v6 { + term accept-our-routes { + from { + route-filter 2a06:5840::/29 exact; + } + then accept; + } + term reject-all { + then reject; + } + } + policy-statement v4-default-from-bgp { + from { + protocol bgp; + route-filter 0.0.0.0/0 exact; + } + then accept; + } + policy-statement v6-default-from-bgp { + from { + protocol bgp; + route-filter ::0/0 exact; + } + then accept; + } + policy-statement v4-from-direct-to-ospf { + from protocol direct; + then accept; + } + policy-statement v4-only-default-from-ospf { + term FROM-OSPF { + from { + protocol ospf; + route-filter 0.0.0.0/0 exact; + } + then accept; + } + then reject; + } + policy-statement v6-from-direct-to-ospf { + from protocol direct; + then accept; + } + policy-statement v6-only-default-from-ospf { + term FROM-OSPF { + from { + protocol ospf; + route-filter ::0/0 exact; + } + then accept; + } + then reject; + } +} +firewall { + family inet { + filter internet-ingress-v4 { + interface-specific; + term count-our { + from { + source-address { + 88.92.0.0/17; + 185.110.148.0/22; + 151.216.128.0/17; + } + } + then { + count count-our; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter internet-egress-v4 { + interface-specific; + term accept-all { + then { + count accept-all; + accept; + } + } + } + } + family inet6 { + filter internet-ingress-v6 { + interface-specific; + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter internet-egress-v6 { + interface-specific; + term accept-all { + then { + count accept-all; + accept; + } + } + } + } +} + +services { + analytics { + streaming-server graph.lasse.cloud { + remote-address 195.47.216.71; + remote-port 30001; + } + /* Jonas L test VM */ + streaming-server vm-ovemy.tg23.gathering.org { + remote-address 151.216.249.31; + remote-port 30002; + } + streaming-server gondul.tg23.gathering.org { + remote-address 185.110.148.105; + remote-port 5015; + } + export-profile export_often { + local-address 185.110.148.0; + local-port 20002; + reporting-rate 10; + format gpb; + transport udp; + } + export-profile JONAS-TEST { + local-address 185.110.148.0; + local-port 20000; + reporting-rate 1; + format gpb; + transport udp; + } + sensor junos_system_linecard_interface_traffic { + server-name [ graph.lasse.cloud vm-ovemy.tg23.gathering.org gondul.tg23.gathering.org ]; + export-name export_often; + resource /junos/system/linecard/interface/traffic/; + } + sensor junos_system_linecard_logical { + server-name graph.lasse.cloud; + export-name export_often; + resource /junos/system/linecard/interface/logical/usage/; + } + sensor DDOS { + server-name vm-ovemy.tg23.gathering.org; + export-name JONAS-TEST; + resource /junos/system/linecard/ddos/; + } + } +} + +{% else %} +Unsupported option. Please use +"?switch=switch_name" +{% endif %} diff --git a/examples/tg23/templates/dist-roof.conf b/examples/tg23/templates/dist-roof.conf new file mode 100644 index 0000000..eeba5d0 --- /dev/null +++ b/examples/tg23/templates/dist-roof.conf @@ -0,0 +1,113 @@ +{# Query parameters: ?switch=e1-1 #} +{% set switch_name = options["switch"] %} +{% import "vars.conf" as v with context %} +{% include "global.conf" %} + +{% include "distro-common.conf" %} + +protocols { + rstp { + bridge-priority 4k; + } +} + +interfaces { + et-0/0/48 { + description "G: r1.tele (ae0)"; + ether-options { + 802.3ad ae0; + } + } + et-1/0/48 { + description "G: r1.tele (ae0)"; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description "B: r1.tele ae10"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ distro-mgmt edge-mgmt aps-mgmt ssid-the-gathering {% for distro_name, linkmap in v.tree.items() if 'floor' in distro_name %}{% for port, network_name in linkmap.items() %} {{ network_name }}{% endfor %}{% endfor %}]; + } + } + } + } +{% for distroname, distro in v.distrodata.items() if 'floor' in distroname %} + {{ distro.remote_phy1 }} { + description "G: {{ distroname }} {{ distro.if1 }} ({{ distro.remote_ae }})"; + ether-options { + 802.3ad {{ distro.remote_ae }}; + } + } + {{ distro.remote_phy2 }} { + description "G: {{ distroname }} {{ distro.if2 }} ({{ distro.remote_ae }})"; + ether-options { + 802.3ad {{ distro.remote_ae }}; + } + } + {{ distro.remote_ae }} { + description "B: {{ distroname }} ae0"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + {% if v.tree[distroname] %} + members [ distro-mgmt edge-mgmt aps-mgmt ssid-the-gathering {% for port, network_name in v.tree[distroname].items() %}{{ network_name }} {% endfor %}]; + {% else %} + members [ distro-mgmt edge-mgmt aps-mgmt ssid-the-gathering ]; + {% endif %} + } + } + } + } +{% endfor %} +} + +vlans { +{% for distro_name, linkmap in v.tree.items() if 'floor' in distro_name %} + {% for port, network_name in linkmap.items() %} + {{ network_name }} { + vlan-id {{ v.distro_networks[network_name].vlan }}; + } + {% endfor %} +{% endfor %} + distro-mgmt { + vlan-id 667; + l3-interface irb.667; + } + edge-mgmt { + vlan-id 666; + } + aps-mgmt { + vlan-id 777; + } + ssid-the-gathering { + vlan-id 778; + } +} + +virtual-chassis { + preprovisioned; + no-split-detection; + member 0 { + role routing-engine; + serial-number <removed>; + } + member 1 { + role routing-engine; + serial-number <removed>; + } +} diff --git a/examples/tg23/templates/distro-common.conf b/examples/tg23/templates/distro-common.conf new file mode 100644 index 0000000..1ea1894 --- /dev/null +++ b/examples/tg23/templates/distro-common.conf @@ -0,0 +1,192 @@ + +protocols { + lldp { + port-id-subtype interface-name; + port-description-type interface-description; + interface all; + } +} + +{# Find all networks related to this device and store it temporarly in the network dict for easy access later #} +{%- set networks = {} %} +{%- for network_name, network in v.distro_networks.items() %} + {%- set device = network_name %} + {%- if v.switches[device] and v.switches[device].distro_name == switch_name %} + {%- set s = objects["public/switches"].switches[device] %} + {%- set port = v.switches[device].distro_phy_port %} + + {%- if switch_name != 'd1.ring' %} + {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) %} + {%- else %} + {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) %} + {%- endif %} + + {#- må bruke tags fra downstream switch -#} + {%- set if_prefix = 'ge' -%} + {%- if "multirate" in s.tags and "10g-copper" in s.tags -%} + {%- set if_prefix = 'mge' -%} + {%- elif "10g-uplink" in s.tags -%} + {%- set if_prefix = 'xe' -%} + {%- endif -%} + + {%- set ae = "ae" ~ v.create_interface_ae(port) %} + {%- if switch_name == 'd1.ring' %} + {% set ae = "ae{}".format(network.vlan) %} + {%- endif %} + + {% do networks.update({ network_name: + {'ae': "ae{}".format(network.vlan), + 'fap_interface' : "{}{}".format(if_prefix, ge0), + 'vlan_id': network.vlan + }}) + %} + {% endif %} +{% endfor %} + +{% for network_name, network in networks.items() %} +event-options { + policy {{ network.ae }}down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "{{ network.ae }}$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces {{ network.fap_interface }} unit 0"; + "deactivate interfaces {{ network.fap_interface }} ether-options"; + } + user-name tech; + commit-options { + log "Autoconfig-script: {{ network.ae }} went down so removed {{ network.fap_interface }} from bundle"; + } + } + } + } + policy {{ network.ae }}up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "{{ network.ae }}$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces {{ network.fap_interface }} unit 0"; + "activate interfaces {{ network.fap_interface }} ether-options"; + } + user-name tech; + commit-options { + log "Autoconfig-script: {{ network.ae }} came up so added {{ network.fap_interface }} to bundle"; + } + } + } + } +} +{% endfor %} + +{# L2 VLANS-DELTAGERE #} +vlans { +{% for network_name, network in networks.items() %} + {{ network_name }} { + vlan-id {{ network.vlan_id }}; + } +{% endfor %} + distro-mgmt { + vlan-id 667; + {% if "els-software" in v.switch_tags %} + l3-interface irb.667; + forwarding-options { + dhcp-security { + option-82 { + circuit-id { + prefix { + host-name; + } + use-vlan-id; + } + } + } + } + {% else %} + l3-interface vlan.667; + {% endif %} + } + edge-mgmt { + vlan-id 666; + } + aps-mgmt { + vlan-id 777; + } + ssid-the-gathering { + vlan-id 778; + } + {% if switch_name == 'd1.ring' %} + southcam { + vlan-id 10; + } + tele-ipmi { + vlan-id 11; + } + {% endif %} +} + +{# ETHERNET SWITCHING OPTIONS #} +{% if not "els-software" in v.switch_tags %} +ethernet-switching-options { + storm-control { + {% for network_name, network in networks.items() %} + interface {{ network.ae }}; + {% endfor %} + } + secure-access-port { + vlan edge-mgmt { + dhcp-option82 { + circuit-id { + prefix hostname; + use-vlan-id; + } + } + } + } +} +{% endif %} + +{# MGT-NETWORK #} +interfaces { + {% if "els-software" in v.switch_tags %} + irb { + {% else %} + vlan { + {% endif %} + unit 667 { + description "switch management"; + family inet { + filter { + input mgmt-v4; + } + address {{ v.switches[switch_name]['mgmt_v4_addr'] }}/{{ v.switch_management_network['subnet4'] | cidr }}; + } + family inet6 { + filter { + input mgmt-v6; + } + address {{ v.switches[switch_name]['mgmt_v6_addr'] }}/{{ v.switch_management_network['subnet6'] | cidr }}; + } + } + } +} + +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 next-hop {{ v.switch_management_network.gw4 }}; + } + } + rib inet6.0 { + static { + route ::/0 next-hop {{ v.switch_management_network.gw6 }}; + } + } + }
\ No newline at end of file diff --git a/examples/tg23/templates/edge.conf b/examples/tg23/templates/edge.conf new file mode 100644 index 0000000..f52c649 --- /dev/null +++ b/examples/tg23/templates/edge.conf @@ -0,0 +1,431 @@ +{# Query parameters: ?switch=e1-1 #} +{% include "global.conf" %} +{% set poe_interface_port_numbers = [40, 41, 42, 43] %} + +protocols { + rstp { + bridge-priority 32k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + port-id-subtype interface-name; + port-description-type interface-description; + interface uplink-ports; + {% if "wifi" in v.switch_tags and "ex4300-48mp" in v.switch_tags %} + interface mge-0/0/40; + interface mge-0/0/41; + interface mge-0/0/42; + interface mge-0/0/43; + {% elif "wifi" in v.switch_tags %} + interface ge-0/0/40; + interface ge-0/0/41; + interface ge-0/0/42; + interface ge-0/0/43; + {% endif %} + } +} + +interfaces { + interface-range edge-ports { + {% if 'multirate' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/23; + member-range mge-0/0/24 to mge-0/0/43; + {% elif 'net-event-activites' in v.switch_tags and 'net-event-artnet' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/27; + member-range ge-0/0/36 to ge-0/0/43; + {% elif 'net-event-arena' in v.switch_tags and 'net-event-artnet' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/31; + member-range ge-0/0/40 to ge-0/0/43; + {% elif 'net-event-activites' in v.switch_tags and 'net-event-arena' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/27; + member-range ge-0/0/32 to ge-0/0/35; + member-range ge-0/0/40 to ge-0/0/43; + {% elif 'net-event-activites' in v.switch_tags and 'net-event-artnet' in v.switch_tags and 'net-event-arena' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/27; + member-range ge-0/0/40 to ge-0/0/43; + {% elif 'net-location-beredskap' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/23; + member-range ge-0/0/28 to ge-0/0/43; + {% elif 'net-event-activites' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/27; + member-range ge-0/0/32 to ge-0/0/43; + {% elif 'net-event-artnet' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/31; + member-range ge-0/0/36 to ge-0/0/43; + {% elif 'net-event-arena' in v.switch_tags %} + member-range ge-0/0/0 to ge-0/0/35; + member-range ge-0/0/40 to ge-0/0/43; + {% else %} + member-range ge-0/0/0 to ge-0/0/43; + {% endif %} + {% if 'wifi-switch' in v.switch_tags %} + description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; + {% if "els-software" in v.switch_tags %} + native-vlan-id 777; + {% endif %} + {% else %} + description "C: {{ v.network.name }} - VLAN {{ v.network.vlan }}"; + {% endif %} + unit 0 { + family ethernet-switching { + {% if 'wifi-switch' in v.switch_tags %} + {% if "els-software" in v.switch_tags %} + interface-mode trunk; + {% else %} + port-mode trunk; + native-vlan-id 777; + {% endif %} + vlan { + members [ ssid-the-gathering ]; + } + {% else %} + {% if "els-software" in v.switch_tags %} + interface-mode access; + {% else %} + port-mode access; + {% endif %} + vlan { + members {{ v.network.name }}; + } + {% endif %} + } + } + } +{% for ifindex in range(24, 44) %} + {% if "net-event-arena" in v.switch_tags and "crew" in v.switch_tags and ifindex in (36,37,38,39) %} + ge-0/0/{{ ifindex }} { + description "C: event-arena - VLAN 3000"; + unit 0 { + family ethernet-switching { + {% if "els-software" in v.switch_tags %} + interface-mode access; + {% else %} + port-mode access; + {% endif %} + vlan { + members event-arena; + } + } + } + } + {% endif %} + {% if "net-event-artnet" in v.switch_tags and "crew" in v.switch_tags and ifindex in (32,33,34,35) %} + ge-0/0/{{ ifindex }} { + description "C: event-artnet - VLAN 3001"; + unit 0 { + family ethernet-switching { + {% if "els-software" in v.switch_tags %} + interface-mode access; + {% else %} + port-mode access; + {% endif %} + vlan { + members event-artnet; + } + } + } + } + {% endif %} + {% if "net-event-activites" in v.switch_tags and "crew" in v.switch_tags and ifindex in (28,29,30,31) %} + ge-0/0/{{ ifindex }} { + description "C: event-activites - VLAN 3002"; + unit 0 { + family ethernet-switching { + {% if "els-software" in v.switch_tags %} + interface-mode access; + {% else %} + port-mode access; + {% endif %} + vlan { + members event-activites; + } + } + } + } + {% endif %} + {% if "net-location-beredskap" in v.switch_tags and "crew" in v.switch_tags and ifindex in (24,25,26,27) %} + ge-0/0/{{ ifindex }} { + description "C: location-beredskap - VLAN 3003"; + unit 0 { + family ethernet-switching { + {% if "els-software" in v.switch_tags %} + interface-mode access; + {% else %} + port-mode access; + {% endif %} + vlan { + members location-beredskap; + } + } + } + } + {% endif %} + {% if ("wifi" in v.switch_tags and "crew" in v.switch_tags and ifindex in (40,41,42,43)) or (switch_name == "e1.crew" and ifindex in (40,41,42,43)) %} + {% set wifi_vlan_list = ["ssid-the-gathering"] %} + {% if "els-software" in v.switch_tags %} + {% do wifi_vlan_list.append("aps-mgmt") %} + {% endif %} + {% if "ex4300-48mp" in v.switch_tags %} + mge-0/0/{{ ifindex }} { + {% else %} + ge-0/0/{{ ifindex }} { + {% endif %} + description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; + {% if "els-software" in v.switch_tags %} + native-vlan-id 777; + {% endif %} + unit 0 { + family ethernet-switching { + {% if "els-software" in v.switch_tags %} + interface-mode trunk; + {% else %} + port-mode trunk; + native-vlan-id 777; + {% endif %} + vlan { + members [ {% for vlan_name in wifi_vlan_list %}{{ vlan_name }} {% endfor %}]; + } + } + } + } + {% endif %} +{% endfor %} + interface-range uplink-ports { + description "G: {{ v.switch_management.distro_name }} (ae0)"; + {% for port in v.uplink_ns.uplink_ports %} + member {{ port }}; + {% endfor %} + ether-options { + 802.3ad ae0; + } + } + + {% if not "multirate" in v.switch_tags %} + interface-range unused-ports { + description "not-in-use"; + disable; + {% for port in v.uplink_ns.all_ports %} + {% if port not in v.uplink_ns.uplink_ports %} + member {{ port }}; + {% endif %} + {% endfor %} + } + {% endif %} + ae0 { + description "B: {{ v.switch_management.distro_name }}"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + {% if "els-software" in v.switch_tags %} + interface-mode trunk; + {% else %} + port-mode trunk; + {% endif %} + vlan { + {% set vlan_list = [] %} + {% if "net-event-arena" in v.switch_tags and "crew" in v.switch_tags %} + {% do vlan_list.append("event-arena") %} + {% endif %} + {% if "net-event-artnet" in v.switch_tags and "crew" in v.switch_tags %} + {% do vlan_list.append("event-artnet") %} + {% endif %} + {% if "net-event-activites" in v.switch_tags and "crew" in v.switch_tags %} + {% do vlan_list.append("event-activites") %} + {% endif %} + {% if "net-location-beredskap" in v.switch_tags and "crew" in v.switch_tags %} + {% do vlan_list.append("location-beredskap") %} + {% endif %} + {% if "wifi" in v.switch_tags and "crew" in v.switch_tags %} + {% do vlan_list.append("aps-mgmt") %} + {% do vlan_list.append("ssid-the-gathering") %} + {% endif %} + {% if "wifi-switch" in v.switch_tags %} + members [ aps-mgmt ssid-the-gathering edge-mgmt ]; + {% else %} + members [ {{ v.network.name }} edge-mgmt {% for vlan in vlan_list %}{{ vlan }} {% endfor %}]; + {% endif %} + } + } + } + } + {% if "els-software" in v.switch_tags %} + irb { + {% else %} + vlan { + {% endif %} + unit 666 { + description "switch management"; + family inet { + filter { + input mgmt-v4; + } + address {{ v.switch_management.mgmt_v4_addr }}/{{ v.switch_management_network.subnet4|cidr }}; + } + family inet6 { + filter { + input mgmt-v6; + } + address {{ v.switch_management.mgmt_v6_addr }}/{{ v.switch_management_network.subnet6|cidr }}; + } + } + } +} +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 next-hop {{ v.switch_management_network.gw4 }}; + } + } + rib inet6.0 { + static { + route ::/0 next-hop {{ v.switch_management_network.gw6 }}; + } + } +} +{% if not "els-software" in v.switch_tags %} +ethernet-switching-options { + port-error-disable { + /* 30 minutes in seconds */ + disable-timeout 1800; + } + secure-access-port { + interface edge-ports { + no-dhcp-trusted; + } + {% if "wifi-switch" in v.switch_tags %} + vlan aps-mgmt { + {% else %} + vlan {{ v.network.name }} { + {% endif %} + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82 { + circuit-id { + use-vlan-id; + } + } + no-option-37; + /* inactive due to DHCP drops on MX platform */ + inactive: dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + action-shutdown; + interface edge-ports { + bandwidth 20000; + multicast; + } + } +} +{% endif %} +protocols { + {% if "els-software" in v.switch_tags %} + {% else %} + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + {% if "wifi" in v.switch_tags %} + vlan aps-mgmt { + disable; + } + vlan ssid-the-gathering { + disable; + } + {% endif %} + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + {% if "wifi" in v.switch_tags %} + vlan aps-mgmt { + disable; + } + vlan ssid-the-gathering { + disable; + } + {% endif %} + } + {% endif %} + {% if "wifi" in v.switch_tags and "multirate" in v.switch_tags %} + lldp-med { + {% for poe_interface_port_number in poe_interface_port_numbers %} + interface mge-0/0/{{ poe_interface_port_number }}; + {% endfor %} + } + {% endif %} +} +vlans { + edge-mgmt { + vlan-id 666; + {% if "els-software" in v.switch_tags %} + l3-interface irb.666; + {% else %} + l3-interface vlan.666; + {% endif %} + } +{# special nets for crew #} + {% if "net-event-arena" in v.switch_tags and "crew" in v.switch_tags %} + event-arena { + vlan-id 3000; + } + {% endif %} + {% if "net-event-artnet" in v.switch_tags and "crew" in v.switch_tags %} + event-artnet { + vlan-id 3001; + } + {% endif %} + {% if "net-event-activities" in v.switch_tags and "crew" in v.switch_tags %} + event-activites { + vlan-id 3002; + } + {% endif %} + {% if "net-location-beredskap" in v.switch_tags and "crew" in v.switch_tags %} + location-beredskap { + vlan-id 3003; + } + {% endif %} + {% if "wifi" in v.switch_tags or "wifi-switch" in v.switch_tags %} + aps-mgmt { + vlan-id 777; + } + ssid-the-gathering { + vlan-id 778; + } + {% endif %} + {% if "wifi-switch" not in v.switch_tags %} + {{ v.network.name }} { + vlan-id {{ v.network.vlan }}; + } + {% endif %} +} +{% if "wifi" in v.switch_tags and "multirate" in v.switch_tags %} +poe { + {% if "ex4300-48mp" in v.switch_tags %} + interface all { + high-power; + } + {% else %} + interface all; + {% endif %} +} +{% endif %} diff --git a/examples/tg23/templates/global.conf b/examples/tg23/templates/global.conf new file mode 100644 index 0000000..96290da --- /dev/null +++ b/examples/tg23/templates/global.conf @@ -0,0 +1,205 @@ +system { + host-name {{ switch_name }}; + auto-snapshot; + domain-name tg23.gathering.org; + time-zone Europe/Oslo; + /* tacacs primary, failbacks to local users */ + authentication-order tacplus; + root-authentication { + encrypted-password "{{ v.root_pw }}"; ## SECRET-DATA + } + name-server { + {% for n in v.nameservers %} + {{n}}; + {% endfor %} + } + tacplus-server { + {{ v.tacplusserver }} { + secret {{ v.tacplus_secret }}; ## SECRET-DATA + source-address {{ v.switch_management.mgmt_v4_addr }}; + } + } + login { + user tech { + class super-user; + authentication { + encrypted-password "{{ v.tech_pw }}"; ## SECRET-DATA + } + } + user api { + class super-user; + authentication { + ssh-ed25519 "<removed>"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + protocol-version v2; + connection-limit 50; + rate-limit 5; + } + netconf { + ssh { + port 830; + } + } + } + syslog { + user * { + any emergency; + } + host log.tg23.gathering.org { + any warning; + authorization info; + daemon warning; + user warning; + change-log any; + interactive-commands any; + match "!(.*License.*)"; + allow-duplicates; + facility-override local7; + explicit-priority; + } + /* Oxidized syslog */ + host 185.110.148.112 { + interactive-commands notice; + match UI_COMMIT_COMPLETED; + source-address {{ v.switch_management.mgmt_v4_addr }}; + } + /* Local logging of syslog message */ + file messages { + any notice; + /* Fjerner mye graps i loggene */ + match "!(.*License.*|.*EX-BCM PIC.*|.*mojito_i2c_read.*|.*qsfp_tk_read_mem_page.*)"; + authorization info; + } + /* Local logging of all user-commands typed in the CLI */ + file interactive-commands { + interactive-commands any; + match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; + } + } + commit synchronize; # Syncer konfigurasjonen til alle members i VC ved commit. Ingen effekt ved commit på single bokser. + ntp { + /* ntp.uio.no */ + server 2001:700:100:2::6; + } + ports { + console log-out-on-disconnect; + } +} +chassis { + alarm { + management-ethernet { # Sender ikke alarm ved link down på managementinterfacet. + link-down ignore; + } + } + aggregated-devices { + ethernet { + device-count 32; + } + } +} +interfaces { + interface-range all-ports { + member ge-*/*/*; + {% if "multirate" in v.switch_tags %} + member mge-*/*/*; + {% endif %} + member xe-*/*/*; + member et-*/*/*; + } + lo0 { + unit 0 { + family inet { + filter { + input mgmt-v4; + } + } + family inet6 { + filter { + input mgmt-v6; + } + } + } + } +} +snmp { + contact "<removed>"; + community {{ v.snmp_community }} { + authorization read-only; + client-list-name mgmt; + } +} +policy-options { + prefix-list mgmt-v4 { + } + prefix-list mgmt-v6 { + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + apply-path "policy-options prefix-list <mgmt-v*> <*>"; + } +} +firewall { + family inet { + filter mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term accept-all { + then accept; + } + } + } +} +protocols { + igmp-snooping { + vlan all; + } +} +poe { + interface all; +} + diff --git a/examples/tg23/templates/juniper-distro-els.conf b/examples/tg23/templates/juniper-distro-els.conf new file mode 100644 index 0000000..2ea7226 --- /dev/null +++ b/examples/tg23/templates/juniper-distro-els.conf @@ -0,0 +1,556 @@ +{%- set switch_name = options["switch"] %} +{%- import "vars.conf" as v with context %} + +{% include "global.conf" %} + +{%- set floor_distros = [ + 'd1.floor', + 'd2.floor', + 'd3.floor', + 'd4.floor', + 'd5.floor', + 'd6.floor', + ] +%} + +{%- set all_networks = [] -%} +{%- set networks = {} -%} +{%- set vlans_on_ae = {} -%} + +{# SECTION: FIND AND UTSKUTT DISTROS #} +{%- for switchname, interface in v.device_tree[switch_name].items() -%} + {# {{ switchname }}: #} + {%- if "distro-utskutt" in v.switches2[switchname].tags -%} + {%- do all_networks.append(switchname) -%} + {%- if switchname in v.device_tree -%} + {%- for edge_switch_name, interface2 in v.device_tree[switchname].items() -%} + {# {{ edge_switch_name }} #} + {%- do all_networks.append(edge_switch_name) -%} + {%- endfor -%} + {%- endif -%} + {%- else -%} + {%- do all_networks.append(switchname) -%} + {%- endif -%} +{%- endfor -%} + +{# SECTION: FIND AND ADD INTERFACES #} +{%- for edge_network_name in all_networks -%} + {%- set net = v.distro_networks[edge_network_name] -%} + {%- set edge_device = objects["public/switches"].switches[edge_network_name] -%} + + {%- set port = v.device_tree[switch_name][edge_network_name] -%} + + {# dette er hvis kant nettverket er direkte på distro (ikke utskutt) #} + {%- set interfaces = {} -%} + {%- if edge_device.distro_name == switch_name -%} + {%- if switch_name in floor_distros -%} + {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-1/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge2 = "-2/0/" ~ v.create_interface_ge0(port) -%} + {%- elif "distro-utskutt" in edge_device.tags -%} + {%- set fpc = v.create_interface_vc(port) -%} + {%- if fpc in ("1", "4") -%} {# FPC 1 and 4 is ex4600 #} + {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge1(port) -%} + {%- else -%} + {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/2/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/2/" ~ v.create_interface_ge1(port) -%} + {%- endif -%} + {%- elif switch_name == 'd1.ring' -%} + {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge1(port) -%} + {%- else -%} + {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-0/0/" ~ v.create_interface_ge1(port) -%} + {%- endif -%} + + {#- må bruke tags fra downstream switch -#} + {%- set if_prefix = 'ge' -%} + {%- if "multirate" in edge_device.tags and "10g-copper" in edge_device.tags -%} + {%- set if_prefix = 'mge' -%} + {%- elif "10g-uplink" in edge_device.tags -%} + {%- set if_prefix = 'xe' -%} + {%- endif -%} + + {%- set ae = "ae" ~ v.create_interface_ae(port) -%} + {%- if "distro-utskutt" in edge_device.tags -%} + {%- set ae = v.ustkutt_distro_ae[edge_network_name] -%} + {%- elif "distro-utskutt" in v.switch_tags -%} + {%- set ae = "ae{}".format(net.vlan) -%} + {%- elif switch_name not in floor_distros -%} + {%- set ae = "ae{}".format(net.vlan) -%} + {%- endif -%} + + {%- set interfaces = {'ge0': "{}{}".format(if_prefix, ge0), 'ge1': "{}{}".format(if_prefix, ge1), 'ge2': "{}{}".format(if_prefix, ge2)} -%} + + {%- else -%} + {% set ae = networks[v.switches[edge_network_name]['distro_name']]['ae'] -%} + {%- endif -%} + + +{# SECTION: FIND AND ADD VLANS #} + {%- if ae not in vlans_on_ae -%} + {%- do vlans_on_ae.update({ae: []}) -%} + {%- endif -%} + {%- do vlans_on_ae[ae].append(edge_network_name) -%} + + {%- if "wifi" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("aps-mgmt") -%} + {%- do vlans_on_ae[ae].append("ssid-the-gathering") -%} + {% endif %} + {%- if "net-event-arena" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("event-arena") -%} + {%- endif -%} + {%- if "net-event-artnet" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("event-artnet") -%} + {%- endif -%} + {%- if "net-event-activities" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("event-activites") -%} + {%- endif -%} + {%- if "net-location-beredskap" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("location-beredskap") -%} + {%- endif -%} + + {# uggc Mapping edge '{{ edge_network_name }}' Downlink: {{ ae }} If:{{ interfaces }} Edge tags: {{ edge_device.tags }} Vlans on AE: {{ vlans_on_ae[ae] }} #} + {%- do networks.update({ edge_network_name: + {'l3_device': 'r1.tele', + 'ae' : ae, + 'vlan_id': net.vlan if net else none, + 'if_prefix' : if_prefix, + 'interfaces' : interfaces, + 'edge_switch_tags' : edge_device.tags, + 'distro' : switch_name + }}) + %} +{%- endfor %} + +{# SECTION: JUNOS CONFIG#} +{%- if switch_name in floor_distros %} +interfaces { + interface-range aps { + {% if "multirate" in v.switch_tags %} + member-range mge-0/0/46 to mge-0/0/47; + member-range mge-1/0/46 to mge-1/0/47; + member-range mge-2/0/46 to mge-2/0/47; + description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; + native-vlan-id 777; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ aps-mgmt ssid-the-gathering ]; + } + } + } + {% else %} + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; + native-vlan-id 777; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ ssid-the-gathering ]; + } + } + } + {% endif %} + } +} +{%- endif %} + + +{# SECTION: JUNOS DOWNSTREAM-INTERFACES #} +interfaces { +{% for network_name, network in networks.items() %} +{% if network.distro == switch_name and network.interfaces|length > 0 %} + {{ network.interfaces['ge0'] }} { + description "G: {{ network_name }} {{ network.if_prefix }}-0/0/44 ({{ network.ae }})"; + {# This is due to FAP. One uplink to switch can't be in LAG since its + not configured on the other end. And for FAP to work it has to be able + to be able to get DHCP. Therefor, we check if the AE to switch is UP. + If it is not then we configure one link to not be in the LAG #} + {% if v.states[network.distro] is defined and v.states[network.distro].ifs[network.ae] is defined and v.states[network.distro].ifs[network.ae].live is defined %} + ether-options { + 802.3ad {{ network.ae }}; + } + inactive: unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members edge-mgmt; + } + } + } + {% else %} + inactive: ether-options { + 802.3ad {{ network.ae }}; + } + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members edge-mgmt; + } + } + } + {% endif %} + } + {% if "2-uplinks" in network.edge_switch_tags or "3-uplinks" in network.edge_switch_tags %} + {{ network.interfaces['ge1'] }} { + description "G: {{ network_name }} {{ network.if_prefix }}-0/0/45 ({{ network.ae }})"; + ether-options { + 802.3ad {{ network.ae }}; + } + } + {% endif %} + {% if "3-uplinks" in network.edge_switch_tags %} + {{ network.interfaces['ge2'] }} { + description "G: {{ network_name }} {{ network.if_prefix }}-0/0/46 ({{ network.ae }})"; + ether-options { + 802.3ad {{ network.ae }}; + } + } + {% endif %} + {{ network.ae }} { + description "B: {{ network_name }} ae0"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ edge-mgmt {% if "distro-utskutt" in network.edge_switch_tags %} distro-mgmt {% endif %} {% for net in vlans_on_ae[network.ae] %}{% if net == network_name and "distro-utskutt" in network.edge_switch_tags %}{% else %}{{ net }} {% endif %}{% endfor %} ]; + } + } + } + } +{% endif %} +{% endfor %} +} + +{# SECTION: JUNOS CORE-INTERFACES #} +interfaces { + {{ v.distrodata[switch_name]['if1'] }} { + description "G: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_phy1'] }} (ae0)"; + ether-options { + 802.3ad ae0; + } + } + {{ v.distrodata[switch_name]['if2'] }} { + description "G: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_phy2'] }} (ae0)"; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description "B: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_ae'] }}"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members all; + } + } + } + } +} + +event-options { +{% for network_name, network in networks.items() %} +{% if network.distro == switch_name and network.interfaces|length > 0 %} + policy {{ network.ae }}down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "{{ network.ae }}$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces {{ network.interfaces['ge0'] }} unit 0"; + "deactivate interfaces {{ network.interfaces['ge0'] }} ether-options"; + } + user-name tech; + commit-options { + log "Autoconfig-script: {{ network.ae }} went down so removed {{ network.interfaces['ge0'] }} from bundle"; + } + } + } + } + policy {{ network.ae }}up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "{{ network.ae }}$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces {{ network.interfaces['ge0'] }} unit 0"; + "activate interfaces {{ network.interfaces['ge0'] }} ether-options"; + } + user-name tech; + commit-options { + log "Autoconfig-script: {{ network.ae }} came up so added {{ network.interfaces['ge0'] }} to bundle"; + } + } + } + } + {% endif %} +{% endfor %} +} +vlans { + {% if switch_name == 'd1.ring' %} + southcam { + vlan-id 10; + } + tele-ipmi { + vlan-id 11; + } + {% endif %} + {% if switch_name not in floor_distros %} + event-arena { + vlan-id 3000; + } + event-artnet { + vlan-id 3001; + } + event-activites { + vlan-id 3002; + } + location-beredskap { + vlan-id 3003; + } + {% endif %} + edge-mgmt { + vlan-id 666; + forwarding-options { + dhcp-security { + option-82 { + circuit-id { + prefix { + host-name; + } + use-vlan-id; + } + } + } + } + } + distro-mgmt { + vlan-id 667; + l3-interface irb.667; + forwarding-options { + dhcp-security { + option-82 { + circuit-id { + prefix { + host-name; + } + use-vlan-id; + } + } + } + } + } + vl20-lab { + vlan-id 20; + } +{% for network_name, network in networks.items() %} +{%- if network.vlan_id is not none %} + {{ network_name }} { + vlan-id {{ network.vlan_id }}; + } +{% endif %} +{% endfor %} + aps-mgmt { + vlan-id 777; + } + ssid-the-gathering { + vlan-id 778; + } +} + +protocols { + lldp { + port-id-subtype interface-name; + port-description-type interface-description; + interface all; + } +} + +interfaces { + irb { + unit 667 { + description "switch management"; + family inet { + filter { + input mgmt-v4; + } + address {{ v.switches[switch_name]['mgmt_v4_addr'] }}/{{ v.switch_management_network['subnet4'] | cidr }}; + } + family inet6 { + filter { + input mgmt-v6; + } + address {{ v.switches[switch_name]['mgmt_v6_addr'] }}/{{ v.switch_management_network['subnet6'] | cidr }}; + } + } + } +} + +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 next-hop {{ v.switch_management_network.gw4 }}; + } + } + rib inet6.0 { + static { + route ::/0 next-hop {{ v.switch_management_network.gw6 }}; + } + } + } + +protocols { + rstp { + {% if "distro-utskutt" in v.switch_tags %} + bridge-priority 4k; + {% else %} + bridge-priority 8k; + {% endif %} + } +} + + +{# some static ports on d1.ring #} +{% if switch_name == 'd1.ring' %} +interfaces { + xe-4/0/18 { + description "C: lab - VLAN 20 (static-ip)"; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members vl20-lab; + } + } + } + } + ge-4/0/19 { + description "C: lab - VLAN 20 (static-ip)"; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members vl20-lab; + } + } + } + } + ge-4/0/20 { + description "C: lab - VLAN 20 (static-ip)"; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members vl20-lab; + } + } + } + } + ge-4/0/21 { + description "C: lab - VLAN 20 (static-ip)"; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members vl20-lab; + } + } + } + } + ge-4/0/22 { + description "C: WIFI BUM monitor port - Jonas L - VLAN 778"; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members vl20-lab; + } + } + } + } + ge-0/0/23 { + description "C: southcam - VLAN 10 (static-ip)"; + unit 0 { + family ethernet-switching { + vlan { + members southcam; + } + } + } + } + ge-5/0/21 { + description "C: Security Server"; + unit 0 { + family ethernet-switching { + vlan { + members location-beredskap; + } + } + } + } + ge-5/0/22 { + description "C: bamsemums-ipmi - VLAN 11"; + unit 0 { + family ethernet-switching { + vlan { + members tele-ipmi; + } + } + } + } + ge-5/0/23 { + description "C: krokodille-ipmi - VLAN 11"; + unit 0 { + family ethernet-switching { + vlan { + members tele-ipmi; + } + } + } + } +} +{% endif %} + +{% if v.vc_config[switch_name] %} +virtual-chassis { + preprovisioned; + vcp-snmp-statistics; +{% for member in v.vc_config[switch_name] %} + member {{ loop.index-1 }} { + serial-number {{ member.sn }}; + {% if member.re %} + role routing-engine; + {% else %} + role line-card; + {% endif %} + {% if member.loc is defined %} + location {{ member.loc }}; + {% endif %} + } +{% endfor %} +} +{% endif %} diff --git a/examples/tg23/templates/juniper-distro-non-els.conf b/examples/tg23/templates/juniper-distro-non-els.conf new file mode 100644 index 0000000..c96d8f7 --- /dev/null +++ b/examples/tg23/templates/juniper-distro-non-els.conf @@ -0,0 +1,484 @@ +{%- set switch_name = options["switch"] %} +{%- import "vars.conf" as v with context %} + +{% include "global.conf" %} + +{%- set floor_distros = [ + 'd1.floor', + 'd2.floor', + 'd3.floor', + 'd4.floor', + 'd5.floor', + 'd6.floor', + ] +%} + +{%- set all_networks = [] -%} +{%- set networks = {} -%} +{%- set vlans_on_ae = {} -%} + +{# SECTION: FIND AND UTSKUTT DISTROS #} +{%- for switchname, interface in v.device_tree[switch_name].items() -%} + {# {{ switchname }}: #} + {%- if "distro-utskutt" in v.switches2[switchname].tags -%} + {%- do all_networks.append(switchname) -%} + {%- if switchname in v.device_tree -%} + {%- for edge_switch_name, interface2 in v.device_tree[switchname].items() -%} + {# {{ edge_switch_name }} #} + {%- do all_networks.append(edge_switch_name) -%} + {%- endfor -%} + {%- endif -%} + {%- else -%} + {%- do all_networks.append(switchname) -%} + {%- endif -%} +{%- endfor -%} + +{# SECTION: FIND AND ADD INTERFACES #} +{%- for edge_network_name in all_networks -%} + {%- set net = v.distro_networks[edge_network_name] -%} + {%- set edge_device = objects["public/switches"].switches[edge_network_name] -%} + + {%- set port = v.device_tree[switch_name][edge_network_name] -%} + + {# dette er hvis kant nettverket er direkte på distro (ikke utskutt) #} + {%- set interfaces = {} -%} + {%- if edge_device.distro_name == switch_name -%} + {%- if switch_name in floor_distros -%} + {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-1/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge2 = "-2/0/" ~ v.create_interface_ge0(port) -%} + {%- elif "distro-utskutt" in edge_device.tags -%} + {%- set fpc = v.create_interface_vc(port) -%} + {%- if fpc in ("1", "4") -%} {# FPC 1 and 4 is ex4600 #} + {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge1(port) -%} + {%- else -%} + {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/2/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/2/" ~ v.create_interface_ge1(port) -%} + {%- endif -%} + {%- elif switch_name == 'd1.ring' -%} + {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge1(port) -%} + {%- else -%} + {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) -%} + {%- set ge1 = "-0/0/" ~ v.create_interface_ge1(port) -%} + {%- endif -%} + + {#- må bruke tags fra downstream switch -#} + {%- set if_prefix = 'ge' -%} + {%- if "multirate" in edge_device.tags and "10g-copper" in edge_device.tags -%} + {%- set if_prefix = 'mge' -%} + {%- elif "10g-uplink" in edge_device.tags -%} + {%- set if_prefix = 'xe' -%} + {%- endif -%} + + {%- set ae = "ae" ~ v.create_interface_ae(port) -%} + {%- if "distro-utskutt" in edge_device.tags -%} + {%- set ae = v.ustkutt_distro_ae[edge_network_name] -%} + {%- elif "distro-utskutt" in v.switch_tags -%} + {%- set ae = "ae{}".format(net.vlan) -%} + {%- elif switch_name not in floor_distros -%} + {%- set ae = "ae{}".format(net.vlan) -%} + {%- endif -%} + + {%- set interfaces = {'ge0': "{}{}".format(if_prefix, ge0), 'ge1': "{}{}".format(if_prefix, ge1), 'ge2': "{}{}".format(if_prefix, ge2)} -%} + + {%- else -%} + {% set ae = networks[v.switches[edge_network_name]['distro_name']]['ae'] -%} + {%- endif -%} + +{# SECTION: FIND AND ADD VLANS #} + {%- if ae not in vlans_on_ae -%} + {%- do vlans_on_ae.update({ae: []}) -%} + {%- endif -%} + {%- do vlans_on_ae[ae].append(edge_network_name) -%} + + {%- if "wifi" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("aps-mgmt") -%} + {%- do vlans_on_ae[ae].append("ssid-the-gathering") -%} + {% endif %} + {%- if "net-event-arena" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("event-arena") -%} + {%- endif -%} + {%- if "net-event-artnet" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("event-artnet") -%} + {%- endif -%} + {%- if "net-event-activities" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("event-activites") -%} + {%- endif -%} + {%- if "net-location-beredskap" in edge_device.tags -%} + {%- do vlans_on_ae[ae].append("location-beredskap") -%} + {%- endif -%} + + {# uggc Mapping edge '{{ edge_network_name }}' Downlink: {{ ae }} If:{{ interfaces }} Edge tags: {{ edge_device.tags }} Vlans on AE: {{ vlans_on_ae[ae] }} #} + {%- do networks.update({ edge_network_name: + {'l3_device': 'r1.tele', + 'ae' : ae, + 'vlan_id': net.vlan if net else none, + 'if_prefix' : if_prefix, + 'interfaces' : interfaces, + 'edge_switch_tags' : edge_device.tags, + 'distro' : switch_name + }}) + %} +{%- endfor %} + + +{# SECTION: JUNOS CONFIG#} +{%- if switch_name in floor_distros %} +interfaces { + interface-range aps { + {% if "multirate" in v.switch_tags %} + member-range mge-0/0/46 to mge-0/0/47; + member-range mge-1/0/46 to mge-1/0/47; + member-range mge-2/0/46 to mge-2/0/47; + description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; + unit 0 { + family ethernet-switching { + port-mode trunk; + native-vlan-id 777; + vlan { + members [ ssid-the-gathering ]; + } + } + } + {% elif switch_name in floor_distros %} + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; + unit 0 { + family ethernet-switching { + native-vlan-id 777; + port-mode trunk; + vlan { + members [ ssid-the-gathering ]; + } + } + } + {% endif %} + } +} +{%- endif %} + + +{# SECTION: JUNOS DOWNSTREAM-INTERFACES #} +interfaces { +{% for network_name, network in networks.items() %} +{% if network.distro == switch_name and network.interfaces|length > 0 %} + {{ network.interfaces['ge0'] }} { + description "G: {{ network_name }} {{ network.if_prefix }}-0/0/44 ({{ network.ae }})"; + {# This is due to FAP. One uplink to switch can't be in LAG since its + not configured on the other end. And for FAP to work it has to be able + to be able to get DHCP. Therefor, we check if the AE to switch is UP. + If it is not then we configure one link to not be in the LAG #} + {% if v.states[network.distro] is defined and v.states[network.distro].ifs[network.ae] is defined and v.states[network.distro].ifs[network.ae].live is defined %} + ether-options { + 802.3ad {{ network.ae }}; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members edge-mgmt; + } + } + } + {% else %} + inactive: ether-options { + 802.3ad {{ network.ae }}; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members edge-mgmt; + } + } + } + {% endif %} + } + {% if "2-uplinks" in network.edge_switch_tags or "3-uplinks" in network.edge_switch_tags %} + {{ network.interfaces['ge1'] }} { + description "G: {{ network_name }} {{ network.if_prefix }}-0/0/45 ({{ network.ae }})"; + ether-options { + 802.3ad {{ network.ae }}; + } + } + {% endif %} + {% if "3-uplinks" in network.edge_switch_tags %} + {{ network.interfaces['ge2'] }} { + description "G: {{ network_name }} {{ network.if_prefix }}-0/0/46 ({{ network.ae }})"; + ether-options { + 802.3ad {{ network.ae }}; + } + } + {% endif %} + {{ network.ae }} { + description "B: {{ network_name }} ae0"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ edge-mgmt {% if "distro-utskutt" in network.edge_switch_tags %} distro-mgmt {% endif %} {% for net in vlans_on_ae[network.ae] %}{% if net == network_name and "distro-utskutt" in network.edge_switch_tags %}{% else %}{{ net }} {% endif %}{% endfor %} ]; + } + } + } + } +{% endif %} +{% endfor %} +} + +{# SECTION: JUNOS CORE-INTERFACES #} +interfaces { + {{ v.distrodata[switch_name]['if1'] }} { + description "G: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_phy1'] }} (ae0)"; + ether-options { + 802.3ad ae0; + } + } + {{ v.distrodata[switch_name]['if2'] }} { + description "G: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_phy2'] }} (ae0)"; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description "B: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_ae'] }}"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members all; + } + } + } + } +} + +event-options { +{% for network_name, network in networks.items() %} +{% if network.distro == switch_name and network.interfaces|length > 0 %} + policy {{ network.ae }}down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "{{ network.ae }}$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces {{ network.interfaces['ge0'] }} unit 0"; + "deactivate interfaces {{ network.interfaces['ge0'] }} ether-options"; + } + user-name tech; + commit-options { + log "Autoconfig-script: {{ network.ae }} went down so removed {{ network.interfaces['ge0'] }} from bundle"; + } + } + } + } + policy {{ network.ae }}up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "{{ network.ae }}$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces {{ network.interfaces['ge0'] }} unit 0"; + "activate interfaces {{ network.interfaces['ge0'] }} ether-options"; + } + user-name tech; + commit-options { + log "Autoconfig-script: {{ network.ae }} came up so added {{ network.interfaces['ge0'] }} to bundle"; + } + } + } + } + {% endif %} +{% endfor %} +} +vlans { + {% if switch_name == 'd1.ring' %} + southcam { + vlan-id 10; + } + tele-ipmi { + vlan-id 11; + } + {% endif %} + {% if switch_name not in floor_distros %} + event-arena { + vlan-id 3000; + } + event-artnet { + vlan-id 3001; + } + event-activites { + vlan-id 3002; + } + location-beredskap { + vlan-id 3003; + } + {% endif %} + edge-mgmt { + vlan-id 666; + } + distro-mgmt { + vlan-id 667; + l3-interface vlan.667; + } +{% for network_name, network in networks.items() %} +{%- if network.vlan_id is not none %} + {{ network_name }} { + vlan-id {{ network.vlan_id }}; + } +{% endif %} +{% endfor %} + aps-mgmt { + vlan-id 777; + } + ssid-the-gathering { + vlan-id 778; + } +} + +protocols { + lldp { + port-id-subtype interface-name; + port-description-type interface-description; + interface all; + } +} + +interfaces { + vlan { + unit 667 { + description "switch management"; + family inet { + filter { + input mgmt-v4; + } + address {{ v.switches[switch_name]['mgmt_v4_addr'] }}/{{ v.switch_management_network['subnet4'] | cidr }}; + } + family inet6 { + filter { + input mgmt-v6; + } + address {{ v.switches[switch_name]['mgmt_v6_addr'] }}/{{ v.switch_management_network['subnet6'] | cidr }}; + } + } + } +} + +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 next-hop {{ v.switch_management_network.gw4 }}; + } + } + rib inet6.0 { + static { + route ::/0 next-hop {{ v.switch_management_network.gw6 }}; + } + } + } + +protocols { + rstp { + {% if "distro-utskutt" in v.switch_tags %} + bridge-priority 4k; + {% else %} + bridge-priority 8k; + {% endif %} + } +} + +ethernet-switching-options { + storm-control { + {% for network_name, network in networks.items() %} + {%- if network.ae is defined %} + interface {{ network.ae }}; + {% endif %} + {% endfor %} + } + secure-access-port { + vlan edge-mgmt { + dhcp-option82 { + circuit-id { + prefix hostname; + use-vlan-id; + } + } + } + } +} + + +{# some static ports on d1.ring #} +{% if switch_name == 'd1.ring' %} +interfaces { + ge-0/0/23 { + description "C: southcam - VLAN 10 (static-ip)"; + unit 0 { + family ethernet-switching { + vlan { + members southcam; + } + } + } + } + ge-5/0/22 { + description "C: bamsemums-ipmi - VLAN 11"; + unit 0 { + family ethernet-switching { + vlan { + members tele-ipmi; + } + } + } + } + ge-5/0/23 { + description "C: krokodille-ipmi - VLAN 11"; + unit 0 { + family ethernet-switching { + vlan { + members tele-ipmi; + } + } + } + } +} +{% endif %} + +{% if v.vc_config[switch_name] %} +virtual-chassis { + preprovisioned; + vcp-snmp-statistics; +{% for member in v.vc_config[switch_name] %} + member {{ loop.index-1 }} { + serial-number {{ member.sn }}; + {% if member.re %} + role routing-engine; + {% else %} + role line-card; + {% endif %} + {% if member.loc is defined %} + location {{ member.loc }}; + {% endif %} + } +{% endfor %} +} +{% endif %}
\ No newline at end of file diff --git a/examples/tg23/templates/magic.conf b/examples/tg23/templates/magic.conf new file mode 100644 index 0000000..de71dc2 --- /dev/null +++ b/examples/tg23/templates/magic.conf @@ -0,0 +1,39 @@ +{# HOWTO #} +{# Manual query parameters: ?switch=e1-1 #} + +{# If there is no manual switch option we just assume it's fap. + The FAP query looks like this: "?a=d1.ring:ge-1/0/2.0:mgmt+irb.666". + agentDistro and agentPort is functions from template.py. And splits out + d1.ring and ge-1/0/2.0. + The distro-tree API endpoint has a overview of what switch is connected to what + distro on each port. #} + +{% if options["a"] %} + {% set distro = options["a"] | agentDistro %} + {% set port = options["a"] | agentPort %} + {% set switch_name = objects["public/distro-tree"]['distro-tree-phy'][distro][port] %} +{% elif options["switch"] %} + {% set switch_name = options["switch"] %} +{% else %} +Unsupported option. Please use "?switch=e1-1" if this is done manually. +{% endif %} + + +{# Change this if statement to do if edge, elif distro etc before tg20 #} +{# tagging edge switches was never done during TG19 #} +{% if switch_name is defined %} + {% import "vars.conf" as v with context %} + {% if switch_name == "d1.roof" %} + {% include "dist-roof.conf" %} + {% elif switch_name == "r1.tele" %} + {% include "core.conf" %} + {% elif switch_name == "r1.stand" %} + {% include "r1.stand.conf" %} + {% elif ("distro" in v.switch_tags or "distro-utskutt" in v.switch_tags) and "els-software" in v.switch_tags %} + {% include "juniper-distro-els.conf" %} + {% elif "distro" in v.switch_tags or "distro-utskutt" in v.switch_tags %} + {% include "juniper-distro-non-els.conf" %} + {% else %} + {% include "edge.conf" %} + {% endif %} +{% endif %}
\ No newline at end of file diff --git a/examples/tg23/templates/natfw1.tele.conf b/examples/tg23/templates/natfw1.tele.conf new file mode 100644 index 0000000..35dd635 --- /dev/null +++ b/examples/tg23/templates/natfw1.tele.conf @@ -0,0 +1,610 @@ +{# Query parameters: ?switch=e1-1 #} + +{%- if options["switch"] %} +{%- set switch_name = options["switch"] %} + +{%- import "vars-natfw1.tele.conf" as v with context %} + +{# holds the management prefixes, used for statefull firewall policies #} +{%- import "vars-mgmt-nets.conf" as mgmt_nets -%} + + +{# Add management nets to address-book #} +security { + address-book { + global { + {% for address_family in mgmt_nets %} + {% for net, annotation in address_family %} + address NET-MGMT-{{ net }} { + {{ net }}; + description "{{ annotation }}"; + } + {% endfor %} + {% endfor %} + + address-set GRP-MGMT { + {% for address_family in mgmt_nets %} + {% for net, annotation in address_family %} + address NET-MGMT-{{ net }}; + {% endfor %} + {% endfor %} + } + } + } +} + +groups { + node0 { + system { + host-name node0-natfw1.tele; + } + } + node1 { + system { + host-name node1-natfw1.tele; + } + } + log-session-init-close { + security { + policies { + from-zone <*> to-zone <*> { + policy <*> { + then { + log { + session-init; + session-close; + } + } + } + } + } + } + } +} + +apply-groups "${node}"; + + +chassis { + cluster { + control-link-recovery; + reth-count 1; + redundancy-group 0 { + node 0 priority 100; + node 1 priority 1; + } + redundancy-group 1 { + node 0 priority 100; + node 1 priority 1; + preempt { + delay 300; + } + interface-monitor { + et-1/0/0 weight 255; + et-8/0/0 weight 255; + } + } + } +} + +security { + nat { + source { + pool NAT-WIFI-POOL { + address { + 185.110.150.0/25; + } + } + pool NAT-LAN-POOL { + address { + 185.110.150.128/25; + } + } + rule-set NAT-WIFI-TO-INET { + from zone NAT-WIFI; + to zone INET; + rule NAT-WIFI-TO-INET-RULE { + match { + source-address 0.0.0.0/0; + destination-address 0.0.0.0/0; + application any; + } + then { + source-nat { + pool { + NAT-WIFI-POOL; + } + } + } + } + } + rule-set NAT-LAN-TO-INET { + from zone NAT-LAN; + to zone INET; + rule NAT-LAN-TO-INET-RULE { + match { + source-address 0.0.0.0/0; + destination-address 0.0.0.0/0; + application any; + } + then { + source-nat { + pool { + NAT-LAN-POOL; + } + } + } + } + } + } + } + policies { + apply-groups log-session-init-close; + from-zone NAT-WIFI to-zone INET { + policy YESMAN { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + from-zone NAT-LAN to-zone INET { + policy YESMAN { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + from-zone INET to-zone NAT-LAN { + policy YESMAN { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + from-zone INET to-zone NAT-WIFI { + policy YESMAN { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + from-zone NAT-LAN to-zone NAT-WIFI { + policy YESMAN { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + from-zone NAT-WIFI to-zone NAT-LAN { + policy YESMAN { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + /* Fordi ellers naar man ikke lo0 fra internetttttz */ + from-zone INET to-zone LOOPBACK { + policy YESMAN { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + global { + policy PING { + match { + source-address any; + destination-address any; + application junos-ping; + } + then { + permit; + } + } + } + } + zones { + security-zone INET { + host-inbound-traffic { + system-services { + ping; + traceroute; + ssh; + netconf; + } + protocols { + ospf3; + } + } + interfaces { + reth0.10; + } + } + security-zone NAT-WIFI { + host-inbound-traffic { + system-services { + ssh; + netconf; + ping; + traceroute; + } + protocols { + ospf3; + } + } + interfaces { + reth0.20; + } + } + security-zone NAT-LAN { + host-inbound-traffic { + system-services { + ssh; + ping; + netconf; + traceroute; + } + protocols { + ospf3; + } + } + interfaces { + reth0.30; + } + } + security-zone LOOPBACK { + host-inbound-traffic { + system-services { + ssh; + netconf; + ping; + snmp; + } + } + interfaces { + lo0.0; + } + } + } +} +interfaces { + xe-0/0/2 { + description "X: fab0"; + } + xe-0/0/3 { + description "X: fab0"; + } + et-1/0/0 { + description "G: r1.tele et-4/1/0 (reth0)"; + gigether-options { + redundant-parent reth0; + } + } + xe-7/0/2 { + description "X: fab1"; + } + xe-7/0/3 { + description "X: fab1"; + } + et-8/0/0 { + description "G: r1.tele et-5/1/0 (reth0)"; + gigether-options { + redundant-parent reth0; + } + } + fab0 { + fabric-options { + member-interfaces { + xe-0/0/2; + xe-0/0/3; + } + } + } + fab1 { + fabric-options { + member-interfaces { + xe-7/0/2; + xe-7/0/3; + } + } + } + lo0 { + description "X: Loopback"; + unit 0 { + family inet { + address 127.0.0.1/32; + address 185.110.148.2/32 { + primary; + } + } + family inet6 { + address ::1/128; + address 2a06:5841:f:a::2/128 { + primary; + } + } + } + } + reth0 { + description "B: r1.tele ae5"; + vlan-tagging; + redundant-ether-options { + redundancy-group 1; + lacp { + active; + periodic fast; + } + } + unit 10 { + description INET; + vlan-id 10; + family inet { + address 185.110.148.163/31; + } + family inet6 { + address 2a06:5841:f:101::1/127; + } + } + unit 20 { + description NAT-WIFI; + vlan-id 20; + family inet { + address 185.110.148.165/31; + } + family inet6 { + address 2a06:5841:f:101::3/127; + } + } + unit 30 { + description NAT-LAN; + vlan-id 30; + family inet { + address 185.110.148.167/31; + } + family inet6 { + address 2a06:5841:f:101::5/127; + } + } + } +} +snmp { + contact "<removed>"; + community {{ v.snmp_community }} { + authorization read-only; + client-list-name mgmt; + } +} +protocols { + ospf3 { + realm ipv4-unicast { + area 0.0.0.0 { + interface reth0.10; + interface reth0.20; + interface reth0.30; + interface lo0.0 { + passive; + } + } + reference-bandwidth 1000g; + } + area 0.0.0.0 { + interface reth0.10; + interface reth0.20; + interface reth0.30; + interface lo0.0 { + passive; + } + } + } + lldp { + port-id-subtype interface-name; + port-description-type interface-description; + interface all; + } +} + + + + +{# Static interfaces #} + +interfaces { + xe-0/0/2 { + description "X: fab0"; + } + xe-0/0/3 { + description "X: fab0"; + } + et-1/0/0 { + description "G: r1.tele et-4/1/0 (reth0)"; + gigether-options { + redundant-parent reth0; + } + } + xe-7/0/2 { + description "X: fab1"; + } + xe-7/0/3 { + description "X: fab1"; + } + et-8/0/0 { + description "G: r1.tele et-5/1/0 (reth0)"; + gigether-options { + redundant-parent reth0; + } + } + fab0 { + fabric-options { + member-interfaces { + xe-0/0/2; + xe-0/0/3; + } + } + } + fab1 { + fabric-options { + member-interfaces { + xe-7/0/2; + xe-7/0/3; + } + } + } + lo0 { + description "X: Loopback"; + unit 0 { + family inet { + filter { + input mgmt-v4; + } + address 185.110.148.2/32; + } + family inet6 { + filter { + input mgmt-v6; + } + address 2a06:5841:f:a::2/128; + } + } + } + reth0 { + description "B: r1.tele ae5"; + vlan-tagging; + redundant-ether-options { + redundancy-group 1; + lacp { + active; + periodic fast; + } + } + unit 10 { + description INET; + vlan-id 10; + family inet { + address 185.110.148.163/31; + } + family inet6 { + address 2a06:5841:f:101::1/127; + } + } + unit 20 { + description NAT-WIFI; + vlan-id 20; + family inet { + address 185.110.148.165/31; + } + family inet6 { + address 2a06:5841:f:101::3/127; + } + } + unit 30 { + description NAT-LAN; + vlan-id 30; + family inet { + address 185.110.148.167/31; + } + family inet6 { + address 2a06:5841:f:101::5/127; + } + } + } +} + +policy-options { + prefix-list mgmt-v4 { + } + prefix-list mgmt-v6 { + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + apply-path "policy-options prefix-list <mgmt-v*> <*>"; + } +} + +firewall { + family inet { + filter mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term accept-all { + then accept; + } + } + } +} + +{% else %} +Unsupported option. Please use +"?switch=switch_name" +{% endif %} diff --git a/examples/tg23/templates/oxidized.json b/examples/tg23/templates/oxidized.json new file mode 100644 index 0000000..df15b7d --- /dev/null +++ b/examples/tg23/templates/oxidized.json @@ -0,0 +1,13 @@ +{% set mgmt = objects["read/switches-management"].switches %} +{% set ping = objects["public/ping"].switches %} +{% set switches = objects["public/switches"].switches %} +[ +{% for switch, state in ping.items() if state.latency4 is not none and not "server" in switches[switch].tags%} + { + "hostname": "{{ mgmt[switch].sysname }}.tg23.gathering.org", + "os": "junos", + "ipv4": "{{ mgmt[switch].mgmt_v4_addr }}", + "ipv6": "{{ mgmt[switch].mgmt_v6_addr }}" + }{% if not loop.last -%},{% endif %} +{%endfor%} +] diff --git a/examples/tg23/templates/r1.stand.conf b/examples/tg23/templates/r1.stand.conf new file mode 100644 index 0000000..60a7480 --- /dev/null +++ b/examples/tg23/templates/r1.stand.conf @@ -0,0 +1,513 @@ +{# Query parameters: ?switch=e1-1 #} +{%- if options["switch"] %} +{% set switch_name = options["switch"] %} +{% import "vars.conf" as v with context %} +{% include "global.conf" %} + +{%- set pve_nodes = [ + 'speilegg', + 'punchknapp', + 'sorbis', + 'hobby', + 'dumle', + ] +%} + +virtual-chassis { + preprovisioned; + no-split-detection; + member 0 { + role routing-engine; + serial-number <removed>; + } + member 1 { + role routing-engine; + serial-number <removed>; + } +} + +chassis { + redundancy { + graceful-switchover; + } + aggregated-devices { + ethernet { + device-count 40; + } + } +} + +protocols { + lldp { + port-id-subtype interface-name; + port-description-type interface-description; + interface all; + } + igmp-snooping { + vlan all; + } + rstp { + bridge-priority 4k; + } +} + +groups { + pvehosts { + interfaces { + <ae*> { + vlan-tagging; + encapsulation flexible-ethernet-services; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ techvm vmhosts vms ]; + } + } + } + } + } + } +} + + +routing-options { + nonstop-routing; +} + +protocols { + lldp { + port-id-subtype interface-name; + port-description-type interface-description; + interface all; + } + igmp-snooping { + vlan all; + } + rstp { + bridge-priority 4k; + } +} + +vlans { + vmhosts { + vlan-id 100; + l3-interface irb.100; + } + techvm { + vlan-id 101; + l3-interface irb.101; + } + vms { + vlan-id 102; + l3-interface irb.102; + } + tghack { + vlan-id 200; + l3-interface irb.200; + } +} + +interfaces { + lo0 { + unit 0 { + family inet { + address 185.110.148.1/32; + } + family inet6 { + address 2a06:5841:f:a::1/128; + } + } + } + + irb { + unit 100 { + family inet { + address 185.110.148.65/27; + } + family inet6 { + address 2a06:5841:f:c::1/64; + } + } + unit 101 { + family inet { + address 185.110.148.129/27; + } + family inet6 { + address 2a06:5841:f:e::1/64; + } + } + unit 102 { + family inet { + address 151.216.249.1/24; + } + family inet6 { + address 2a06:5841:100:1::1/64 ; + } + } + unit 200 { + family inet { + address 151.216.252.1/27; + } + family inet6 { + address 2a06:5841:200:a::1/64; + } + } + } + + + xe-0/0/10 { + description "C: krokodille (storage) (ae3)"; + gigether-options { + 802.3ad ae3; + } + } + xe-0/0/11 { + description "C: krokodille (storage) (ae3)"; + gigether-options { + 802.3ad ae3; + } + } + xe-1/0/10 { + description "C: krokodille (storage) (ae3)"; + gigether-options { + 802.3ad ae3; + } + } + xe-1/0/11 { + description "C: krokodille (storage) (ae3)"; + gigether-options { + 802.3ad ae3; + } + } + + xe-0/0/12 { + description "C: rekrutt (GPU) (ae7)"; + gigether-options { + 802.3ad ae7; + } + } + + xe-1/0/12 { + description "C: rekrutt (GPU) (ae7)"; + gigether-options { + 802.3ad ae7; + } + } + + xe-0/0/13 { + description "C: rekrutt (GPU) (ae7)"; + gigether-options { + 802.3ad ae7; + } + } + + xe-1/0/13 { + description "C: rekrutt (GPU) (ae7)"; + gigether-options { + 802.3ad ae7; + } + } + + + xe-0/0/42 { + description "C: TGHACK 1"; + gigether-options { + 802.3ad ae4; + } + } + xe-1/0/42 { + description "C: TGHACK 1"; + gigether-options { + 802.3ad ae4; + } + } + xe-0/0/43 { + description "C: TGHACK 2"; + gigether-options { + 802.3ad ae5; + } + } + xe-1/0/43 { + description "C: TGHACK 2"; + gigether-options { + 802.3ad ae5; + } + } + xe-0/0/44 { + description "C: TGHACK 3"; + gigether-options { + 802.3ad ae6; + } + } + xe-1/0/44 { + description "C: TGHACK 3"; + gigether-options { + 802.3ad ae6; + } + } + xe-0/0/45 { + description "C: Unes"; + gigether-options { + 802.3ad ae9; + } + } + xe-1/0/45 { + description "C: Unes"; + gigether-options { + 802.3ad ae9; + } + } + et-0/0/48 { + description "G: r1.tele et-4/0/2 (ae0)"; + gigether-options { + 802.3ad ae0; + } + } + et-1/0/48 { + description "G: r1.tele et-5/0/2 (ae0)"; + gigether-options { + 802.3ad ae0; + } + } + ae0 { + description "B: r1.tele ae12"; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 0 { + family inet { + address 185.110.148.161/31; + } + family inet6 { + address 2a06:5841:f:100::2/64; + } + } + } + ae3 { + description "C: krokodille (storage) bond0"; + flexible-vlan-tagging; + encapsulation flexible-ethernet-services; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 100 { + description "C: krokodille vm-host"; + vlan-tags outer 100; + family inet { + address 185.110.148.34/31; + } + family inet6 { + address 2a06:5841:f:b::2/127; + } + } + unit 101 { + description "C: krokodille vms"; + vlan-tags outer 101; + family inet { + address 151.216.248.129/28; + } + family inet6 { + address 2a06:5841:100:2::1/64; + } + } + } + + ae4 { + description "C: Crew-server (TG:Hack) 1"; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members tghack; + } + } + } + } + ae5 { + description "C: Crew-server (TG:Hack) 2"; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members tghack; + } + } + } + } + ae6 { + description "C: Crew-server (TG:Hack) 3"; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members tghack; + } + } + } + } + ae7 { + description "C: rekrutt (GPU) bond0"; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 0 { + description "C: rekrutt"; + family inet { + address 151.216.248.145/28; + } + family inet6 { + address 2a06:5841:100:3::1/64; + } + } + } + ae9 { + description "C: Crew-server (Unes)"; + aggregated-ether-options { + lacp { + active; + periodic fast; + } + } + unit 0 { + family inet { + address 151.216.252.33/27; + } + family inet6 { + address 2a06:5841:200:b::1/64; + } + } + } + +{% for node in pve_nodes %} + {% set port = (loop.index - 1) * 2 %} + xe-0/0/{{port}} { + description "C: {{ node }} enp101s0f0 (ae1{{loop.index}})"; + gigether-options { + 802.3ad ae1{{loop.index}}; + } + } + xe-1/0/{{port}} { + description "C: {{ node }} enp101s0f1 (ae1{{loop.index}})"; + gigether-options { + 802.3ad ae1{{loop.index}}; + } + } + {% set port = port + 1 %} + xe-0/0/{{port}} { + description "C: {{ node }} enp101s1f0 (ae1{{loop.index}})"; + gigether-options { + 802.3ad ae1{{loop.index}}; + } + } + xe-1/0/{{port}} { + description "C: {{ node }} enp101s1f1 (ae1{{loop.index}})"; + gigether-options { + 802.3ad ae1{{loop.index}}; + } + } + ae1{{loop.index}} { + apply-groups pvehosts; + description "C: {{ node }} bond0"; + } +{% endfor %} +} + +protocols { + ospf3 { + realm ipv4-unicast { + area 0.0.0.0 { + interface ae0.0; + } + export [ direct-to-ospf static-to-ospf ]; + } + area 0.0.0.0 { + interface ae0.0; + } + export [ direct-to-ospf static-to-ospf ]; + reference-bandwidth 1000g; + } +} + +policy-options { + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} + +firewall { + family inet { + filter 20G-POLICER-V4-FILTER { + term A { + then policer 20G-POLICER; + } + } + } + family inet6 { + filter 20G-POLICER-V6-FILTER { + term A { + then policer 20G-POLICER; + } + } + } + policer 20G-POLICER { + filter-specific; + if-exceeding { + bandwidth-limit 20g; + burst-size-limit 100m; + } + then discard; + } +} + +{% else %} +Unsupported option. Please use +"?switch=switch_name" +{% endif %} diff --git a/examples/tg23/templates/ssh.conf b/examples/tg23/templates/ssh.conf new file mode 100644 index 0000000..25214b3 --- /dev/null +++ b/examples/tg23/templates/ssh.conf @@ -0,0 +1,10 @@ +{# Query parameters: ?username=arne #} +{% set ssh_username = options['username']|default('ARNE') %} + +{% for (switch, s) in objects["public/switches"].switches|dictsort %} +{% set mg = objects["read/switches-management"].switches[switch] -%} +Host {{ switch }}.tg23.gathering.org {{ switch }} + User {{ ssh_username }} + ProxyJump my-proxyjump + +{% endfor %} diff --git a/examples/tg23/templates/vars-mgmt-nets.conf b/examples/tg23/templates/vars-mgmt-nets.conf new file mode 100644 index 0000000..1e7214e --- /dev/null +++ b/examples/tg23/templates/vars-mgmt-nets.conf @@ -0,0 +1,10 @@ +{% + set mgmt_nets = { + 'v4' : { + '185.110.148.0/24': 'TG23 Infrastruktur (loopback,linknets,tech-servers)', + }, + 'v6' : { + '2a06:5841:f::/48': 'TG23 Infrastruktur (loopback,linknets,tech-servers)' + } + } + %} diff --git a/examples/tg23/templates/vars-natfw1.tele.conf b/examples/tg23/templates/vars-natfw1.tele.conf new file mode 100644 index 0000000..903312a --- /dev/null +++ b/examples/tg23/templates/vars-natfw1.tele.conf @@ -0,0 +1,27 @@ +{# Static Vars #} +{% set root_pw= '<removed>' %} +{% set tech_pw = '<removed>' %} +{% set snmp_community = '<removed>' %} + +{% set nameservers = [ + '2a06:5841:f:d::101', + '2a06:5841:f:e::132', + ] +%} + +{% set tacplusserver = "<removed>" %} +{% set tacplus_secret = '"<removed>"'%} + + +{# stuff from global.conf 2023-03-26 #} + +policy-options { + prefix-list mgmt-v4 { + } + prefix-list mgmt-v6 { + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + apply-path "policy-options prefix-list <mgmt-v*> <*>"; + } +}
\ No newline at end of file diff --git a/examples/tg23/templates/vars.conf b/examples/tg23/templates/vars.conf new file mode 100644 index 0000000..6080ecc --- /dev/null +++ b/examples/tg23/templates/vars.conf @@ -0,0 +1,135 @@ +{# Include API info #} +{# used mainly for edge/distro #} +{% set switch = objects["public/switches"].switches[switch_name] %} +{% set switches2 = objects["public/switches"]["switches"] %} +{% set switch_tags = objects["public/switches"].switches[switch_name].tags %} +{% set switch_management = objects["read/switches-management"].switches[switch_name] %} +{% set switch_management_network = objects["read/networks"].networks[switch_management.mgmt_vlan] %} +{% set switches = objects["read/switches-management"]["switches"] %} +{% set states = objects["public/switch-state"]["switches"] %} +{% set distro_networks = objects["read/networks"]["networks"] %} +{% set port = switches[switch_name].distro_phy_port %} +{% set tree = objects["public/distro-tree"]["distro-tree-phy"] %} +{% set device_tree = objects["public/distro-tree"]["distro-tree-sys"] %} +{% set network = distro_networks[switch_name] %} + +{# Some functions that helps us create interfaces #} +{% macro create_interface_vc(port) -%} +{{ port.split("-")[1].split("/")[0] }} +{%- endmacro %} + +{% macro create_interface_ge0(port) -%} +{{ port.split("/")[2] | replace('.0', '')}} +{%- endmacro %} + +{% macro create_interface_ge1(port) -%} +{{ create_interface_ge0(port) | int + 1}} +{%- endmacro %} + +{% macro create_interface_ae(port) -%} +{{ create_interface_ge0(port) | int + 100}} +{%- endmacro %} + + +{# Static Vars #} +{% set root_pw= '<removed>' %} +{% set tech_pw = '<removed>' %} +{% set snmp_community = '<removed>' %} + + +{% set nameservers = [ + '2a06:5841:f:d::101', + '2a06:5841:f:e::132', + ] +%} + +{% set tacplusserver = "<removed>" %} +{% set tacplus_secret = '<removed>'%} + +{% set uplink_ns = namespace(uplink_ports=[], all_ports=[]) %} + +{# +Uplink porter: +Vi reserverer i utgangspunktet alle siste 4 1g porter og 10g porter til uplink. +EX4300-48MP er unntak ettersom det er trengsel på multirate porter. + +#} + +{%- set uplink_ns.active = [] %} +{%- set uplink_ns.unused = [] %} + +{% if "ex4300-48mp" in switch_tags %} + {% if "10g-uplink" in switch_tags and "10g-copper" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['mge-0/0/46','mge-0/0/47'] %} + {%- set uplink_ns.all_ports = ['mge-0/0/46','mge-0/0/47'] %} {# litt mangel på porter her, så bare mulig med 2 stk uplink #} + {%- if "1-uplink" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['mge-0/0/46'] %} + {%- endif %} + {%- else %} + {%- set uplink_ns.uplink_ports = ['xe-0/2/0','xe-0/2/1'] %} + {%- set uplink_ns.all_ports = ['xe-0/2/0','xe-0/2/1' ] %} {# støtter bare 2 uplinks her og, burde holde #} + {%- if "1-uplink" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['xe-0/2/0'] %} + {%- endif %} + {%- endif %} +{%- elif "10g-uplink" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['xe-0/1/0','xe-0/1/1'] %} + {%- set uplink_ns.all_ports = ['xe-0/1/0','xe-0/1/1','xe-0/1/2', 'xe-0/1/3'] %} + {%- if "1-uplink" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['xe-0/1/1'] %} + {%- elif "2-uplinks" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['xe-0/1/0','xe-0/1/1'] %} + {%- elif "3-uplinks" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['xe-0/1/0','xe-0/1/1','xe-0/1/2'] %} + {%- elif "4-uplinks" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['xe-0/1/0','xe-0/1/1','xe-0/1/2', 'xe-0/1/3'] %} + {%- endif %} +{%- elif switch_name == "e1.roof" or switch_name == "e2.roof" %} + {%- set uplink_ns.uplink_ports = ['ge-0/1/0'] %} + {%- set uplink_ns.all_ports = ['ge-0/1/0','ge-0/1/1','ge-0/1/2','ge-0/1/3'] %} +{%- else %} + {%- set uplink_ns.uplink_ports = ['ge-0/0/44','ge-0/0/45'] %} + {%- set uplink_ns.all_ports = ['ge-0/0/44','ge-0/0/45','ge-0/0/46','ge-0/0/47'] %} + {%- if "1-uplink" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['ge-0/0/44'] %} + {%- elif "2-uplinks" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['ge-0/0/44','ge-0/0/45'] %} + {%- elif "3-uplinks" in switch_tags %} + {%- set uplink_ns.uplink_ports = ['ge-0/0/44','ge-0/0/45','ge-0/0/46'] %} + {%- elif "4-uplinks" in switch_tags %} + {%- set uplink_ns.uplink_ports = uplink_ns.all_ports %} + {%- endif %} +{%- endif %} + +{# MAPS with info we're missing from gondul API#} +{% set distrodata = { + 'd1.floor' : {'if1':'et-0/2/0', 'if2':'et-1/2/0', 'uplink_device':'d1.roof', 'remote_phy1':'et-0/0/49', 'remote_phy2':'et-1/0/49', 'remote_ae':'ae18'}, + 'd2.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/1', 'remote_phy2':'xe-1/0/1', 'remote_ae':'ae10'}, + 'd3.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/2', 'remote_phy2':'xe-1/0/2', 'remote_ae':'ae11'}, + 'd4.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/3', 'remote_phy2':'xe-1/0/3', 'remote_ae':'ae12'}, + 'd5.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/4', 'remote_phy2':'xe-1/0/4', 'remote_ae':'ae13'}, + 'd6.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/5', 'remote_phy2':'xe-1/0/5', 'remote_ae':'ae14'}, + 'd1.ring' : {'if1':'et-4/0/24', 'if2':'et-5/1/0', 'uplink_device':'r1.tele', 'remote_phy1':'et-4/0/1', 'remote_phy2':'et-5/0/1', 'remote_ae':'ae11'}, + 'd1.bird' : {'if1':'xe-0/1/0', 'if2':'xe-0/1/1', 'uplink_device':'d1.ring', 'remote_phy1':'xe-4/0/2', 'remote_phy2':'xe-4/0/3', 'remote_ae':'ae100'}, + 'd1.sponsor' : {'if1':'xe-0/1/0', 'if2':'xe-0/1/1', 'uplink_device':'d1.ring', 'remote_phy1':'xe-5/2/0', 'remote_phy2':'xe-5/2/1', 'remote_ae':'ae102'}, + 'd1.resepsjon' : {'if1':'xe-0/1/0', 'if2':'xe-0/1/1', 'uplink_device':'d1.ring', 'remote_phy1':'xe-4/0/6', 'remote_phy2':'xe-4/0/7', 'remote_ae':'ae103'}, + } + %} + +{% set vc_config = { + 'd1.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], + 'd2.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], + 'd3.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], + 'd4.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], + 'd5.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], + 'd6.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], + 'd1.ring' : [{'sn':'<removed>', 'loc':'south'}, {'sn':'<removed>', 'loc':'log', 're':true}, {'sn':'<removed>', 'loc':'swing'}, {'sn':'<removed>', 'loc':'north', }, {'sn':'<removed>', 'loc':'noc','re':true}, {'sn':'<removed>', 'loc':'tele'}], + } +%} + +{% set ustkutt_distro_ae = { + 'd1.bird' : "ae100", + 'd1.north' : "ae101", + 'd1.sponsor' : 'ae102', + 'd1.resepsjon' : 'ae103' +} %} |