F #5218: BGP EVPN configuration changes

- Fixed network prefix for BGP routers - Support for custom CIDR blocks in AWS
2025-03-23 22:50:09 +03:00 · 2021-01-10 21:19:16 +01:00 · 2021-01-10 21:19:16 +01:00 · ba3bf2b183
commit ba3bf2b183
parent 22b63e6c32
5 changed files with 9 additions and 17 deletions
--- a/share/oneprovision/ansible/aws.yml
+++ b/share/oneprovision/ansible/aws.yml
@ -21,3 +21,5 @@
    - update-replica
    - role: frr
      frr_iface: 'eth0'
+      # Use /16 for the internal management network address
+      frr_prefix_length: 16
--- a/share/oneprovision/ansible/roles/frr/defaults/main.yml
+++ b/share/oneprovision/ansible/roles/frr/defaults/main.yml
@ -12,7 +12,6 @@ frr_iface: 'eth0'
 # The AS number used for BGP
 frr_as: 65000

-# Prefix length for the BGP network, if 0 the interface network address will be
-# used. Otherwise the network address will use the provided length.
-frr_prefix_length: 0
+# Prefix length for the BGP network
+frr_prefix_length: 16

--- a/share/oneprovision/ansible/roles/frr/tasks/main.yml
+++ b/share/oneprovision/ansible/roles/frr/tasks/main.yml
@ -8,15 +8,6 @@
    rr_servers : "{{ rr_servers|default([]) + [ hostvars[item]['ansible_' + frr_iface].ipv4.address ] }}"
  with_items: "{{ groups['all'][:frr_rr_num] }}"

- name: Define Network Mask
-  vars:
-    net_str: "{{ vars['ansible_' + frr_iface].ipv4.network \
-      + '/' + vars['ansible_' + frr_iface].ipv4.netmask }}"
-    net_iface: "{{ net_str | ipaddr('net') }}"
-    net_fixed: "{{ vars['ansible_' + frr_iface].ipv4.network + '/' + frr_prefix_length | string }}"
-  set_fact:
-    network_cidr: "{{ net_iface if frr_prefix_length == 0 else net_fixed }}"
-
 - include: centos.yml
  when: ansible_os_family == "RedHat"

--- a/share/oneprovision/ansible/roles/frr/templates/bgpd_rr.conf.j2
+++ b/share/oneprovision/ansible/roles/frr/templates/bgpd_rr.conf.j2
@ -13,7 +13,7 @@ router bgp {{ frr_as }}
  neighbor fabric remote-as {{ frr_as }}
  neighbor fabric capability extended-nexthop
  neighbor fabric update-source {{ vars['ansible_' + frr_iface].ipv4.address }}
-  bgp listen range {{ network_cidr }} peer-group fabric
+  bgp listen range {{ vars['ansible_' + frr_iface].ipv4.network + '/' + frr_prefix_length | string }} peer-group fabric
  address-family l2vpn evpn
    neighbor fabric activate
    neighbor fabric route-reflector-client
--- a/src/oneprovision/lib/terraform/providers/templates/aws/cluster.erb
+++ b/src/oneprovision/lib/terraform/providers/templates/aws/cluster.erb
@ -62,11 +62,11 @@ resource "aws_security_group" "device_<%= obj['ID'] %>_bgp" {
  vpc_id     = aws_vpc.device_<%= c['ID'] %>.id

  ingress {
-    description = "BGP from 10.0.0.0/16"
+    description = "BGP from <%= provision['CIDR'] ? provision['CIDR'] : '10.0.0.0/16'%>"
    from_port   = 179
    to_port     = 179
    protocol    = "tcp"
-    cidr_blocks = ["10.0.0.0/16"]
+    cidr_blocks = ["<%= provision['CIDR'] ? provision['CIDR'] : '10.0.0.0/16'%>"]
  }

  egress {
@ -87,11 +87,11 @@ resource "aws_security_group" "device_<%= obj['ID'] %>_vxlan" {
  vpc_id     = aws_vpc.device_<%= c['ID'] %>.id

  ingress {
-    description = "VXLAN from 10.0.0.0/16"
+    description = "VXLAN from <%= provision['CIDR'] ? provision['CIDR'] : '10.0.0.0/16'%>"
    from_port   = 8472
    to_port     = 8472
    protocol    = "udp"
-    cidr_blocks = ["10.0.0.0/16"]
+    cidr_blocks = ["<%= provision['CIDR'] ? provision['CIDR'] : '10.0.0.0/16'%>"]
  }

  egress {