diff --git a/share/oneprovision/ansible/aws.yml b/share/oneprovision/ansible/aws.yml index 8ba0295dc6..71b2049ae3 100644 --- a/share/oneprovision/ansible/aws.yml +++ b/share/oneprovision/ansible/aws.yml @@ -21,3 +21,5 @@ - update-replica - role: frr frr_iface: 'eth0' + # Use /16 for the internal management network address + frr_prefix_length: 16 diff --git a/share/oneprovision/ansible/roles/frr/defaults/main.yml b/share/oneprovision/ansible/roles/frr/defaults/main.yml index d55c851a9f..13ac9754e2 100644 --- a/share/oneprovision/ansible/roles/frr/defaults/main.yml +++ b/share/oneprovision/ansible/roles/frr/defaults/main.yml @@ -12,7 +12,6 @@ frr_iface: 'eth0' # The AS number used for BGP frr_as: 65000 -# Prefix length for the BGP network, if 0 the interface network address will be -# used. Otherwise the network address will use the provided length. -frr_prefix_length: 0 +# Prefix length for the BGP network +frr_prefix_length: 16 diff --git a/share/oneprovision/ansible/roles/frr/tasks/main.yml b/share/oneprovision/ansible/roles/frr/tasks/main.yml index 65480476f9..f9c887b366 100644 --- a/share/oneprovision/ansible/roles/frr/tasks/main.yml +++ b/share/oneprovision/ansible/roles/frr/tasks/main.yml @@ -8,15 +8,6 @@ rr_servers : "{{ rr_servers|default([]) + [ hostvars[item]['ansible_' + frr_iface].ipv4.address ] }}" with_items: "{{ groups['all'][:frr_rr_num] }}" -- name: Define Network Mask - vars: - net_str: "{{ vars['ansible_' + frr_iface].ipv4.network \ - + '/' + vars['ansible_' + frr_iface].ipv4.netmask }}" - net_iface: "{{ net_str | ipaddr('net') }}" - net_fixed: "{{ vars['ansible_' + frr_iface].ipv4.network + '/' + frr_prefix_length | string }}" - set_fact: - network_cidr: "{{ net_iface if frr_prefix_length == 0 else net_fixed }}" - - include: centos.yml when: ansible_os_family == "RedHat" diff --git a/share/oneprovision/ansible/roles/frr/templates/bgpd_rr.conf.j2 b/share/oneprovision/ansible/roles/frr/templates/bgpd_rr.conf.j2 index 40fd01634e..4dd9dd1d2e 100644 --- a/share/oneprovision/ansible/roles/frr/templates/bgpd_rr.conf.j2 +++ b/share/oneprovision/ansible/roles/frr/templates/bgpd_rr.conf.j2 @@ -13,7 +13,7 @@ router bgp {{ frr_as }} neighbor fabric remote-as {{ frr_as }} neighbor fabric capability extended-nexthop neighbor fabric update-source {{ vars['ansible_' + frr_iface].ipv4.address }} - bgp listen range {{ network_cidr }} peer-group fabric + bgp listen range {{ vars['ansible_' + frr_iface].ipv4.network + '/' + frr_prefix_length | string }} peer-group fabric address-family l2vpn evpn neighbor fabric activate neighbor fabric route-reflector-client diff --git a/src/oneprovision/lib/terraform/providers/templates/aws/cluster.erb b/src/oneprovision/lib/terraform/providers/templates/aws/cluster.erb index 516b39fdc1..2b621db72a 100644 --- a/src/oneprovision/lib/terraform/providers/templates/aws/cluster.erb +++ b/src/oneprovision/lib/terraform/providers/templates/aws/cluster.erb @@ -62,11 +62,11 @@ resource "aws_security_group" "device_<%= obj['ID'] %>_bgp" { vpc_id = aws_vpc.device_<%= c['ID'] %>.id ingress { - description = "BGP from 10.0.0.0/16" + description = "BGP from <%= provision['CIDR'] ? provision['CIDR'] : '10.0.0.0/16'%>" from_port = 179 to_port = 179 protocol = "tcp" - cidr_blocks = ["10.0.0.0/16"] + cidr_blocks = ["<%= provision['CIDR'] ? provision['CIDR'] : '10.0.0.0/16'%>"] } egress { @@ -87,11 +87,11 @@ resource "aws_security_group" "device_<%= obj['ID'] %>_vxlan" { vpc_id = aws_vpc.device_<%= c['ID'] %>.id ingress { - description = "VXLAN from 10.0.0.0/16" + description = "VXLAN from <%= provision['CIDR'] ? provision['CIDR'] : '10.0.0.0/16'%>" from_port = 8472 to_port = 8472 protocol = "udp" - cidr_blocks = ["10.0.0.0/16"] + cidr_blocks = ["<%= provision['CIDR'] ? provision['CIDR'] : '10.0.0.0/16'%>"] } egress {