diff options
| author | Ole Mathias Heggem <olemathias.aa.heggem@gmail.com> | 2023-04-26 23:03:11 +0200 | 
|---|---|---|
| committer | Ole Mathias Heggem <olemathias.aa.heggem@gmail.com> | 2023-04-26 23:03:11 +0200 | 
| commit | d5b0d60c5362d03de2968864cd81e0f82b3a95d0 (patch) | |
| tree | 444d6daecbfaaf25134f4b3ec7b4c4080ff25fdc /examples/tg23 | |
| parent | 04862e4eebba26c6d90685fa63051d1f3cc81234 (diff) | |
TG23 Templates 🔥
Diffstat (limited to 'examples/tg23')
19 files changed, 4617 insertions, 0 deletions
| diff --git a/examples/tg23/templates/README.md b/examples/tg23/templates/README.md new file mode 100644 index 0000000..0615f52 --- /dev/null +++ b/examples/tg23/templates/README.md @@ -0,0 +1,4 @@ +# Tech Templates +The jira2 templates used to generate all network config for TG23 + +Check out [https://github.com/gathering/templating/](https://github.com/gathering/templating/) for how to use the templates
\ No newline at end of file diff --git a/examples/tg23/templates/ae-event-lol.conf b/examples/tg23/templates/ae-event-lol.conf new file mode 100644 index 0000000..0a35942 --- /dev/null +++ b/examples/tg23/templates/ae-event-lol.conf @@ -0,0 +1,9 @@ +{% set switch_name = options["switch"] %} +{% import "vars.conf" as v with context %} + +{% for ae_name, if_state in v.states[switch_name].ifs.items() if 'ae' in ae_name %} +    {% if if_state.live and ae_name != "ae0" %} +activate interfaces ge-0/0/{{ ae_name[2:] | int - 100 }} ether-options +deactivate interfaces ge-0/0/{{ ae_name[2:] | int - 100 }} unit 0 +    {% endif %} +{% endfor %} diff --git a/examples/tg23/templates/core-dynamic-networks.conf b/examples/tg23/templates/core-dynamic-networks.conf new file mode 100644 index 0000000..2f06e7b --- /dev/null +++ b/examples/tg23/templates/core-dynamic-networks.conf @@ -0,0 +1,160 @@ +{%- set floor_distros = [ +    'd1.floor', +    'd2.floor', +    'd3.floor', +    'd4.floor', +    'd5.floor', +    'd6.floor', +    ] +%} + +{% set ae10_networks = [] %} {# networks via roof #} +{% set ae11_networks = [] %} {# networks via ring #} + +{% for key, switchname in v.tree['d1.ring'].items() %} +{# some switches might not have networks. For instance wifi or "utskutt-distro" #} +    {% if switchname in v.distro_networks %} +        {% do ae11_networks.append(v.distro_networks[switchname]) %} +    {% endif %} +    {% if "distro-utskutt" in objects["public/switches"].switches[switchname].tags %} +        {% if switchname in v.tree %} +            {% for key, switchname2 in v.tree[switchname].items() %} +                {% do ae11_networks.append(v.distro_networks[switchname2]) %} +            {% endfor %} +        {% endif %} +    {% endif %} +{% endfor %} + + +{% for distro in floor_distros %} +    {% if v.tree[distro] %} +        {% for key, switchname in v.tree[distro].items() %} +            {% do ae10_networks.append(v.distro_networks[switchname]) %} +        {% endfor %} +    {% endif %} +{% endfor %} + + +{# NAT stuff gulvet #} +routing-instances { +    NAT-LAN { +{% for distro in floor_distros %} +    {% if v.tree[distro] %} +        {% for key, switchname in v.tree[distro].items() %} +            {% if "nat" in objects["public/switches"].switches[switchname].tags %} +                {% set network = v.distro_networks[switchname] %} +        interface ae10.{{ network.vlan }}; +            {% endif %} +        {% endfor %} +    {% endif %} +{% endfor %} + +{# NAT stuff ringen #} +{% if v.tree['d1.ring'] %} +    {% for key, switchname in v.tree['d1.ring'].items() %} +        {% set network = v.distro_networks[switchname] %} +        {% if "nat" in objects["public/switches"].switches[switchname].tags %} +        interface ae11.{{ network.vlan }}; +        {% endif %} +    {% endfor %} +{% endif %} +    } +} +{# Roof / Floor stuff #} +interfaces { +    ae10 { +        {% for network in ae10_networks %} +        unit {{ network.vlan }} { +            description "C: {{ network.name }} - VLAN {{ network.vlan }}"; +            no-traps; +            vlan-tags outer {{ network.vlan }}; +            family inet { +                no-redirects; +                address {{ network.gw4 }}/{{ network.subnet4|cidr }}; +            } +            family inet6 { +                address {{ network.gw6 }}/{{ network.subnet6|cidr }}; +            } +        } +        {% endfor %} +    } +} + +protocols { +    router-advertisement { +        {% for network in ae10_networks %} +        interface ae10.{{ network.vlan }} { +            max-advertisement-interval 30; +            managed-configuration; +            other-stateful-configuration; +        } +        {% endfor %} +    } +} + +forwarding-options { +    dhcp-relay { +        dhcpv6 { +            group all-networks { +                {% for network in ae10_networks %} +                interface ae10.{{ network.vlan }}; +                {% endfor %} +            } +        } +        group all-networks { +            {% for network in ae10_networks %} +            interface ae10.{{ network.vlan }}; +            {% endfor %} +        } +    } +} + +{# Ring stuff #} +{% if v.tree['d1.ring'] %} +interfaces { +    ae11 { +        {% for network in ae11_networks %} +        unit {{ network.vlan }} { +            description "C: {{ network.name }} - VLAN {{ network.vlan }}"; +            no-traps; +            vlan-tags outer {{ network.vlan }}; +            family inet { +                no-redirects; +                address {{ network.gw4 }}/{{ network.subnet4|cidr }}; +            } +            family inet6 { +                address {{ network.gw6 }}/{{ network.subnet6|cidr }}; +            } +        } +        {% endfor %} +    } +} +protocols { +    router-advertisement { +        {% for network in ae11_networks %} +        interface ae11.{{ network.vlan }} { +            max-advertisement-interval 30; +            managed-configuration; +            other-stateful-configuration; +        } +        {% endfor %} +    } +} + +forwarding-options { +    dhcp-relay { +        dhcpv6 { +            group all-networks { +                {% for network in ae11_networks %} +                interface ae11.{{ network.vlan }}; +                {% endfor %} +            } +        } +        group all-networks { +            {% for network in ae11_networks %} +            interface ae11.{{ network.vlan }}; +            {% endfor %} +        } +    } +} +{% endif %} diff --git a/examples/tg23/templates/core-routing.conf b/examples/tg23/templates/core-routing.conf new file mode 100644 index 0000000..05895c5 --- /dev/null +++ b/examples/tg23/templates/core-routing.conf @@ -0,0 +1,253 @@ +routing-instances { +    NAT-LAN { +        forwarding-options { +            dhcp-relay { +                dhcpv6 { +                    overrides { +                        allow-snooped-clients; +                    } +                    group all-networks { +                        active-server-group v6-dhcp; +                        route-suppression access-internal; +                        interface ae999.30; +                        {% for distro in floor_distros %} +                            {% if v.tree[distro] %} +                                {% for key, switchname in v.tree[distro].items() %} +                                    {% if "nat" in objects["public/switches"].switches[switchname].tags %} +                                        {% set network = v.distro_networks[switchname] %} +                                interface ae10.{{ network.vlan }}; +                                    {% endif %} +                                {% endfor %} +                            {% endif %} +                        {% endfor %} + +                        {# NAT stuff ringen #} +                        {% if v.tree['d1.ring'] %} +                            {% for key, switchname in v.tree['d1.ring'].items() %} +                                {% set network = v.distro_networks[switchname] %} +                                {% if "nat" in objects["public/switches"].switches[switchname].tags %} +                                interface ae11.{{ network.vlan }}; +                                {% endif %} +                            {% endfor %} +                        {% endif %} +                         +                    } +                    server-group { +                        v6-dhcp { +                            2a06:5841:f:d::98; +                        } +                    } +                } +                server-group { +                    v4-dhcp { +                        185.110.148.98; +                    } +                } +                group all-networks { +                    active-server-group v4-dhcp; +                    overrides { +                        allow-snooped-clients; +                        trust-option-82; +                    } +                    route-suppression { +                        access-internal; +                    } +                    interface ae999.30; +                    {% for distro in floor_distros %} +                        {% if v.tree[distro] %} +                            {% for key, switchname in v.tree[distro].items() %} +                                {% if "nat" in objects["public/switches"].switches[switchname].tags %} +                                    {% set network = v.distro_networks[switchname] %} +                            interface ae10.{{ network.vlan }}; +                                {% endif %} +                            {% endfor %} +                        {% endif %} +                    {% endfor %} + +                    {# NAT stuff ringen #} +                    {% if v.tree['d1.ring'] %} +                        {% for key, switchname in v.tree['d1.ring'].items() %} +                            {% set network = v.distro_networks[switchname] %} +                            {% if "nat" in objects["public/switches"].switches[switchname].tags %} +                            interface ae11.{{ network.vlan }}; +                            {% endif %} +                        {% endfor %} +                    {% endif %} +                } +            } +        } +        protocols { +            ospf3 { +                realm ipv4-unicast { +                    area 0.0.0.0 { +                        /* natfw1 zone: NAT-LAN */ +                        interface ae999.30; +                    } +                    reference-bandwidth 1000g; +                    export v4-from-direct-to-ospf; +                    import v4-only-default-from-ospf; +                } +                area 0.0.0.0 { +                    /* natfw1 zone: NAT-LAN */ +                    interface ae999.30; +                } +                reference-bandwidth 1000g; +                export v6-from-direct-to-ospf +                import v6-only-default-from-ospf; +            } +        } +        instance-type virtual-router; +         +        /* natfw1 zone: NAT-LAN */ +        interface ae999.30; +         +        /* Test interface */ +        interface lo0.2; +    } +    NAT-WIFI { +        forwarding-options { +            dhcp-relay { +                dhcpv6 { +                    overrides { +                        allow-snooped-clients; +                    } +                    group all-networks { +                        active-server-group v6-dhcp; +                        route-suppression access-internal; +                        interface irb.778; +                    } +                    server-group { +                        v6-dhcp { +                            2a06:5841:f:d::98; +                        } +                    } +                } +                server-group { +                    v4-dhcp { +                        185.110.148.98; +                    } +                } +                group all-networks { +                    active-server-group v4-dhcp; +                    overrides { +                        allow-snooped-clients; +                        trust-option-82; +                    } +                    route-suppression { +                        access-internal; +                    } +                    interface ae999.20; +                    interface irb.778; +                } +            } +        } +        protocols { +            ospf3 { +                realm ipv4-unicast { +                    area 0.0.0.0 { +                        interface ae999.20; +                    } +                    reference-bandwidth 1000g; +                    import v4-only-default-from-ospf; +                    export v4-from-direct-to-ospf; +                } +                area 0.0.0.0 { +                    /* natfw1 zone: NAT-WIFI */ +                    interface ae999.20; +                } +                reference-bandwidth 1000g; +                import v6-only-default-from-ospf; +                export v6-from-direct-to-ospf; +            } +        } +        instance-type virtual-router; +         +        /* natfw1 zone: NAT-WIFI */ +        interface ae999.20; +         +        /* s1.tele mgmt and lab (static-ip) */ +        interface ae11.20; +         +        /* Test interface */ +        interface lo0.1; +         +        /* All wifi clients for SSID The Gathering */ +        interface irb.778; +    } +} + +routing-options { +    nonstop-routing; +    rib inet6.0 { +        static { +            route 2a06:5840::/29 { +                discard; +                no-install; +            } +        } +    } +    rib inet.0 { +        static { +            /* NAT POOL */ +            route 185.110.150.0/24 next-hop 185.110.148.163; +             +            /* vpn.tg23.gathering.org */ +            route 151.216.255.0/24 next-hop 185.110.148.110; +             +            /* Telenor */ +            route 88.92.0.0/17 { +                discard; +                no-install; +            } +            /* RIPE */ +            route 151.216.128.0/17 { +                discard; +                no-install; +            } +            /* KANDU */ +            route 185.110.148.0/22 { +                discard; +                no-install; +            } +        } +    } +    router-id 185.110.148.0; +    autonomous-system 21067; +} + +protocols { +    ospf3 { +        realm ipv4-unicast { +            area 0.0.0.0 { +                /* natfw1 zone: inet */ +                interface ae999.10; +                /* stand */ +                interface ae12.0; +            } +            reference-bandwidth 1000g; +            export [ static-to-ospf direct-to-ospf v4-default-from-bgp ]; +        } +        area 0.0.0.0 { +            /* natfw1 zone: inet */ +            interface ae999.10; +            /* stand */ +            interface ae12.0; +        } +        export [ static-to-ospf direct-to-ospf v6-default-from-bgp ]; +        reference-bandwidth 1000g; +    } +    bgp { +        group telenor { +            authentication-key "<removed>"; ## SECRET-DATA +            peer-as 2119; +            neighbor 193.212.22.1 { +                import telenor-in-v4; +                export telenor-out-v4; +            } +            neighbor 2001:4600:9:300::291 { +                import telenor-in-v6; +                export telenor-out-v6; +            } +        } +    } +} diff --git a/examples/tg23/templates/core.conf b/examples/tg23/templates/core.conf new file mode 100644 index 0000000..4c8ee54 --- /dev/null +++ b/examples/tg23/templates/core.conf @@ -0,0 +1,853 @@ +{# Query parameters: ?switch=e1-1 #} +{%- if options["switch"] %} +{%- set switch_name = options["switch"] %} +{%- import "vars.conf" as v with context %} + +{% include "core-dynamic-networks.conf" %} + +{% include "core-routing.conf" %} + +{% include "global.conf" %} + +chassis { +    redundancy { +        graceful-switchover; +        routing-engine 0 master; +        routing-engine 1 backup; +        failover { +            on-loss-of-keepalives; +            on-disk-failure; +        } +    } +    fpc 2 { +        pic 0 { +            pic-mode 10G; +        } +        pic 1 { +            pic-mode 10G; +        } +    } +    fpc 3 { +        pic 0 { +            pic-mode 10G; +        } +        pic 1 { +            pic-mode 10G; +        } +    } +    fpc 4 { +        pic 0 { +            pic-mode 40G; +        } +        pic 1 { +            pic-mode 100G; +        } +    } +    fpc 5 { +        pic 0 { +            pic-mode 40G; +        } +        pic 1 { +            pic-mode 100G; +        } +    } +    alarm { +        management-ethernet { +            link-down ignore; +        } +    } +    network-services enhanced-ip; +} + +{# Static interfaces #} +interfaces { +    lo0 { +        description "B: loopback interface"; +        unit 0 { +            description "B: Loopback global routing table"; +            family inet { +                address 185.110.148.0/32; +            } +            family inet6 { +                address 2a06:5841:f:a::/128; +            } +        } +        unit 1 { +            description "B: Loopback NAT-WIFI routing instance"; +            family inet { +                address 192.168.0.0/32; +            } +            family inet6 { +                address 2a06:5841:f:e:b00b::/128; +            } +        } +        unit 2 { +            description "B: Loopback NAT-LAN routing instance"; +            family inet { +                address 192.168.0.1/32; +            } +            family inet6 { +                address 2a06:5841:f:e:d00d::/128; +            } +        } +         +    } +    xe-2/0/0 { +        description "G: Telenor #1 (ae0)"; +        gigether-options { +            802.3ad ae0; +        } +    } +    xe-3/0/0 { +        description "G: Telenor #2 (ae0)"; +        gigether-options { +            802.3ad ae0; +        } +    } +    xe-2/0/1 { +        description "G: Telenor #3 (ae0)"; +        gigether-options { +            802.3ad ae0; +        } +    } +    xe-3/0/1 { +        description "G: Telenor #4 (ae0)"; +        gigether-options { +            802.3ad ae0; +        } +    } +    xe-2/0/2 { +        description "G: Telenor #5 (ae0)"; +        gigether-options { +            802.3ad ae0; +        } +    } +    xe-2/0/5 { +        description "G: bamsemums #1 (ae2)"; +        gigether-options { +            802.3ad ae2; +        } +    } +    xe-3/0/5 { +        description "G: bamsemums #2 (ae2)"; +        gigether-options { +            802.3ad ae2; +        } +    } +    xe-2/0/6 { +        description "G: bamsemums #3 (ae2)"; +        gigether-options { +            802.3ad ae2; +        } +    } +    xe-3/0/6 { +        description "G: bamsemums #4 (ae2)"; +        gigether-options { +            802.3ad ae2; +        } +    } + +    xe-2/0/7 { +    	description "C: krokodille (storage) (ae3)"; +	    gigether-options { +		    802.3ad ae3; +	    } +    } + +    xe-2/0/8 { +    	description "C: krokodille (storage) (ae3)"; +	    gigether-options { +		    802.3ad ae3; +	    } +    } + +    xe-3/0/7 { +    	description "C: krokodille (storage) (ae3)"; +	    gigether-options { +		    802.3ad ae3; +	    } +    } + +    xe-3/0/8 { +    	description "C: krokodille (storage) (ae3)"; +	    gigether-options { +		    802.3ad ae3; +	    } +    } + +    et-4/0/2 { +        description "G: r1.stand et-0/0/48 (ae12)"; +        gigether-options { +            802.3ad ae12; +        } +    } +    et-5/0/2 { +        description "G: r1.stand et-1/0/48 (ae12)"; +        gigether-options { +            802.3ad ae12; +        } +    } +    et-4/0/0 { +        description "G: d1.roof et-0/0/48 (ae10)"; +        gigether-options { +            802.3ad ae10; +        } +    } +    et-5/0/0 { +        description "G: d1.roof et-1/0/48 (ae10)"; +        gigether-options { +            802.3ad ae10; +        } +    } +    et-4/0/1 { +        description "G: d1.ring et-4/0/24 (4/noc) (ae11)"; +        gigether-options { +            802.3ad ae11; +        } +    } +    et-5/0/1 { +        description "G: d1.ring et-5/1/0 (5/tele) (ae11)"; +        gigether-options { +            802.3ad ae11; +        } +    } +    et-4/0/3 { +        description "G: natfw1.tele <et-1/0/0> (ae999) - node0"; +        gigether-options { +            802.3ad { +                ae999; +                primary; +            } +        } +    } +    et-4/1/2 { +        description "C: dumle eth1 port mirror"; +    } + +    et-5/0/3 { +        description "G: natfw1.tele <et-8/0/0> (ae999) - node1"; +       gigether-options { +            802.3ad { +                ae999; +                backup; +            } +        } +    } +    ae0 { +        description "P: Telenor - AS2119 - (Telenor rtr: ti0010a400)"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                filter { +                    input internet-ingress-v4; +                    output internet-egress-v4; +                } +                address 193.212.22.2/30; +            } +            family inet6 { +                filter { +                    input internet-ingress-v6; +                    output internet-egress-v6; +                } +                address 2001:4600:9:300::292/126; +            } +        } +    } +    ae2 { +        description "C: bamsemums bond0"; +        flexible-vlan-tagging; +        encapsulation flexible-ethernet-services; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 100 { +            description "C: bamsemums vm-host" +            vlan-tags outer 100; +            family inet { +                address 185.110.148.32/31; +            } +            family inet6 { +                address 2a06:5841:f:b::0/127 +            } +        } +        unit 101 { +            description "C: bamsemums tech-vms"; +            vlan-tags outer 101; +            family inet { +                address 185.110.148.97/27; +            } +            family inet6 { +                address 2a06:5841:f:d::1/64; +            } +        } +        unit 102 { +            description "C: bamsemums vms"; +            vlan-tags outer 102; +            family inet { +                address 151.216.248.1/25; +            } +            family inet6 { +                address 2a06:5841:100::1/64; +            } +        } +    } + +    ae3 { +        description "C: krokodille (storage) bond0"; +        flexible-vlan-tagging; +        encapsulation flexible-ethernet-services; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 100 { +            description "C: krokodille vm-host"; +            vlan-tags outer 100; +            family inet { +                address 185.110.148.34/31; +            } +            family inet6 { +                address 2a06:5841:f:b::2/127; +            } +        } +        unit 101 { +            description "C: krokodille vms"; +            vlan-tags outer 101; +            family inet { +                address 151.216.248.129/28;  +            } +            family inet6 { +                address 2a06:5841:100:2::1/64; +            } +        } +    } + +    ae10 { +        description "B: d1.roof ae20"; +        flexible-vlan-tagging; +        encapsulation flexible-ethernet-services; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 666 { +            description "B: d1.roof edge mgmt"; +            vlan-tags outer 666; +            family inet { +                address 151.216.130.1/24; +            } +            family inet6 { +                address 2a06:5841:f:10::1/64; +            } +        } +        unit 667 { +            description "B: d1.roof distro mgmt"; +            vlan-tags outer 667; +            family inet { +                address 185.110.148.17/28; +            } +            family inet6 { +                address 2a06:5841:f:11::1/64; +            } +        } +        unit 777 { +            description "B: d1.roof AP mgmt"; +            encapsulation vlan-bridge; +            vlan-id 777; +        } +        unit 778 { +            description "C: d1.roof wifi clients"; +            encapsulation vlan-bridge; +            vlan-id 778; +        } +    } +    ae11 { +        description "B: d1.ring ae0"; +        flexible-vlan-tagging; +        encapsulation flexible-ethernet-services; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 10 { +            description "C: southcam - VLAN 10 (static-ip)"; +            vlan-tags outer 10; +            family inet { +                address 192.168.0.9/30; +            } +        } +        unit 11 { +            description "C: tele-ipmi - VLAN 11 (static-ip)"; +            vlan-tags outer 11; +            family inet { +                address 185.110.148.41/29; +            } +            family inet6 { +                address 2a06:5841:f:f::1/64; +            } +        } +        unit 20 { +            description "C:s1.tele mgmt and lab (static-ip)"; +            vlan-id 20; +            family inet { +                address 185.110.148.177/28; +            } +            family inet6 { +                address 2a06:5841:f:1336::1/64; +            } +        } +        unit 666 { +            description "B: d1.ring edge mgmt"; +            vlan-tags outer 666; +            family inet { +                address 151.216.131.1/25; +            } +            family inet6 { +                address 2a06:5841:f:20::1/64; +            } +        } +        unit 667 { +            description "B: d1.ring distro mgmt"; +            vlan-tags outer 667; +            family inet { +                address 185.110.148.9/29; +            } +            family inet6 { +                address 2a06:5841:f:21::1/64; +            } +        } +        unit 777 { +            description "B: d1.ring AP mgmt"; +            encapsulation vlan-bridge; +            vlan-id 777; +        } +        unit 778 { +            description "C: d1.ring wifi clients"; +            encapsulation vlan-bridge; +            vlan-id 778; +        } +    } +    ae12 { +        description "B: r1.stand ae0"; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.160/31; +            } +            family inet6 { +                address 2a06:5841:f:100::1/64; +            } +        } +    } +    ae999 { +        description "B: natfw1.tele reth0"; +        vlan-tagging; +        aggregated-ether-options { +            link-protection; +        } +        unit 10 { +            description OUTSIDE/INET; +            vlan-id 10; +            family inet { +                address 185.110.148.162/31; +            } +            family inet6 { +                address 2a06:5841:f:101::/127; +            } +        } +        unit 20 { +            description NAT-WIFI; +            vlan-id 20; +            family inet { +                address 185.110.148.164/31; +            } +            family inet6 { +                address 2a06:5841:f:101::2/127; +            } +        } +        unit 30 { +            description NAT-LAN; +            vlan-id 30; +            family inet { +                address 185.110.148.166/31; +            } +            family inet6 { +                address 2a06:5841:f:101::4/127; +            } +        } +    } +    irb { +        unit 777 { +            description "B: wifi AP mgmt"; +            family inet { +                address 151.216.131.129/25; +            } +            family inet6 { +                address 2a06:5841:f:12::1/64; +            } +        } +        unit 778 { +            description "B: wifi clients"; +            family inet { +                address 151.216.144.1/20; +            } +            family inet6 { +                address 2a06:5841:6e::1/64; +            } +        } +    } +} + +bridge-domains { +    BD-WIFI-MGMT { +        domain-type bridge; +        vlan-id 777; +        interface ae10.777; +        interface ae11.777; +        routing-interface irb.777; +    } +    BD-WIFI-NAT { +        domain-type bridge; +        vlan-id 778; +        interface ae10.778; +        interface ae11.778; +        routing-interface irb.778; +    } +} + + +{# Static forwarding options for mgmt #} +forwarding-options { +    storm-control-profiles default { +        all; +    } +    dhcp-relay { +        dhcpv6 { +            overrides { +                allow-snooped-clients; +            } +            group all-networks { +                active-server-group v6-dhcp; +                route-suppression access-internal; +                interface irb.777; +                interface irb.778; +                interface ae2.102; +                interface ae10.666; +                interface ae10.667; +                interface ae11.666; +                interface ae11.667; +                interface ae999.10; +            } +           server-group { +                v6-dhcp { +                    2a06:5841:f:d::98; +                } +            } +        } +        server-group { +            v4-dhcp { +                185.110.148.98; +            } +        } +        group all-networks { +            active-server-group v4-dhcp; +            overrides { +                allow-snooped-clients; +                trust-option-82; +            } +            route-suppression { +                access-internal; +            } +            interface irb.777; +            interface irb.778; +            interface ae2.102; +            interface ae10.666; +            interface ae10.667; +            interface ae11.666; +            interface ae11.667; +            interface ae999.10; +        } +    } +    analyzer { +        INTERNETSPAM { +            input { +                ingress { +                    interface ae0.0; +                } +                egress { +                    interface ae0.0; +                } +            } +            output { +                interface et-4/1/2.0; +            } +        } +    } +} + +protocols { +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface all; +    } +    layer2-control { +        nonstop-bridging; +    } +    router-advertisement{ +        interface irb.777 { +            max-advertisement-interval 30; +            managed-configuration; +            other-stateful-configuration; +        } +        interface irb.778 { +            max-advertisement-interval 30; +            managed-configuration; +            other-stateful-configuration; +        } +    } +    sflow {                              +        agent-id 185.110.148.0 inet6 2a06:5841:f:a::; +        sample-rate { +            ingress 1; +            egress 1; +        } +        collector 185.110.148.137; +        interfaces all-ports; +    } +} + +policy-options { +    policy-statement static-to-ospf { +        from protocol static; +        then { +            external { +                type 1; +            } +            accept; +        } +    } +    policy-statement direct-to-ospf { +        from protocol direct; +        then { +            external { +                type 1; +            } +            accept; +        } +    } +    policy-statement telenor-in-v4 { +        term accept-default { +            from { +                route-filter 0.0.0.0/0 exact; +            } +            then accept; +        } +        term reject-all { +            then reject; +        } +    } +    policy-statement telenor-in-v6 { +        term accept-default { +            from { +                route-filter ::/0 exact; +            } +            then accept; +        } +        term reject-all { +            then reject; +        } +    } +    policy-statement telenor-out-v4 { +        term accept-our-routes { +            from { +                route-filter 88.92.0.0/17 exact; +                route-filter 151.216.128.0/17 exact; +                route-filter 194.143.120.0/21 upto /24; +                route-filter 185.110.148.0/22 upto /24; +            } +            then accept; +        } +        term reject-all { +            then reject; +        } +    } +    policy-statement telenor-out-v6 { +        term accept-our-routes { +            from { +                route-filter 2a06:5840::/29 exact; +            } +            then accept; +        } +        term reject-all { +            then reject; +        } +    } +    policy-statement v4-default-from-bgp { +        from { +            protocol bgp; +            route-filter 0.0.0.0/0 exact; +        } +        then accept; +    } +    policy-statement v6-default-from-bgp { +        from { +            protocol bgp; +            route-filter ::0/0 exact; +        } +        then accept; +    } +    policy-statement v4-from-direct-to-ospf { +        from protocol direct; +        then accept; +    } +    policy-statement v4-only-default-from-ospf { +        term FROM-OSPF { +            from { +                protocol ospf; +                route-filter 0.0.0.0/0 exact; +            } +            then accept; +        } +        then reject; +    } +    policy-statement v6-from-direct-to-ospf { +        from protocol direct; +        then accept; +    } +    policy-statement v6-only-default-from-ospf { +        term FROM-OSPF { +            from { +                protocol ospf; +                route-filter ::0/0 exact; +            } +            then accept; +        } +        then reject; +    } +} +firewall { +    family inet { +        filter internet-ingress-v4 { +            interface-specific; +            term count-our { +                from { +                    source-address { +                        88.92.0.0/17; +                        185.110.148.0/22; +                        151.216.128.0/17; +                    } +                } +                then { +                    count count-our; +                    accept; +                } +            } +            term accept-all { +                then { +                    count accept-all; +                    accept; +                } +            } +        } +        filter internet-egress-v4 { +            interface-specific; +            term accept-all { +                then { +                    count accept-all; +                    accept; +                } +            } +        } +    } +    family inet6 { +        filter internet-ingress-v6 { +            interface-specific; +            term accept-all { +                then { +                    count accept-all; +                    accept; +                } +            } +        } +        filter internet-egress-v6 { +            interface-specific; +            term accept-all { +                then { +                    count accept-all; +                    accept; +                } +            } +        } +    } +} + +services { +    analytics { +        streaming-server graph.lasse.cloud { +            remote-address 195.47.216.71; +            remote-port 30001; +        } +        /* Jonas L test VM */ +        streaming-server vm-ovemy.tg23.gathering.org { +            remote-address 151.216.249.31; +            remote-port 30002; +        } +        streaming-server gondul.tg23.gathering.org { +            remote-address 185.110.148.105; +            remote-port 5015; +        } +        export-profile export_often { +            local-address 185.110.148.0; +            local-port 20002; +            reporting-rate 10; +            format gpb; +            transport udp; +        } +        export-profile JONAS-TEST { +            local-address 185.110.148.0; +            local-port 20000; +            reporting-rate 1; +            format gpb; +            transport udp; +        } +        sensor junos_system_linecard_interface_traffic { +            server-name [ graph.lasse.cloud vm-ovemy.tg23.gathering.org gondul.tg23.gathering.org ]; +            export-name export_often; +            resource /junos/system/linecard/interface/traffic/; +        } +        sensor junos_system_linecard_logical { +            server-name graph.lasse.cloud; +            export-name export_often; +            resource /junos/system/linecard/interface/logical/usage/; +        } +        sensor DDOS { +            server-name vm-ovemy.tg23.gathering.org; +            export-name JONAS-TEST; +            resource /junos/system/linecard/ddos/; +        } +    } +} + +{% else %} +Unsupported option. Please use +"?switch=switch_name" +{% endif %} diff --git a/examples/tg23/templates/dist-roof.conf b/examples/tg23/templates/dist-roof.conf new file mode 100644 index 0000000..eeba5d0 --- /dev/null +++ b/examples/tg23/templates/dist-roof.conf @@ -0,0 +1,113 @@ +{# Query parameters: ?switch=e1-1 #} +{% set switch_name = options["switch"] %} +{% import "vars.conf" as v with context %} +{% include "global.conf" %} + +{% include "distro-common.conf" %} + +protocols { +    rstp { +        bridge-priority 4k; +    } +} + +interfaces { +    et-0/0/48 { +        description "G: r1.tele (ae0)"; +        ether-options { +            802.3ad ae0; +        } +    } +    et-1/0/48 { +        description "G: r1.tele (ae0)"; +        ether-options { +            802.3ad ae0; +        } +    } +    ae0 { +        description "B: r1.tele ae10"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                interface-mode trunk; +                vlan { +                    members [ distro-mgmt edge-mgmt aps-mgmt ssid-the-gathering {% for distro_name, linkmap in v.tree.items() if 'floor' in distro_name %}{% for port, network_name in linkmap.items() %} {{ network_name }}{% endfor %}{% endfor %}]; +                } +            } +        } +    } +{% for distroname, distro in v.distrodata.items() if 'floor' in distroname %} +    {{ distro.remote_phy1 }} { +        description "G: {{ distroname }} {{ distro.if1 }} ({{ distro.remote_ae }})"; +        ether-options { +            802.3ad {{ distro.remote_ae }}; +        } +    } +    {{ distro.remote_phy2 }} { +        description "G: {{ distroname }} {{ distro.if2 }} ({{ distro.remote_ae }})"; +        ether-options { +            802.3ad {{ distro.remote_ae }}; +        } +    } +    {{ distro.remote_ae }} { +        description "B: {{ distroname }} ae0"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                interface-mode trunk; +                vlan { +                {% if v.tree[distroname] %} +                    members [ distro-mgmt edge-mgmt aps-mgmt ssid-the-gathering {% for port, network_name in v.tree[distroname].items() %}{{ network_name }} {% endfor %}]; +                {% else %} +                    members [ distro-mgmt edge-mgmt aps-mgmt ssid-the-gathering ]; +                {% endif %} +                } +            } +        } +    } +{% endfor %} +} + +vlans { +{% for distro_name, linkmap in v.tree.items() if 'floor' in distro_name %} +    {% for port, network_name in linkmap.items() %} +    {{ network_name }} { +        vlan-id {{ v.distro_networks[network_name].vlan }}; +    } +    {% endfor %} +{% endfor %} +    distro-mgmt { +        vlan-id 667; +        l3-interface irb.667; +    } +    edge-mgmt { +        vlan-id 666; +    } +    aps-mgmt { +        vlan-id 777; +    } +    ssid-the-gathering { +        vlan-id 778; +    } +} + +virtual-chassis { +    preprovisioned; +    no-split-detection; +    member 0 { +        role routing-engine; +        serial-number <removed>; +    } +    member 1 { +        role routing-engine; +        serial-number <removed>; +    } +} diff --git a/examples/tg23/templates/distro-common.conf b/examples/tg23/templates/distro-common.conf new file mode 100644 index 0000000..1ea1894 --- /dev/null +++ b/examples/tg23/templates/distro-common.conf @@ -0,0 +1,192 @@ + +protocols { +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface all; +    } +} + +{# Find all networks related to this device and store it temporarly in the network dict for easy access later #} +{%- set networks = {} %} +{%- for network_name, network in v.distro_networks.items() %} +    {%- set device = network_name %} +    {%- if v.switches[device] and v.switches[device].distro_name == switch_name %} +        {%- set s = objects["public/switches"].switches[device] %} +        {%- set port = v.switches[device].distro_phy_port %} + +        {%- if switch_name != 'd1.ring' %} +            {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) %} +        {%- else %} +            {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) %} +        {%- endif %} + +        {#- må bruke tags fra downstream switch -#} +        {%- set if_prefix = 'ge' -%} +        {%- if "multirate" in s.tags and "10g-copper" in s.tags -%} +            {%- set if_prefix = 'mge' -%} +        {%- elif "10g-uplink" in s.tags -%} +            {%- set if_prefix = 'xe' -%} +        {%- endif -%} + +        {%- set ae = "ae" ~ v.create_interface_ae(port) %} +        {%- if switch_name == 'd1.ring' %} +            {% set ae = "ae{}".format(network.vlan) %} +        {%- endif %} + +        {% do networks.update({ network_name: +            {'ae': "ae{}".format(network.vlan), +            'fap_interface' : "{}{}".format(if_prefix, ge0), +            'vlan_id': network.vlan +            }}) +        %} +    {% endif %} +{% endfor %} + +{% for network_name, network in networks.items() %} +event-options { +    policy {{ network.ae }}down { +        events snmp_trap_link_down; +        attributes-match { +            snmp_trap_link_down.interface-name matches "{{ network.ae }}$"; +        } +        then { +            change-configuration { +                retry count 10 interval 10; +                commands { +                    "activate interfaces {{ network.fap_interface }} unit 0"; +                    "deactivate interfaces {{ network.fap_interface }} ether-options"; +                } +                user-name tech; +                commit-options { +                    log "Autoconfig-script: {{ network.ae }} went down so removed {{ network.fap_interface }} from bundle"; +                } +            } +        } +    } +    policy {{ network.ae }}up { +        events snmp_trap_link_up; +        attributes-match { +            snmp_trap_link_up.interface-name matches "{{ network.ae }}$"; +        } +        then { +            change-configuration { +                retry count 10 interval 10; +                commands { +                    "deactivate interfaces {{ network.fap_interface }} unit 0"; +                    "activate interfaces {{ network.fap_interface }} ether-options"; +                } +                user-name tech; +                commit-options { +                    log "Autoconfig-script: {{ network.ae }} came up so added {{ network.fap_interface }} to bundle"; +                } +            } +        } +    } +} +{% endfor %} + +{# L2 VLANS-DELTAGERE #} +vlans { +{% for network_name, network in networks.items() %} +    {{ network_name }} { +        vlan-id {{ network.vlan_id }}; +    } +{% endfor %} +    distro-mgmt { +        vlan-id 667; +        {% if "els-software" in v.switch_tags %} +        l3-interface irb.667; +        forwarding-options { +            dhcp-security { +                option-82 { +                    circuit-id { +                        prefix { +                            host-name; +                        } +                        use-vlan-id; +                    } +                } +            } +        } +        {% else %} +        l3-interface vlan.667; +        {% endif %} +    } +    edge-mgmt { +        vlan-id 666; +    } +    aps-mgmt { +        vlan-id 777; +    } +    ssid-the-gathering { +        vlan-id 778; +    } +    {% if switch_name == 'd1.ring' %} +    southcam { +        vlan-id 10; +    } +    tele-ipmi { +        vlan-id 11; +    } +    {% endif %} +} + +{# ETHERNET SWITCHING OPTIONS #} +{% if not "els-software" in v.switch_tags %} +ethernet-switching-options { +    storm-control { +    {% for network_name, network in networks.items() %} +        interface {{ network.ae }}; +    {% endfor %} +    } +    secure-access-port { +        vlan edge-mgmt { +            dhcp-option82 { +                circuit-id { +                    prefix hostname; +                    use-vlan-id; +                } +            } +        } +    } +} +{% endif %} + +{# MGT-NETWORK #} +interfaces { +    {% if "els-software" in v.switch_tags %} +    irb { +    {% else %} +    vlan { +    {% endif %} +        unit 667 { +            description "switch management"; +            family inet { +                filter { +                    input mgmt-v4; +                } +                address {{ v.switches[switch_name]['mgmt_v4_addr'] }}/{{ v.switch_management_network['subnet4'] | cidr }}; +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +                address {{ v.switches[switch_name]['mgmt_v6_addr'] }}/{{ v.switch_management_network['subnet6'] | cidr }}; +            } +        } +    } +} + +routing-options { +     rib inet.0 { +         static { +             route 0.0.0.0/0 next-hop {{ v.switch_management_network.gw4 }}; +         } +     } +     rib inet6.0 { +         static { +             route ::/0 next-hop {{ v.switch_management_network.gw6 }}; +         } +     } + }
\ No newline at end of file diff --git a/examples/tg23/templates/edge.conf b/examples/tg23/templates/edge.conf new file mode 100644 index 0000000..f52c649 --- /dev/null +++ b/examples/tg23/templates/edge.conf @@ -0,0 +1,431 @@ +{# Query parameters: ?switch=e1-1 #} +{% include "global.conf" %} +{% set poe_interface_port_numbers = [40, 41, 42, 43] %} + +protocols { +    rstp { +        bridge-priority 32k; +        interface edge-ports { +            edge; +            no-root-port; +        } +    } +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface uplink-ports; +        {% if "wifi" in v.switch_tags and "ex4300-48mp" in v.switch_tags %} +        interface mge-0/0/40; +        interface mge-0/0/41; +        interface mge-0/0/42; +        interface mge-0/0/43; +        {% elif "wifi" in v.switch_tags %} +        interface ge-0/0/40; +        interface ge-0/0/41; +        interface ge-0/0/42; +        interface ge-0/0/43; +        {% endif %} +    } +} + +interfaces { +    interface-range edge-ports { +        {% if 'multirate' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/23; +        member-range mge-0/0/24 to mge-0/0/43; +        {% elif 'net-event-activites' in v.switch_tags and 'net-event-artnet' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/27; +        member-range ge-0/0/36 to ge-0/0/43; +        {% elif 'net-event-arena' in v.switch_tags and 'net-event-artnet' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/31; +        member-range ge-0/0/40 to ge-0/0/43; +        {% elif 'net-event-activites' in v.switch_tags and 'net-event-arena' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/27; +        member-range ge-0/0/32 to ge-0/0/35; +        member-range ge-0/0/40 to ge-0/0/43; +        {% elif 'net-event-activites' in v.switch_tags and 'net-event-artnet' in v.switch_tags and 'net-event-arena' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/27; +        member-range ge-0/0/40 to ge-0/0/43; +        {% elif 'net-location-beredskap' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/23; +        member-range ge-0/0/28 to ge-0/0/43; +        {% elif 'net-event-activites' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/27; +        member-range ge-0/0/32 to ge-0/0/43; +        {% elif 'net-event-artnet' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/31; +        member-range ge-0/0/36 to ge-0/0/43; +        {% elif 'net-event-arena' in v.switch_tags %} +        member-range ge-0/0/0 to ge-0/0/35; +        member-range ge-0/0/40 to ge-0/0/43; +        {% else %} +        member-range ge-0/0/0 to ge-0/0/43; +        {% endif %} +        {% if 'wifi-switch' in v.switch_tags %} +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        {% if "els-software" in v.switch_tags %} +        native-vlan-id 777; +        {% endif %} +        {% else %} +        description "C: {{ v.network.name }} - VLAN {{ v.network.vlan }}"; +        {% endif %} +        unit 0 { +            family ethernet-switching { +                {% if 'wifi-switch' in v.switch_tags %} +                {% if "els-software" in v.switch_tags %} +                interface-mode trunk; +                {% else %} +                port-mode trunk; +                native-vlan-id 777; +                {% endif %} +                vlan { +                    members [ ssid-the-gathering ]; +                } +                {% else %} +                {% if "els-software" in v.switch_tags %} +                interface-mode access; +                {% else %} +                port-mode access; +                {% endif %} +                vlan { +                    members {{ v.network.name }}; +                } +                {% endif %} +            } +        } +    } +{% for ifindex in range(24, 44) %} +    {% if "net-event-arena" in v.switch_tags and "crew" in v.switch_tags and ifindex in (36,37,38,39) %} +    ge-0/0/{{ ifindex }} { +        description "C: event-arena - VLAN 3000"; +        unit 0 { +            family ethernet-switching { +                {% if "els-software" in v.switch_tags %} +                interface-mode access; +                {% else %} +                port-mode access; +                {% endif %} +                vlan { +                    members event-arena; +                } +            } +        } +    } +    {% endif %} +    {% if "net-event-artnet" in v.switch_tags and "crew" in v.switch_tags and ifindex in (32,33,34,35) %} +    ge-0/0/{{ ifindex }} { +        description "C: event-artnet - VLAN 3001"; +        unit 0 { +            family ethernet-switching { +                {% if "els-software" in v.switch_tags %} +                interface-mode access; +                {% else %} +                port-mode access; +                {% endif %} +                vlan { +                    members event-artnet; +                } +            } +        } +    } +    {% endif %} +    {% if "net-event-activites" in v.switch_tags and "crew" in v.switch_tags and ifindex in (28,29,30,31) %} +    ge-0/0/{{ ifindex }} { +        description "C: event-activites - VLAN 3002"; +        unit 0 { +            family ethernet-switching { +                {% if "els-software" in v.switch_tags %} +                interface-mode access; +                {% else %} +                port-mode access; +                {% endif %} +                vlan { +                    members event-activites; +                } +            } +        } +    } +    {% endif %} +    {% if "net-location-beredskap" in v.switch_tags and "crew" in v.switch_tags and ifindex in (24,25,26,27) %} +    ge-0/0/{{ ifindex }} { +        description "C: location-beredskap - VLAN 3003"; +        unit 0 { +            family ethernet-switching { +                {% if "els-software" in v.switch_tags %} +                interface-mode access; +                {% else %} +                port-mode access; +                {% endif %} +                vlan { +                    members location-beredskap; +                } +            } +        } +    } +    {% endif %} +    {% if ("wifi" in v.switch_tags and "crew" in v.switch_tags and ifindex in (40,41,42,43)) or (switch_name == "e1.crew" and ifindex in (40,41,42,43))  %} +    {% set wifi_vlan_list = ["ssid-the-gathering"] %} +    {% if "els-software" in v.switch_tags %} +	{% do wifi_vlan_list.append("aps-mgmt") %} +    {% endif %} +    {% if "ex4300-48mp" in v.switch_tags %} +    mge-0/0/{{ ifindex }} { +    {% else %} +    ge-0/0/{{ ifindex }} { +    {% endif %} +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        {% if "els-software" in v.switch_tags %} +        native-vlan-id 777; +        {% endif %} +        unit 0 { +            family ethernet-switching { +                {% if "els-software" in v.switch_tags %} +                interface-mode trunk; +                {% else %} +                port-mode trunk; +                native-vlan-id 777; +                {% endif %} +                vlan { +                    members [ {% for vlan_name in wifi_vlan_list %}{{ vlan_name }} {% endfor %}]; +                } +            } +        } +    } +    {% endif %} +{% endfor %} +    interface-range uplink-ports { +        description "G: {{ v.switch_management.distro_name }} (ae0)"; +        {% for port in v.uplink_ns.uplink_ports %} +        member {{ port }}; +        {% endfor %} +        ether-options { +            802.3ad ae0; +        } +    } + +    {% if not "multirate" in v.switch_tags %} +    interface-range unused-ports { +        description "not-in-use"; +        disable; +        {% for port in v.uplink_ns.all_ports %} +        {% if port not in v.uplink_ns.uplink_ports %} +        member {{ port }}; +        {% endif %} +        {% endfor %} +    } +    {% endif %} +    ae0 { +        description "B: {{ v.switch_management.distro_name }}"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                {% if "els-software" in v.switch_tags %} +                interface-mode trunk; +                {% else %} +                port-mode trunk; +                {% endif %} +                vlan { +                    {% set vlan_list = [] %} +                    {% if "net-event-arena" in v.switch_tags and "crew" in v.switch_tags %} +                        {% do vlan_list.append("event-arena") %} +                    {% endif %} +                    {% if "net-event-artnet" in v.switch_tags and "crew" in v.switch_tags %} +                        {% do vlan_list.append("event-artnet") %} +                    {% endif %} +                    {% if "net-event-activites" in v.switch_tags and "crew" in v.switch_tags %} +                        {% do vlan_list.append("event-activites") %} +                    {% endif %} +                    {% if "net-location-beredskap" in v.switch_tags and "crew" in v.switch_tags %} +                        {% do vlan_list.append("location-beredskap") %} +                    {% endif %} +                    {% if "wifi" in v.switch_tags and "crew" in v.switch_tags %} +                        {% do vlan_list.append("aps-mgmt") %} +                        {% do vlan_list.append("ssid-the-gathering") %} +                    {% endif %} +                    {% if "wifi-switch" in v.switch_tags %} +                    members [ aps-mgmt ssid-the-gathering edge-mgmt ]; +                    {% else %} +                    members [ {{ v.network.name }} edge-mgmt {% for vlan in vlan_list %}{{ vlan }} {% endfor %}]; +                    {% endif %} +                } +            } +        } +    } +    {% if "els-software" in v.switch_tags %} +    irb { +    {% else %} +    vlan { +    {% endif %} +        unit 666 { +            description "switch management"; +            family inet { +                filter { +                    input mgmt-v4; +                } +                address {{ v.switch_management.mgmt_v4_addr }}/{{ v.switch_management_network.subnet4|cidr }}; +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +                address {{ v.switch_management.mgmt_v6_addr }}/{{ v.switch_management_network.subnet6|cidr }}; +            } +        } +    } +} +routing-options { +    rib inet.0 { +        static { +            route 0.0.0.0/0 next-hop {{ v.switch_management_network.gw4 }}; +        } +    } +    rib inet6.0 { +        static { +            route ::/0 next-hop {{ v.switch_management_network.gw6 }}; +        } +    } +} +{% if not "els-software" in v.switch_tags %} +ethernet-switching-options { +    port-error-disable { +        /* 30 minutes in seconds */ +        disable-timeout 1800; +    } +    secure-access-port { +        interface edge-ports { +            no-dhcp-trusted; +        } +        {% if "wifi-switch" in v.switch_tags %} +        vlan aps-mgmt { +        {% else %} +        vlan {{ v.network.name }} { +        {% endif %} +            arp-inspection; +            examine-dhcp; +            examine-dhcpv6; +            neighbor-discovery-inspection; +            ip-source-guard; +            ipv6-source-guard; +            dhcp-option82 { +                circuit-id { +                    use-vlan-id; +                } +            } +            no-option-37; +            /* inactive due to DHCP drops on MX platform */ +            inactive: dhcpv6-option18 { +                use-option-82; +            } +        } +        ipv6-source-guard-sessions { +            max-number 128; +        } +    } +    storm-control { +        action-shutdown; +        interface edge-ports { +            bandwidth 20000; +            multicast; +        } +    } +} +{% endif %} +protocols { +    {% if "els-software" in v.switch_tags %} +    {% else %} +    igmp-snooping { +        vlan all { +            version 3; +            immediate-leave; +        } +        {% if "wifi" in v.switch_tags %} +        vlan aps-mgmt { +                disable; +        } +        vlan ssid-the-gathering { +                disable; +        } +        {% endif %} +    } +    mld-snooping { +        vlan all { +            version 2; +            immediate-leave; +        } +        {% if "wifi" in v.switch_tags %} +        vlan aps-mgmt { +                disable; +        } +        vlan ssid-the-gathering { +                disable; +        } +        {% endif %} +    } +    {% endif %} +    {% if "wifi" in v.switch_tags and "multirate" in v.switch_tags %} +    lldp-med { +    {% for poe_interface_port_number in poe_interface_port_numbers %} +        interface mge-0/0/{{ poe_interface_port_number }}; +    {% endfor %} +    } +    {% endif %} +} +vlans { +    edge-mgmt { +        vlan-id 666; +        {% if "els-software" in v.switch_tags %} +        l3-interface irb.666; +        {% else %} +        l3-interface vlan.666; +        {% endif %} +    } +{# special nets for crew #} +    {% if "net-event-arena" in v.switch_tags and "crew" in v.switch_tags %} +    event-arena { +        vlan-id 3000; +    } +    {% endif %} +    {% if "net-event-artnet" in v.switch_tags and "crew" in v.switch_tags %} +    event-artnet { +        vlan-id 3001; +    } +    {% endif %} +    {% if "net-event-activities" in v.switch_tags and "crew" in v.switch_tags %} +    event-activites { +        vlan-id 3002; +    } +    {% endif %} +    {% if "net-location-beredskap" in v.switch_tags and "crew" in v.switch_tags %} +    location-beredskap { +        vlan-id 3003; +    } +    {% endif %} +    {% if "wifi" in v.switch_tags or "wifi-switch" in v.switch_tags %} +    aps-mgmt { +        vlan-id 777; +    } +    ssid-the-gathering { +        vlan-id 778; +    } +    {% endif %} +    {% if "wifi-switch" not in v.switch_tags %} +    {{ v.network.name }} { +        vlan-id {{ v.network.vlan }}; +    } +    {% endif %} +} +{% if "wifi" in v.switch_tags and "multirate" in v.switch_tags %} +poe { +    {% if "ex4300-48mp" in v.switch_tags %} +    interface all { +        high-power; +    } +    {% else %} +    interface all; +    {% endif %} +} +{% endif %} diff --git a/examples/tg23/templates/global.conf b/examples/tg23/templates/global.conf new file mode 100644 index 0000000..96290da --- /dev/null +++ b/examples/tg23/templates/global.conf @@ -0,0 +1,205 @@ +system { +    host-name {{ switch_name }}; +    auto-snapshot; +    domain-name tg23.gathering.org; +    time-zone Europe/Oslo; +    /* tacacs primary, failbacks to local users */ +    authentication-order tacplus; +    root-authentication { +        encrypted-password "{{ v.root_pw }}"; ## SECRET-DATA +    } +    name-server { +        {% for n in v.nameservers %} +        {{n}}; +        {% endfor %} +    } +    tacplus-server { +        {{ v.tacplusserver }} { +            secret {{ v.tacplus_secret }}; ## SECRET-DATA +            source-address {{ v.switch_management.mgmt_v4_addr }}; +        } +    } +    login { +        user tech { +            class super-user; +            authentication { +                encrypted-password "{{ v.tech_pw }}"; ## SECRET-DATA +            } +        } +        user api { +            class super-user; +            authentication { +                ssh-ed25519 "<removed>"; ## SECRET-DATA +            } +        } +    } +    services { +        ssh { +            root-login deny; +            no-tcp-forwarding; +            client-alive-count-max 2; +            client-alive-interval 300; +            protocol-version v2; +            connection-limit 50; +            rate-limit 5; +        } +        netconf { +            ssh { +                port 830; +            } +        } +    } +    syslog { +        user * { +            any emergency; +        } +        host log.tg23.gathering.org { +            any warning; +            authorization info; +            daemon warning; +            user warning; +            change-log any; +            interactive-commands any; +            match "!(.*License.*)"; +            allow-duplicates; +            facility-override local7; +            explicit-priority; +        } +        /* Oxidized syslog */ +        host 185.110.148.112 { +            interactive-commands notice; +            match UI_COMMIT_COMPLETED; +            source-address {{ v.switch_management.mgmt_v4_addr }}; +        } +        /* Local logging of syslog message */ +        file messages { +            any notice; +            /* Fjerner mye graps i loggene */ +            match "!(.*License.*|.*EX-BCM PIC.*|.*mojito_i2c_read.*|.*qsfp_tk_read_mem_page.*)"; +            authorization info; +        } +        /* Local logging of all user-commands typed in the CLI */ +        file interactive-commands { +            interactive-commands any; +            match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; +        } +    } +    commit synchronize; # Syncer konfigurasjonen til alle members i VC ved commit. Ingen effekt ved commit på single bokser. +    ntp { +        /* ntp.uio.no */ +        server 2001:700:100:2::6; +    } +    ports { +        console log-out-on-disconnect; +    } +} +chassis { +    alarm { +        management-ethernet { # Sender ikke alarm ved link down på managementinterfacet. +            link-down ignore; +        } +    } +    aggregated-devices { +        ethernet { +            device-count 32; +        } +    } +} +interfaces { +    interface-range all-ports { +        member ge-*/*/*; +        {% if "multirate" in v.switch_tags %} +        member mge-*/*/*; +        {% endif %} +        member xe-*/*/*; +        member et-*/*/*; +    } +    lo0 { +        unit 0 { +            family inet { +                filter { +                    input mgmt-v4; +                } +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +            } +        } +    } +} +snmp { +    contact "<removed>"; +    community {{ v.snmp_community }} { +        authorization read-only; +        client-list-name mgmt; +    } +} +policy-options { +    prefix-list mgmt-v4 { +    } +    prefix-list mgmt-v6 { +    } +    /* Merged separate v4- og v6-lister */ +    prefix-list mgmt { +        apply-path "policy-options prefix-list <mgmt-v*> <*>"; +    } +} +firewall { +    family inet { +        filter mgmt-v4 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then { +                    discard; +                } +            } +            term accept-all { +                then accept; +            } +        } +    } +    family inet6 { +        filter mgmt-v6 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v6; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then discard; +            } +            term accept-all { +                then accept; +            } +        } +    } +} +protocols { +    igmp-snooping { +        vlan all; +    } +} +poe { +    interface all; +} + diff --git a/examples/tg23/templates/juniper-distro-els.conf b/examples/tg23/templates/juniper-distro-els.conf new file mode 100644 index 0000000..2ea7226 --- /dev/null +++ b/examples/tg23/templates/juniper-distro-els.conf @@ -0,0 +1,556 @@ +{%- set switch_name = options["switch"] %} +{%- import "vars.conf" as v with context %} + +{% include "global.conf" %} + +{%- set floor_distros = [ +    'd1.floor', +    'd2.floor', +    'd3.floor', +    'd4.floor', +    'd5.floor', +    'd6.floor', +    ] +%} + +{%- set all_networks = [] -%} +{%- set networks = {} -%} +{%- set vlans_on_ae = {} -%} + +{# SECTION: FIND AND UTSKUTT DISTROS #} +{%- for switchname, interface in v.device_tree[switch_name].items() -%} + {#  {{ switchname }}: #} +    {%- if "distro-utskutt" in v.switches2[switchname].tags -%} +        {%- do all_networks.append(switchname) -%} +        {%- if switchname in v.device_tree -%} +            {%-  for edge_switch_name, interface2 in v.device_tree[switchname].items()   -%} +                {#   {{ edge_switch_name }} #} +                   {%- do all_networks.append(edge_switch_name) -%} +            {%- endfor -%} +        {%- endif -%} +    {%- else -%} +        {%- do all_networks.append(switchname) -%} +    {%- endif -%} +{%- endfor -%} + +{# SECTION: FIND AND ADD INTERFACES #} +{%- for edge_network_name in all_networks -%} +    {%- set net = v.distro_networks[edge_network_name] -%} +    {%- set edge_device = objects["public/switches"].switches[edge_network_name] -%} + +    {%- set port = v.device_tree[switch_name][edge_network_name] -%} + +    {# dette er hvis kant nettverket er direkte på distro (ikke utskutt) #} +    {%- set interfaces = {} -%} +    {%- if edge_device.distro_name == switch_name  -%} +        {%- if switch_name in floor_distros -%} +            {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) -%} +            {%- set ge1 = "-1/0/" ~ v.create_interface_ge0(port) -%} +            {%- set ge2 = "-2/0/" ~ v.create_interface_ge0(port) -%} +        {%- elif "distro-utskutt" in edge_device.tags -%} +            {%- set fpc = v.create_interface_vc(port) -%} +            {%- if fpc in ("1", "4") -%} {# FPC 1 and 4 is ex4600 #} +                {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) -%} +                {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge1(port) -%} +            {%- else -%} +                {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/2/" ~ v.create_interface_ge0(port) -%} +                {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/2/" ~ v.create_interface_ge1(port) -%} +            {%- endif -%} +        {%- elif switch_name == 'd1.ring' -%} +            {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) -%} +            {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge1(port) -%} +        {%- else -%} +            {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) -%} +            {%- set ge1 = "-0/0/" ~ v.create_interface_ge1(port) -%} +        {%- endif -%} + +        {#- må bruke tags fra downstream switch -#} +        {%- set if_prefix = 'ge' -%} +        {%- if "multirate" in edge_device.tags and "10g-copper" in edge_device.tags -%} +            {%- set if_prefix = 'mge' -%} +        {%- elif "10g-uplink" in edge_device.tags -%} +            {%- set if_prefix = 'xe' -%} +        {%- endif -%} + +        {%- set ae = "ae" ~ v.create_interface_ae(port) -%} +        {%- if "distro-utskutt" in edge_device.tags -%} +            {%- set ae = v.ustkutt_distro_ae[edge_network_name] -%} +        {%- elif "distro-utskutt" in v.switch_tags -%} +            {%- set ae = "ae{}".format(net.vlan) -%} +        {%- elif switch_name not in floor_distros -%} +            {%- set ae = "ae{}".format(net.vlan) -%} +        {%- endif -%} + +        {%- set interfaces = {'ge0': "{}{}".format(if_prefix, ge0), 'ge1': "{}{}".format(if_prefix, ge1), 'ge2': "{}{}".format(if_prefix, ge2)} -%} + +    {%- else -%} +        {% set ae = networks[v.switches[edge_network_name]['distro_name']]['ae'] -%} +    {%- endif -%} + + +{# SECTION: FIND AND ADD VLANS #} +    {%- if ae not in vlans_on_ae -%} +        {%- do vlans_on_ae.update({ae: []}) -%} +    {%- endif -%} +    {%- do vlans_on_ae[ae].append(edge_network_name) -%} + +    {%- if "wifi" in edge_device.tags -%} +        {%- do vlans_on_ae[ae].append("aps-mgmt") -%} +        {%- do vlans_on_ae[ae].append("ssid-the-gathering") -%} +    {% endif %} +    {%- if "net-event-arena" in edge_device.tags -%} +        {%- do vlans_on_ae[ae].append("event-arena") -%} +    {%- endif -%} +    {%- if "net-event-artnet" in edge_device.tags -%} +        {%- do vlans_on_ae[ae].append("event-artnet") -%} +    {%- endif -%} +    {%- if "net-event-activities" in edge_device.tags -%} +        {%- do vlans_on_ae[ae].append("event-activites") -%} +    {%- endif -%} +    {%- if "net-location-beredskap" in edge_device.tags  -%} +        {%- do vlans_on_ae[ae].append("location-beredskap") -%} +    {%- endif -%} + +    {# uggc    Mapping edge '{{ edge_network_name }}'  Downlink: {{ ae }} If:{{ interfaces }} Edge tags: {{ edge_device.tags }} Vlans on AE: {{ vlans_on_ae[ae] }} #} +    {%- do networks.update({ edge_network_name: +        {'l3_device': 'r1.tele', +        'ae' : ae, +        'vlan_id': net.vlan if net else none, +        'if_prefix' : if_prefix, +        'interfaces' : interfaces, +        'edge_switch_tags' : edge_device.tags, +        'distro' : switch_name +    }}) +    %} +{%- endfor %} + +{# SECTION: JUNOS CONFIG#} +{%- if switch_name in floor_distros %} +interfaces { +    interface-range aps { +        {% if "multirate" in v.switch_tags %} +        member-range mge-0/0/46 to mge-0/0/47; +        member-range mge-1/0/46 to mge-1/0/47; +        member-range mge-2/0/46 to mge-2/0/47; +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        native-vlan-id 777; +        unit 0 { +            family ethernet-switching { +            interface-mode trunk; +                vlan { +                    members [ aps-mgmt ssid-the-gathering ]; +                } +            } +        } +        {% else %} +        member-range ge-0/0/36 to ge-0/0/47; +        member-range ge-1/0/36 to ge-1/0/47; +        member-range ge-2/0/36 to ge-2/0/47; +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        native-vlan-id 777; +        unit 0 { +            family ethernet-switching { +            port-mode trunk; +                vlan { +                    members [ ssid-the-gathering ]; +                } +            } +        } +        {% endif %} +    } +} +{%- endif %} + + +{# SECTION: JUNOS DOWNSTREAM-INTERFACES #} +interfaces { +{% for network_name, network in networks.items() %} +{% if network.distro == switch_name and network.interfaces|length > 0 %} +    {{ network.interfaces['ge0'] }} { +        description "G: {{ network_name }} {{ network.if_prefix }}-0/0/44 ({{ network.ae }})"; +        {# This is due to FAP. One uplink to switch can't be in LAG since its +            not configured on the other end. And for FAP to work it has to be able +            to be able to get DHCP. Therefor, we check if the AE to switch is UP. +            If it is not then we configure one link to not be in the LAG #} +        {% if v.states[network.distro] is defined and v.states[network.distro].ifs[network.ae] is defined and v.states[network.distro].ifs[network.ae].live is defined %} +        ether-options { +            802.3ad {{ network.ae }}; +        } +        inactive: unit 0 { +            family ethernet-switching { +                interface-mode access; +                vlan { +                    members edge-mgmt; +                } +            } +        } +        {% else %} +        inactive: ether-options { +            802.3ad {{ network.ae }}; +        } +        unit 0 { +            family ethernet-switching { +                interface-mode access; +                vlan { +                    members edge-mgmt; +                } +            } +        } +        {% endif %} +    } +    {% if "2-uplinks" in network.edge_switch_tags or "3-uplinks" in network.edge_switch_tags %} +    {{ network.interfaces['ge1'] }} { +        description "G: {{ network_name }} {{ network.if_prefix }}-0/0/45 ({{ network.ae }})"; +        ether-options { +            802.3ad {{ network.ae }}; +        } +    } +    {% endif %} +    {% if "3-uplinks" in network.edge_switch_tags %} +    {{ network.interfaces['ge2'] }} { +        description "G: {{ network_name }} {{ network.if_prefix }}-0/0/46 ({{ network.ae }})"; +        ether-options { +            802.3ad {{ network.ae }}; +        } +    } +    {% endif %} +    {{ network.ae }} { +        description "B: {{ network_name }} ae0"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                interface-mode trunk; +                vlan { +                    members [ edge-mgmt {% if "distro-utskutt" in network.edge_switch_tags %} distro-mgmt {% endif %} {% for net in vlans_on_ae[network.ae] %}{% if net == network_name and "distro-utskutt" in network.edge_switch_tags %}{% else %}{{ net }} {% endif %}{% endfor %} ]; +                } +            } +        } +    } +{% endif %} +{% endfor %} +} + +{# SECTION: JUNOS CORE-INTERFACES #} +interfaces { +    {{ v.distrodata[switch_name]['if1'] }} { +        description "G: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_phy1'] }} (ae0)"; +        ether-options { +            802.3ad ae0; +        } +    } +    {{ v.distrodata[switch_name]['if2'] }} { +        description "G: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_phy2'] }} (ae0)"; +        ether-options { +            802.3ad ae0; +        } +    } +    ae0 { +        description "B: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_ae'] }}"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                interface-mode trunk; +                vlan { +                    members all; +                } +            } +        } +    } +} + +event-options { +{% for network_name, network in networks.items() %} +{% if network.distro == switch_name and network.interfaces|length > 0 %} +    policy {{ network.ae }}down { +        events snmp_trap_link_down; +        attributes-match { +            snmp_trap_link_down.interface-name matches "{{ network.ae }}$"; +        } +        then { +            change-configuration { +                retry count 10 interval 10; +                commands { +                    "activate interfaces {{ network.interfaces['ge0'] }} unit 0"; +                    "deactivate interfaces {{ network.interfaces['ge0'] }} ether-options"; +                } +                user-name tech; +                commit-options { +                    log "Autoconfig-script: {{ network.ae }} went down so removed {{ network.interfaces['ge0'] }} from bundle"; +                } +            } +        } +    } +    policy {{ network.ae }}up { +        events snmp_trap_link_up; +        attributes-match { +            snmp_trap_link_up.interface-name matches "{{ network.ae }}$"; +        } +        then { +            change-configuration { +                retry count 10 interval 10; +                commands { +                    "deactivate interfaces {{ network.interfaces['ge0'] }} unit 0"; +                    "activate interfaces {{ network.interfaces['ge0'] }} ether-options"; +                } +                user-name tech; +                commit-options { +                    log "Autoconfig-script: {{ network.ae }} came up so added {{ network.interfaces['ge0'] }} to bundle"; +                } +            } +        } +    } +    {% endif %} +{% endfor %} +} +vlans { +    {% if switch_name == 'd1.ring' %} +    southcam { +        vlan-id 10; +    } +    tele-ipmi { +        vlan-id 11; +    } +    {% endif %} +    {% if switch_name not in floor_distros %} +    event-arena { +        vlan-id 3000; +    } +    event-artnet { +        vlan-id 3001; +    } +    event-activites { +        vlan-id 3002; +    } +    location-beredskap { +        vlan-id 3003; +    } +    {% endif %} +    edge-mgmt { +        vlan-id 666; +        forwarding-options { +            dhcp-security { +                option-82 { +                    circuit-id { +                        prefix { +                            host-name; +                        } +                        use-vlan-id; +                    } +                } +            } +        } +    } +    distro-mgmt { +        vlan-id 667; +        l3-interface irb.667; +        forwarding-options { +            dhcp-security { +                option-82 { +                    circuit-id { +                        prefix { +                            host-name; +                        } +                        use-vlan-id; +                    } +                } +            } +        } +    } +    vl20-lab { +        vlan-id 20; +    } +{% for network_name, network in networks.items() %} +{%- if network.vlan_id is not none %} +    {{ network_name }} { +        vlan-id {{ network.vlan_id }}; +    } +{% endif %} +{% endfor %} +    aps-mgmt { +        vlan-id 777; +    } +    ssid-the-gathering { +        vlan-id 778; +    } +} + +protocols { +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface all; +    } +} + +interfaces { +    irb { +        unit 667 { +            description "switch management"; +            family inet { +                filter { +                    input mgmt-v4; +                } +                address {{ v.switches[switch_name]['mgmt_v4_addr'] }}/{{ v.switch_management_network['subnet4'] | cidr }}; +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +                address {{ v.switches[switch_name]['mgmt_v6_addr'] }}/{{ v.switch_management_network['subnet6'] | cidr }}; +            } +        } +    } +} + +routing-options { +     rib inet.0 { +         static { +             route 0.0.0.0/0 next-hop {{ v.switch_management_network.gw4 }}; +         } +     } +     rib inet6.0 { +         static { +             route ::/0 next-hop {{ v.switch_management_network.gw6 }}; +         } +     } + } + +protocols { +    rstp { +        {% if "distro-utskutt" in v.switch_tags %} +        bridge-priority 4k; +        {% else %} +        bridge-priority 8k; +        {% endif %} +    } +} + + +{# some static ports on d1.ring #} +{% if switch_name == 'd1.ring' %} +interfaces { +    xe-4/0/18 { +        description "C: lab - VLAN 20 (static-ip)"; +        unit 0 { +            family ethernet-switching { +                interface-mode access; +                vlan { +                    members vl20-lab; +                } +            } +        } +    } +    ge-4/0/19 { +        description "C: lab - VLAN 20 (static-ip)"; +        unit 0 { +            family ethernet-switching { +                interface-mode access; +                vlan { +                    members vl20-lab; +                } +            } +        } +    } +    ge-4/0/20 { +        description "C: lab - VLAN 20 (static-ip)"; +        unit 0 { +            family ethernet-switching { +                interface-mode access; +                vlan { +                    members vl20-lab; +                } +            } +        } +    } +    ge-4/0/21 { +        description "C: lab - VLAN 20 (static-ip)"; +        unit 0 { +            family ethernet-switching { +                interface-mode access; +                vlan { +                    members vl20-lab; +                } +            } +        } +    } +    ge-4/0/22 { +        description "C: WIFI BUM monitor port - Jonas L - VLAN 778"; +        unit 0 { +            family ethernet-switching { +                interface-mode access; +                vlan { +                    members vl20-lab; +                } +            } +        } +    } +    ge-0/0/23 { +        description "C: southcam - VLAN 10 (static-ip)"; +        unit 0 { +            family ethernet-switching { +                vlan { +                    members southcam; +                } +            } +        } +    } +    ge-5/0/21 { +        description "C: Security Server"; +        unit 0 { +            family ethernet-switching { +                vlan { +                    members location-beredskap; +                } +            } +       } +    } +    ge-5/0/22 { +        description "C: bamsemums-ipmi - VLAN 11"; +        unit 0 { +            family ethernet-switching { +                vlan { +                    members tele-ipmi; +                } +            } +        } +    } +    ge-5/0/23 { +        description "C: krokodille-ipmi - VLAN 11"; +        unit 0 { +            family ethernet-switching { +                vlan { +                    members tele-ipmi; +                } +            } +        } +    } +} +{% endif %} + +{% if v.vc_config[switch_name] %} +virtual-chassis { +    preprovisioned; +    vcp-snmp-statistics; +{% for member in v.vc_config[switch_name] %} +    member {{ loop.index-1 }} { +        serial-number {{ member.sn }}; +        {% if member.re %} +        role routing-engine; +        {% else %} +        role line-card; +        {% endif %} +        {% if member.loc is defined %} +        location {{ member.loc }}; +        {% endif %} +    } +{% endfor %} +} +{% endif %} diff --git a/examples/tg23/templates/juniper-distro-non-els.conf b/examples/tg23/templates/juniper-distro-non-els.conf new file mode 100644 index 0000000..c96d8f7 --- /dev/null +++ b/examples/tg23/templates/juniper-distro-non-els.conf @@ -0,0 +1,484 @@ +{%- set switch_name = options["switch"] %} +{%- import "vars.conf" as v with context %} + +{% include "global.conf" %} + +{%- set floor_distros = [ +    'd1.floor', +    'd2.floor', +    'd3.floor', +    'd4.floor', +    'd5.floor', +    'd6.floor', +    ] +%} + +{%- set all_networks = [] -%} +{%- set networks = {} -%} +{%- set vlans_on_ae = {} -%} + +{# SECTION: FIND AND UTSKUTT DISTROS #} +{%- for switchname, interface in v.device_tree[switch_name].items() -%} + {#  {{ switchname }}: #} +    {%- if "distro-utskutt" in v.switches2[switchname].tags -%} +        {%- do all_networks.append(switchname) -%} +        {%- if switchname in v.device_tree -%} +            {%-  for edge_switch_name, interface2 in v.device_tree[switchname].items()   -%} +                {#   {{ edge_switch_name }} #} +                   {%- do all_networks.append(edge_switch_name) -%} +            {%- endfor -%} +        {%- endif -%} +    {%- else -%} +        {%- do all_networks.append(switchname) -%} +    {%- endif -%} +{%- endfor -%} + +{# SECTION: FIND AND ADD INTERFACES #} +{%- for edge_network_name in all_networks -%} +    {%- set net = v.distro_networks[edge_network_name] -%} +    {%- set edge_device = objects["public/switches"].switches[edge_network_name] -%} + +    {%- set port = v.device_tree[switch_name][edge_network_name] -%} + +    {# dette er hvis kant nettverket er direkte på distro (ikke utskutt) #} +    {%- set interfaces = {} -%} +    {%- if edge_device.distro_name == switch_name  -%} +        {%- if switch_name in floor_distros -%} +            {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) -%} +            {%- set ge1 = "-1/0/" ~ v.create_interface_ge0(port) -%} +            {%- set ge2 = "-2/0/" ~ v.create_interface_ge0(port) -%} +        {%- elif "distro-utskutt" in edge_device.tags -%} +            {%- set fpc = v.create_interface_vc(port) -%} +            {%- if fpc in ("1", "4") -%} {# FPC 1 and 4 is ex4600 #} +                {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) -%} +                {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge1(port) -%} +            {%- else -%} +                {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/2/" ~ v.create_interface_ge0(port) -%} +                {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/2/" ~ v.create_interface_ge1(port) -%} +            {%- endif -%} +        {%- elif switch_name == 'd1.ring' -%} +            {%- set ge0 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge0(port) -%} +            {%- set ge1 = "-" ~ v.create_interface_vc(port) ~ "/0/" ~ v.create_interface_ge1(port) -%} +        {%- else -%} +            {%- set ge0 = "-0/0/" ~ v.create_interface_ge0(port) -%} +            {%- set ge1 = "-0/0/" ~ v.create_interface_ge1(port) -%} +        {%- endif -%} + +        {#- må bruke tags fra downstream switch -#} +        {%- set if_prefix = 'ge' -%} +        {%- if "multirate" in edge_device.tags and "10g-copper" in edge_device.tags -%} +            {%- set if_prefix = 'mge' -%} +        {%- elif "10g-uplink" in edge_device.tags -%} +            {%- set if_prefix = 'xe' -%} +        {%- endif -%} + +        {%- set ae = "ae" ~ v.create_interface_ae(port) -%} +        {%- if "distro-utskutt" in edge_device.tags -%} +            {%- set ae = v.ustkutt_distro_ae[edge_network_name] -%} +        {%- elif "distro-utskutt" in v.switch_tags -%} +            {%- set ae = "ae{}".format(net.vlan) -%} +        {%- elif switch_name not in floor_distros -%} +            {%- set ae = "ae{}".format(net.vlan) -%} +        {%- endif -%} + +        {%- set interfaces = {'ge0': "{}{}".format(if_prefix, ge0), 'ge1': "{}{}".format(if_prefix, ge1), 'ge2': "{}{}".format(if_prefix, ge2)} -%} + +    {%- else -%} +        {% set ae = networks[v.switches[edge_network_name]['distro_name']]['ae'] -%} +    {%- endif -%} + +{# SECTION: FIND AND ADD VLANS #} +    {%- if ae not in vlans_on_ae -%} +        {%- do vlans_on_ae.update({ae: []}) -%} +    {%- endif -%} +    {%- do vlans_on_ae[ae].append(edge_network_name) -%} + +    {%- if "wifi" in edge_device.tags -%} +        {%- do vlans_on_ae[ae].append("aps-mgmt") -%} +        {%- do vlans_on_ae[ae].append("ssid-the-gathering") -%} +    {% endif %} +    {%- if "net-event-arena" in edge_device.tags -%} +        {%- do vlans_on_ae[ae].append("event-arena") -%} +    {%- endif -%} +    {%- if "net-event-artnet" in edge_device.tags -%} +        {%- do vlans_on_ae[ae].append("event-artnet") -%} +    {%- endif -%} +    {%- if "net-event-activities" in edge_device.tags -%} +        {%- do vlans_on_ae[ae].append("event-activites") -%} +    {%- endif -%} +    {%- if "net-location-beredskap" in edge_device.tags  -%} +        {%- do vlans_on_ae[ae].append("location-beredskap") -%} +    {%- endif -%} + +   {# uggc    Mapping edge '{{ edge_network_name }}'  Downlink: {{ ae }} If:{{ interfaces }} Edge tags: {{ edge_device.tags }} Vlans on AE: {{ vlans_on_ae[ae] }} #} +    {%- do networks.update({ edge_network_name: +        {'l3_device': 'r1.tele', +        'ae' : ae, +        'vlan_id': net.vlan if net else none, +        'if_prefix' : if_prefix, +        'interfaces' : interfaces, +        'edge_switch_tags' : edge_device.tags, +        'distro' : switch_name +    }}) +    %} +{%- endfor %} + + +{# SECTION: JUNOS CONFIG#} +{%- if switch_name in floor_distros %} +interfaces { +    interface-range aps { +        {% if "multirate" in v.switch_tags %} +        member-range mge-0/0/46 to mge-0/0/47; +        member-range mge-1/0/46 to mge-1/0/47; +        member-range mge-2/0/46 to mge-2/0/47; +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                native-vlan-id 777; +                vlan { +                    members [ ssid-the-gathering ]; +                } +            } +        } +        {% elif switch_name in floor_distros %} +        member-range ge-0/0/36 to ge-0/0/47; +        member-range ge-1/0/36 to ge-1/0/47; +        member-range ge-2/0/36 to ge-2/0/47; +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        unit 0 { +            family ethernet-switching { +                native-vlan-id 777; +                port-mode trunk; +                vlan { +                    members [ ssid-the-gathering ]; +                } +            } +        } +        {% endif %} +    } +} +{%- endif %} + + +{# SECTION: JUNOS DOWNSTREAM-INTERFACES #} +interfaces { +{% for network_name, network in networks.items() %} +{% if network.distro == switch_name and network.interfaces|length > 0 %} +    {{ network.interfaces['ge0'] }} { +        description "G: {{ network_name }} {{ network.if_prefix }}-0/0/44 ({{ network.ae }})"; +        {# This is due to FAP. One uplink to switch can't be in LAG since its +            not configured on the other end. And for FAP to work it has to be able +            to be able to get DHCP. Therefor, we check if the AE to switch is UP. +            If it is not then we configure one link to not be in the LAG #} +        {% if v.states[network.distro] is defined and v.states[network.distro].ifs[network.ae] is defined and v.states[network.distro].ifs[network.ae].live is defined %} +        ether-options { +            802.3ad {{ network.ae }}; +        } +        inactive: unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members edge-mgmt; +                } +            } +        } +        {% else %} +        inactive: ether-options { +            802.3ad {{ network.ae }}; +        } +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members edge-mgmt; +                } +            } +        } +        {% endif %} +    } +    {% if "2-uplinks" in network.edge_switch_tags or "3-uplinks" in network.edge_switch_tags %} +    {{ network.interfaces['ge1'] }} { +        description "G: {{ network_name }} {{ network.if_prefix }}-0/0/45 ({{ network.ae }})"; +        ether-options { +            802.3ad {{ network.ae }}; +        } +    } +    {% endif %} +    {% if "3-uplinks" in network.edge_switch_tags %} +    {{ network.interfaces['ge2'] }} { +        description "G: {{ network_name }} {{ network.if_prefix }}-0/0/46 ({{ network.ae }})"; +        ether-options { +            802.3ad {{ network.ae }}; +        } +    } +    {% endif %} +    {{ network.ae }} { +        description "B: {{ network_name }} ae0"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members [ edge-mgmt {% if "distro-utskutt" in network.edge_switch_tags %} distro-mgmt {% endif %} {% for net in vlans_on_ae[network.ae] %}{% if net == network_name and "distro-utskutt" in network.edge_switch_tags %}{% else %}{{ net }} {% endif %}{% endfor %} ]; +                } +            } +        } +    } +{% endif %} +{% endfor %} +} + +{# SECTION: JUNOS CORE-INTERFACES #} +interfaces { +    {{ v.distrodata[switch_name]['if1'] }} { +        description "G: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_phy1'] }} (ae0)"; +        ether-options { +            802.3ad ae0; +        } +    } +    {{ v.distrodata[switch_name]['if2'] }} { +        description "G: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_phy2'] }} (ae0)"; +        ether-options { +            802.3ad ae0; +        } +    } +    ae0 { +        description "B: {{v.distrodata[switch_name]['uplink_device']}} {{ v.distrodata[switch_name]['remote_ae'] }}"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members all; +                } +            } +        } +    } +} + +event-options { +{% for network_name, network in networks.items() %} +{% if network.distro == switch_name and network.interfaces|length > 0 %} +    policy {{ network.ae }}down { +        events snmp_trap_link_down; +        attributes-match { +            snmp_trap_link_down.interface-name matches "{{ network.ae }}$"; +        } +        then { +            change-configuration { +                retry count 10 interval 10; +                commands { +                    "activate interfaces {{ network.interfaces['ge0'] }} unit 0"; +                    "deactivate interfaces {{ network.interfaces['ge0'] }} ether-options"; +                } +                user-name tech; +                commit-options { +                    log "Autoconfig-script: {{ network.ae }} went down so removed {{ network.interfaces['ge0'] }} from bundle"; +                } +            } +        } +    } +    policy {{ network.ae }}up { +        events snmp_trap_link_up; +        attributes-match { +            snmp_trap_link_up.interface-name matches "{{ network.ae }}$"; +        } +        then { +            change-configuration { +                retry count 10 interval 10; +                commands { +                    "deactivate interfaces {{ network.interfaces['ge0'] }} unit 0"; +                    "activate interfaces {{ network.interfaces['ge0'] }} ether-options"; +                } +                user-name tech; +                commit-options { +                    log "Autoconfig-script: {{ network.ae }} came up so added {{ network.interfaces['ge0'] }} to bundle"; +                } +            } +        } +    } +    {% endif %} +{% endfor %} +} +vlans { +    {% if switch_name == 'd1.ring' %} +    southcam { +        vlan-id 10; +    } +    tele-ipmi { +        vlan-id 11; +    } +    {% endif %} +    {% if switch_name not in floor_distros %} +    event-arena { +        vlan-id 3000; +    } +    event-artnet { +        vlan-id 3001; +    } +    event-activites { +        vlan-id 3002; +    } +    location-beredskap { +        vlan-id 3003; +    } +    {% endif %} +    edge-mgmt { +        vlan-id 666; +    } +    distro-mgmt { +        vlan-id 667; +        l3-interface vlan.667; +    } +{% for network_name, network in networks.items() %} +{%- if network.vlan_id is not none %} +    {{ network_name }} { +        vlan-id {{ network.vlan_id }}; +    } +{% endif %} +{% endfor %} +    aps-mgmt { +        vlan-id 777; +    } +    ssid-the-gathering { +        vlan-id 778; +    } +} + +protocols { +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface all; +    } +} + +interfaces { +    vlan { +        unit 667 { +            description "switch management"; +            family inet { +                filter { +                    input mgmt-v4; +                } +                address {{ v.switches[switch_name]['mgmt_v4_addr'] }}/{{ v.switch_management_network['subnet4'] | cidr }}; +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +                address {{ v.switches[switch_name]['mgmt_v6_addr'] }}/{{ v.switch_management_network['subnet6'] | cidr }}; +            } +        } +    } +} + +routing-options { +     rib inet.0 { +         static { +             route 0.0.0.0/0 next-hop {{ v.switch_management_network.gw4 }}; +         } +     } +     rib inet6.0 { +         static { +             route ::/0 next-hop {{ v.switch_management_network.gw6 }}; +         } +     } + } + +protocols { +    rstp { +        {% if "distro-utskutt" in v.switch_tags %} +        bridge-priority 4k; +        {% else %} +        bridge-priority 8k; +        {% endif %} +    } +} + +ethernet-switching-options { +    storm-control { +    {% for network_name, network in networks.items() %} +    {%- if network.ae is defined %} +        interface {{ network.ae }}; +    {% endif %} +    {% endfor %} +    } +    secure-access-port { +        vlan edge-mgmt { +            dhcp-option82 { +                circuit-id { +                    prefix hostname; +                    use-vlan-id; +                } +            } +        } +    } +} + + +{# some static ports on d1.ring #} +{% if switch_name == 'd1.ring' %} +interfaces { +    ge-0/0/23 { +        description "C: southcam - VLAN 10 (static-ip)"; +        unit 0 { +            family ethernet-switching { +                vlan { +                    members southcam; +                } +            } +        } +    } +    ge-5/0/22 { +        description "C: bamsemums-ipmi - VLAN 11"; +        unit 0 { +            family ethernet-switching { +                vlan { +                    members tele-ipmi; +                } +            } +        } +    } +    ge-5/0/23 { +        description "C: krokodille-ipmi - VLAN 11"; +        unit 0 { +            family ethernet-switching { +                vlan { +                    members tele-ipmi; +                } +            } +        } +    } +} +{% endif %} + +{% if v.vc_config[switch_name] %} +virtual-chassis { +    preprovisioned; +    vcp-snmp-statistics; +{% for member in v.vc_config[switch_name] %} +    member {{ loop.index-1 }} { +        serial-number {{ member.sn }}; +        {% if member.re %} +        role routing-engine; +        {% else %} +        role line-card; +        {% endif %} +        {% if member.loc is defined %} +        location {{ member.loc }}; +        {% endif %} +    } +{% endfor %} +} +{% endif %}
\ No newline at end of file diff --git a/examples/tg23/templates/magic.conf b/examples/tg23/templates/magic.conf new file mode 100644 index 0000000..de71dc2 --- /dev/null +++ b/examples/tg23/templates/magic.conf @@ -0,0 +1,39 @@ +{# HOWTO #} +{# Manual query parameters: ?switch=e1-1 #} + +{# If there is no manual switch option we just assume it's fap. +   The FAP query looks like this: "?a=d1.ring:ge-1/0/2.0:mgmt+irb.666". +   agentDistro and agentPort is functions from template.py. And splits out +   d1.ring and ge-1/0/2.0. +   The distro-tree API endpoint has a overview of what switch is connected to what +   distro on each port. #} + +{% if options["a"] %} +    {% set distro = options["a"] | agentDistro %} +    {% set port = options["a"] | agentPort %} +    {% set switch_name = objects["public/distro-tree"]['distro-tree-phy'][distro][port] %} +{% elif options["switch"] %} +    {% set switch_name = options["switch"] %} +{% else %} +Unsupported option. Please use "?switch=e1-1" if this is done manually. +{% endif %} + + +{# Change this if statement to do if edge, elif distro etc before tg20 #} +{# tagging edge switches was never done during TG19 #} +{% if switch_name is defined %} +    {% import "vars.conf" as v with context %} +    {% if switch_name == "d1.roof" %} +        {% include "dist-roof.conf" %} +    {% elif switch_name == "r1.tele" %} +        {% include "core.conf" %} +    {% elif switch_name == "r1.stand" %} +        {% include "r1.stand.conf" %} +    {% elif ("distro" in v.switch_tags or "distro-utskutt" in v.switch_tags) and "els-software" in v.switch_tags %} +        {% include "juniper-distro-els.conf" %} +    {% elif "distro" in v.switch_tags or "distro-utskutt" in v.switch_tags %} +        {% include "juniper-distro-non-els.conf" %} +    {% else %} +        {% include "edge.conf" %} +    {% endif %} +{% endif %}
\ No newline at end of file diff --git a/examples/tg23/templates/natfw1.tele.conf b/examples/tg23/templates/natfw1.tele.conf new file mode 100644 index 0000000..35dd635 --- /dev/null +++ b/examples/tg23/templates/natfw1.tele.conf @@ -0,0 +1,610 @@ +{# Query parameters: ?switch=e1-1 #} + +{%- if options["switch"] %} +{%- set switch_name = options["switch"] %} + +{%- import "vars-natfw1.tele.conf" as v with context %} + +{# holds the management prefixes, used for statefull firewall policies #} +{%- import "vars-mgmt-nets.conf" as mgmt_nets -%} + + +{# Add management nets to address-book #} +security { +    address-book { +        global { +            {% for address_family in mgmt_nets %} +                {% for net, annotation in address_family %} +                address NET-MGMT-{{ net }} { +                    {{ net }}; +                    description "{{ annotation }}"; +                } +                {% endfor %} +            {% endfor %} +             +            address-set GRP-MGMT { +                {% for address_family in mgmt_nets %} +                    {% for net, annotation in address_family %} +                    address NET-MGMT-{{ net }}; +                    {% endfor %} +                {% endfor %} +            } +        } +    } +} + +groups { +    node0 { +        system { +            host-name node0-natfw1.tele; +        } +    } +    node1 { +        system { +            host-name node1-natfw1.tele; +        } +    } +    log-session-init-close { +        security { +            policies { +                from-zone <*> to-zone <*> { +                    policy <*> { +                        then { +                            log { +                                session-init; +                                session-close; +                            } +                        } +                    } +                } +            } +        } +    } +} + +apply-groups "${node}"; + + +chassis { +    cluster { +        control-link-recovery; +        reth-count 1; +        redundancy-group 0 { +            node 0 priority 100; +            node 1 priority 1; +        } +        redundancy-group 1 { +            node 0 priority 100; +            node 1 priority 1; +            preempt { +                delay 300; +            } +            interface-monitor { +                et-1/0/0 weight 255; +                et-8/0/0 weight 255; +            } +        } +    } +} + +security { +    nat { +        source { +            pool NAT-WIFI-POOL { +                address { +                    185.110.150.0/25; +                } +            } +            pool NAT-LAN-POOL { +                address { +                    185.110.150.128/25; +                } +            } +            rule-set NAT-WIFI-TO-INET { +                from zone NAT-WIFI; +                to zone INET; +                rule NAT-WIFI-TO-INET-RULE { +                    match { +                        source-address 0.0.0.0/0; +                        destination-address 0.0.0.0/0; +                        application any; +                    } +                    then { +                        source-nat { +                            pool {       +                                NAT-WIFI-POOL; +                            } +                        } +                    } +                } +            } +            rule-set NAT-LAN-TO-INET { +                from zone NAT-LAN; +                to zone INET; +                rule NAT-LAN-TO-INET-RULE { +                    match { +                        source-address 0.0.0.0/0; +                        destination-address 0.0.0.0/0; +                        application any; +                    } +                    then { +                        source-nat { +                            pool { +                                NAT-LAN-POOL; +                            } +                        } +                    } +                } +            } +        } +    } +    policies { +        apply-groups log-session-init-close; +        from-zone NAT-WIFI to-zone INET { +            policy YESMAN { +                match { +                    source-address any; +                    destination-address any; +                    application any; +                } +                then { +                    permit; +                } +            } +        } +        from-zone NAT-LAN to-zone INET { +            policy YESMAN { +                match { +                    source-address any; +                    destination-address any; +                    application any; +                } +                then { +                    permit; +                } +            } +        } +        from-zone INET to-zone NAT-LAN { +            policy YESMAN { +                match { +                    source-address any; +                    destination-address any; +                    application any; +                } +                then { +                    permit; +                } +            } +        } +        from-zone INET to-zone NAT-WIFI { +            policy YESMAN { +                match { +                    source-address any; +                    destination-address any; +                    application any; +                } +                then { +                    permit; +                } +            } +        } +        from-zone NAT-LAN to-zone NAT-WIFI { +            policy YESMAN { +                match { +                    source-address any; +                    destination-address any; +                    application any; +                } +                then { +                    permit; +                } +            }                            +        } +        from-zone NAT-WIFI to-zone NAT-LAN { +            policy YESMAN { +                match { +                    source-address any; +                    destination-address any; +                    application any; +                } +                then { +                    permit; +                } +            } +        } +        /* Fordi ellers naar man ikke lo0 fra internetttttz */ +        from-zone INET to-zone LOOPBACK { +            policy YESMAN { +                match { +                    source-address any; +                    destination-address any; +                    application any; +                } +                then { +                    permit; +                } +            } +        } +        global { +            policy PING { +                match { +                    source-address any; +                    destination-address any; +                    application junos-ping; +                } +                then { +                    permit; +                } +            } +        } +    } +    zones { +        security-zone INET { +            host-inbound-traffic { +                system-services { +                    ping; +                    traceroute; +                    ssh; +                    netconf; +                } +                protocols { +                    ospf3; +                } +            } +            interfaces { +                reth0.10; +            } +        } +        security-zone NAT-WIFI { +            host-inbound-traffic { +                system-services { +                    ssh; +                    netconf; +                    ping; +                    traceroute; +                } +                protocols { +                    ospf3; +                } +            } +            interfaces { +                reth0.20; +            } +        } +        security-zone NAT-LAN { +            host-inbound-traffic { +                system-services { +                    ssh; +                    ping; +                    netconf; +                    traceroute; +                } +                protocols { +                    ospf3; +                } +            } +            interfaces { +                reth0.30; +            }                            +        } +        security-zone LOOPBACK { +            host-inbound-traffic { +                system-services { +                    ssh; +                    netconf; +                    ping; +                    snmp; +                } +            } +            interfaces { +                lo0.0; +            } +        } +    } +} +interfaces { +    xe-0/0/2 { +        description "X: fab0"; +    } +    xe-0/0/3 { +        description "X: fab0"; +    } +    et-1/0/0 { +        description "G: r1.tele et-4/1/0 (reth0)"; +        gigether-options { +            redundant-parent reth0; +        } +    } +    xe-7/0/2 { +        description "X: fab1"; +    } +    xe-7/0/3 { +        description "X: fab1"; +    } +    et-8/0/0 { +        description "G: r1.tele et-5/1/0 (reth0)"; +        gigether-options { +            redundant-parent reth0; +        } +    } +    fab0 { +        fabric-options { +            member-interfaces { +                xe-0/0/2; +                xe-0/0/3; +            } +        } +    } +    fab1 { +        fabric-options { +            member-interfaces { +                xe-7/0/2; +                xe-7/0/3; +            } +        } +    } +    lo0 { +        description "X: Loopback"; +        unit 0 { +            family inet { +                address 127.0.0.1/32; +                address 185.110.148.2/32 { +                    primary; +                } +            } +            family inet6 { +                address ::1/128; +                address 2a06:5841:f:a::2/128 { +                    primary; +                } +            } +        } +    } +    reth0 { +        description "B: r1.tele ae5"; +        vlan-tagging; +        redundant-ether-options { +            redundancy-group 1; +            lacp { +                active; +                periodic fast; +            } +        } +        unit 10 { +            description INET; +            vlan-id 10;                  +            family inet { +                address 185.110.148.163/31; +            } +            family inet6 { +                address 2a06:5841:f:101::1/127; +            } +        } +        unit 20 { +            description NAT-WIFI; +            vlan-id 20; +            family inet { +                address 185.110.148.165/31; +            } +            family inet6 { +                address 2a06:5841:f:101::3/127; +            } +        } +        unit 30 { +            description NAT-LAN; +            vlan-id 30; +            family inet { +                address 185.110.148.167/31; +            } +            family inet6 { +                address 2a06:5841:f:101::5/127; +            } +        } +    } +} +snmp { +    contact "<removed>"; +    community {{ v.snmp_community }} { +        authorization read-only; +        client-list-name mgmt; +    } +} +protocols { +    ospf3 { +        realm ipv4-unicast { +            area 0.0.0.0 { +                interface reth0.10; +                interface reth0.20; +                interface reth0.30; +                interface lo0.0 { +                    passive; +                } +            } +            reference-bandwidth 1000g; +        } +        area 0.0.0.0 { +            interface reth0.10; +            interface reth0.20; +            interface reth0.30; +            interface lo0.0 { +                passive; +            } +        } +    } +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface all; +    } +} + + + + +{# Static interfaces #} + +interfaces { +    xe-0/0/2 { +        description "X: fab0"; +    } +    xe-0/0/3 { +        description "X: fab0"; +    } +    et-1/0/0 { +        description "G: r1.tele et-4/1/0 (reth0)"; +        gigether-options { +            redundant-parent reth0; +        } +    } +    xe-7/0/2 { +        description "X: fab1"; +    } +    xe-7/0/3 { +        description "X: fab1"; +    } +    et-8/0/0 { +        description "G: r1.tele et-5/1/0 (reth0)"; +        gigether-options { +            redundant-parent reth0; +        } +    } +    fab0 { +        fabric-options { +            member-interfaces { +                xe-0/0/2; +                xe-0/0/3; +            } +        } +    } +    fab1 { +        fabric-options { +            member-interfaces { +                xe-7/0/2;                +                xe-7/0/3; +            } +        } +    } +    lo0 { +        description "X: Loopback"; +        unit 0 { +            family inet { +                filter { +                    input mgmt-v4; +                } +                address 185.110.148.2/32; +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +                address 2a06:5841:f:a::2/128; +            } +        } +    } +    reth0 { +        description "B: r1.tele ae5"; +        vlan-tagging; +        redundant-ether-options { +            redundancy-group 1; +            lacp { +                active; +                periodic fast; +            } +        } +        unit 10 { +            description INET; +            vlan-id 10; +            family inet { +                address 185.110.148.163/31; +            } +            family inet6 { +                address 2a06:5841:f:101::1/127; +            } +        } +        unit 20 { +            description NAT-WIFI; +            vlan-id 20; +            family inet { +                address 185.110.148.165/31; +            } +            family inet6 { +                address 2a06:5841:f:101::3/127; +            } +        } +        unit 30 { +            description NAT-LAN; +            vlan-id 30; +            family inet { +                address 185.110.148.167/31; +            } +            family inet6 { +                address 2a06:5841:f:101::5/127; +            } +        } +    } +} + +policy-options { +    prefix-list mgmt-v4 { +    } +    prefix-list mgmt-v6 { +    } +    /* Merged separate v4- og v6-lister */ +    prefix-list mgmt { +        apply-path "policy-options prefix-list <mgmt-v*> <*>"; +    } +} + +firewall { +    family inet { +        filter mgmt-v4 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then { +                    discard; +                } +            } +            term accept-all { +                then accept; +            } +        } +    } +    family inet6 { +        filter mgmt-v6 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v6; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then discard; +            } +            term accept-all { +                then accept; +            } +        } +    } +} + +{% else %} +Unsupported option. Please use +"?switch=switch_name" +{% endif %} diff --git a/examples/tg23/templates/oxidized.json b/examples/tg23/templates/oxidized.json new file mode 100644 index 0000000..df15b7d --- /dev/null +++ b/examples/tg23/templates/oxidized.json @@ -0,0 +1,13 @@ +{% set mgmt = objects["read/switches-management"].switches %} +{% set ping = objects["public/ping"].switches %} +{% set switches = objects["public/switches"].switches %} +[ +{% for switch, state in ping.items() if state.latency4 is not none and not "server" in switches[switch].tags%} +    { +        "hostname": "{{ mgmt[switch].sysname }}.tg23.gathering.org", +        "os": "junos", +        "ipv4": "{{ mgmt[switch].mgmt_v4_addr }}", +        "ipv6": "{{ mgmt[switch].mgmt_v6_addr }}" +    }{% if not loop.last -%},{% endif %} +{%endfor%} +] diff --git a/examples/tg23/templates/r1.stand.conf b/examples/tg23/templates/r1.stand.conf new file mode 100644 index 0000000..60a7480 --- /dev/null +++ b/examples/tg23/templates/r1.stand.conf @@ -0,0 +1,513 @@ +{# Query parameters: ?switch=e1-1 #} +{%- if options["switch"] %} +{% set switch_name = options["switch"] %} +{% import "vars.conf" as v with context %} +{% include "global.conf" %} + +{%- set pve_nodes = [ +    'speilegg', +    'punchknapp', +    'sorbis', +    'hobby', +    'dumle', +    ] +%} + +virtual-chassis { +    preprovisioned; +    no-split-detection; +    member 0 { +        role routing-engine; +        serial-number <removed>; +    } +    member 1 { +        role routing-engine; +        serial-number <removed>; +    } +} + +chassis { +    redundancy { +        graceful-switchover; +    } +    aggregated-devices { +        ethernet { +            device-count 40; +        } +    } +} + +protocols { +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface all; +    } +    igmp-snooping { +        vlan all; +    } +    rstp { +        bridge-priority 4k; +    } +} + +groups { +    pvehosts { +        interfaces { +            <ae*> { +                vlan-tagging; +                encapsulation flexible-ethernet-services; +                aggregated-ether-options { +                    lacp { +                        active; +                    } +                } +                unit 0 { +                    family ethernet-switching { +                        interface-mode trunk; +                        vlan { +                            members [ techvm vmhosts vms ]; +                        } +                    } +                } +            } +        } +    } +} + + +routing-options { +    nonstop-routing; +} + +protocols { +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface all; +    } +    igmp-snooping { +        vlan all; +    } +    rstp { +        bridge-priority 4k; +    } +} + +vlans { +    vmhosts { +        vlan-id 100; +        l3-interface irb.100; +    } +    techvm { +        vlan-id 101; +        l3-interface irb.101; +    } +    vms { +        vlan-id 102; +        l3-interface irb.102; +    } +    tghack { +        vlan-id 200; +        l3-interface irb.200; +    } +} + +interfaces { +    lo0 { +        unit 0 { +            family inet { +                address 185.110.148.1/32; +            } +            family inet6 { +                address 2a06:5841:f:a::1/128; +            } +        } +    } + +    irb { +        unit 100 { +            family inet { +                address 185.110.148.65/27; +            } +            family inet6 { +                address 2a06:5841:f:c::1/64; +            } +        } +        unit 101 { +            family inet { +                address 185.110.148.129/27; +            } +            family inet6 { +                address 2a06:5841:f:e::1/64; +            } +        } +        unit 102 { +            family inet { +                address 151.216.249.1/24; +            } +            family inet6 { +                address  2a06:5841:100:1::1/64 ; +            } +        } +        unit 200 { +            family inet { +                address 151.216.252.1/27; +            } +            family inet6 { +                address 2a06:5841:200:a::1/64; +            } +        } +    } + + +    xe-0/0/10 { +    	description "C: krokodille (storage) (ae3)"; +	    gigether-options { +		    802.3ad ae3; +	    } +    } +    xe-0/0/11 { +    	description "C: krokodille (storage) (ae3)"; +	    gigether-options { +		    802.3ad ae3; +	    } +    } +    xe-1/0/10 { +    	description "C: krokodille (storage) (ae3)"; +	    gigether-options { +		    802.3ad ae3; +	    } +    } +    xe-1/0/11 { +    	description "C: krokodille (storage) (ae3)"; +	    gigether-options { +		    802.3ad ae3; +	    } +    } + +    xe-0/0/12 { +    	description "C: rekrutt (GPU) (ae7)"; +	    gigether-options { +		    802.3ad ae7; +	    } +    } + +    xe-1/0/12 { +    	description "C: rekrutt (GPU) (ae7)"; +	    gigether-options { +		    802.3ad ae7; +	    } +    } + +    xe-0/0/13 { +    	description "C: rekrutt (GPU) (ae7)"; +	    gigether-options { +		    802.3ad ae7; +	    } +    } + +    xe-1/0/13 { +    	description "C: rekrutt (GPU) (ae7)"; +	    gigether-options { +		    802.3ad ae7; +	    } +    } + +     +    xe-0/0/42 { +    	description "C: TGHACK 1"; +	    gigether-options { +		    802.3ad ae4; +	    } +    } +    xe-1/0/42 { +    	description "C: TGHACK 1"; +	    gigether-options { +		    802.3ad ae4; +	    } +    } +    xe-0/0/43 { +    	description "C: TGHACK 2"; +	    gigether-options { +		    802.3ad ae5; +	    } +    } +    xe-1/0/43 { +    	description "C: TGHACK 2"; +	    gigether-options { +		    802.3ad ae5; +	    } +    } +    xe-0/0/44 { +    	description "C: TGHACK 3"; +	    gigether-options { +		    802.3ad ae6; +	    } +    } +    xe-1/0/44 { +    	description "C: TGHACK 3"; +	    gigether-options { +		    802.3ad ae6; +	    } +    } +    xe-0/0/45 { +    	description "C: Unes"; +	    gigether-options { +		    802.3ad ae9; +	    } +    } +    xe-1/0/45 { +    	description "C: Unes"; +	    gigether-options { +		    802.3ad ae9; +	    } +    } +    et-0/0/48 { +        description "G: r1.tele et-4/0/2 (ae0)"; +        gigether-options { +            802.3ad ae0; +        } +    } +    et-1/0/48 { +        description "G: r1.tele et-5/0/2 (ae0)"; +        gigether-options { +            802.3ad ae0; +        } +    } +    ae0 { +        description "B: r1.tele ae12"; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.161/31; +            } +            family inet6 { +                address 2a06:5841:f:100::2/64; +            } +        } +    } +    ae3 { +        description "C: krokodille (storage) bond0"; +        flexible-vlan-tagging; +        encapsulation flexible-ethernet-services; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 100 { +            description "C: krokodille vm-host"; +            vlan-tags outer 100; +            family inet { +                address 185.110.148.34/31; +            } +            family inet6 { +                address 2a06:5841:f:b::2/127; +            } +        } +        unit 101 { +            description "C: krokodille vms"; +            vlan-tags outer 101; +            family inet { +                address 151.216.248.129/28;  +            } +            family inet6 { +                address 2a06:5841:100:2::1/64; +            } +        } +    } + +    ae4 { +        description "C: Crew-server (TG:Hack) 1"; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 0 { +		    family ethernet-switching { +                interface-mode access; +		        vlan { +                    members tghack; +                } +		    } +	    } +    } +    ae5 { +        description "C: Crew-server (TG:Hack) 2"; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 0 { +		    family ethernet-switching { +                interface-mode access; +		        vlan { +                    members tghack; +                } +		    } +	    } +    } +    ae6 { +        description "C: Crew-server (TG:Hack) 3"; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 0 { +		    family ethernet-switching { +                interface-mode access; +		        vlan { +                    members tghack; +                } +		    } +	    } +    } +    ae7 { +        description "C: rekrutt (GPU) bond0"; +        aggregated-ether-options { +            lacp { +                active; +                periodic fast; +            } +        } +        unit 0 { +            description "C: rekrutt"; +            family inet { +                address 151.216.248.145/28; +            } +            family inet6 { +                address 2a06:5841:100:3::1/64; +            } +        } +    } +    ae9 { +    	description "C: Crew-server (Unes)"; +	    aggregated-ether-options { +            lacp { +                active; +		        periodic fast; +            } +        } +        unit 0 { +		    family inet { +		        address 151.216.252.33/27; +		    } +		    family inet6 { +			    address 2a06:5841:200:b::1/64; +		    } +	    } +    } + +{% for node in pve_nodes %} +    {% set port = (loop.index - 1) * 2 %} +    xe-0/0/{{port}} { +        description "C: {{ node }} enp101s0f0 (ae1{{loop.index}})"; +        gigether-options { +            802.3ad ae1{{loop.index}}; +        } +    } +    xe-1/0/{{port}} { +        description "C: {{ node }} enp101s0f1 (ae1{{loop.index}})"; +        gigether-options { +            802.3ad ae1{{loop.index}}; +        } +    } +    {% set port = port + 1 %} +    xe-0/0/{{port}} { +        description "C: {{ node }} enp101s1f0 (ae1{{loop.index}})"; +        gigether-options { +            802.3ad ae1{{loop.index}}; +        } +    } +    xe-1/0/{{port}} { +        description "C: {{ node }} enp101s1f1 (ae1{{loop.index}})"; +        gigether-options { +            802.3ad ae1{{loop.index}}; +        } +    } +    ae1{{loop.index}} { +        apply-groups pvehosts; +        description "C: {{ node }} bond0"; +    } +{% endfor %} +} + +protocols { +    ospf3 { +        realm ipv4-unicast { +            area 0.0.0.0 { +                interface ae0.0; +            } +            export [ direct-to-ospf static-to-ospf ]; +        } +        area 0.0.0.0 { +            interface ae0.0; +        } +        export [ direct-to-ospf static-to-ospf ]; +        reference-bandwidth 1000g; +    } +} + +policy-options { +    policy-statement direct-to-ospf { +        from protocol direct; +        then { +            external { +                type 1; +            } +            accept; +        } +    } +    policy-statement static-to-ospf { +        from protocol static; +        then { +            external { +                type 1; +            } +            accept; +        } +    } +} + +firewall { +    family inet { +        filter 20G-POLICER-V4-FILTER { +       	    term A { +            	then policer 20G-POLICER; +            } +    	} +    } +    family inet6 { +        filter 20G-POLICER-V6-FILTER { +            term A { +                then policer 20G-POLICER; +            } +        } +    } +    policer 20G-POLICER { +        filter-specific; +        if-exceeding { +            bandwidth-limit 20g; +            burst-size-limit 100m; +        } +        then discard; +    } +} + +{% else %} +Unsupported option. Please use +"?switch=switch_name" +{% endif %} diff --git a/examples/tg23/templates/ssh.conf b/examples/tg23/templates/ssh.conf new file mode 100644 index 0000000..25214b3 --- /dev/null +++ b/examples/tg23/templates/ssh.conf @@ -0,0 +1,10 @@ +{# Query parameters: ?username=arne #} +{% set ssh_username = options['username']|default('ARNE') %} + +{% for (switch, s) in objects["public/switches"].switches|dictsort %} +{% set mg = objects["read/switches-management"].switches[switch]  -%} +Host {{ switch }}.tg23.gathering.org {{ switch }} +  User {{ ssh_username }} +  ProxyJump my-proxyjump + +{% endfor %} diff --git a/examples/tg23/templates/vars-mgmt-nets.conf b/examples/tg23/templates/vars-mgmt-nets.conf new file mode 100644 index 0000000..1e7214e --- /dev/null +++ b/examples/tg23/templates/vars-mgmt-nets.conf @@ -0,0 +1,10 @@ +{% +        set mgmt_nets = { +                'v4' : { +                        '185.110.148.0/24': 'TG23 Infrastruktur (loopback,linknets,tech-servers)', +                }, +                'v6' : { +                        '2a06:5841:f::/48': 'TG23 Infrastruktur (loopback,linknets,tech-servers)' +                } +        } + %} diff --git a/examples/tg23/templates/vars-natfw1.tele.conf b/examples/tg23/templates/vars-natfw1.tele.conf new file mode 100644 index 0000000..903312a --- /dev/null +++ b/examples/tg23/templates/vars-natfw1.tele.conf @@ -0,0 +1,27 @@ +{# Static Vars #} +{% set root_pw= '<removed>' %} +{% set tech_pw = '<removed>' %} +{% set snmp_community = '<removed>' %} + +{% set nameservers = [ +        '2a06:5841:f:d::101', +        '2a06:5841:f:e::132', +    ] +%} + +{% set tacplusserver = "<removed>" %} +{% set tacplus_secret = '"<removed>"'%} + + +{# stuff from global.conf 2023-03-26 #} + +policy-options { +    prefix-list mgmt-v4 { +    } +    prefix-list mgmt-v6 { +    } +    /* Merged separate v4- og v6-lister */ +    prefix-list mgmt { +        apply-path "policy-options prefix-list <mgmt-v*> <*>"; +    } +}
\ No newline at end of file diff --git a/examples/tg23/templates/vars.conf b/examples/tg23/templates/vars.conf new file mode 100644 index 0000000..6080ecc --- /dev/null +++ b/examples/tg23/templates/vars.conf @@ -0,0 +1,135 @@ +{# Include API info #} +{# used mainly for edge/distro #} +{% set switch = objects["public/switches"].switches[switch_name] %} +{% set switches2 = objects["public/switches"]["switches"] %} +{% set switch_tags = objects["public/switches"].switches[switch_name].tags %} +{% set switch_management = objects["read/switches-management"].switches[switch_name] %} +{% set switch_management_network = objects["read/networks"].networks[switch_management.mgmt_vlan] %} +{% set switches = objects["read/switches-management"]["switches"] %} +{% set states = objects["public/switch-state"]["switches"] %} +{% set distro_networks = objects["read/networks"]["networks"] %} +{% set port = switches[switch_name].distro_phy_port %} +{% set tree = objects["public/distro-tree"]["distro-tree-phy"] %} +{% set device_tree = objects["public/distro-tree"]["distro-tree-sys"] %} +{% set network = distro_networks[switch_name] %} + +{# Some functions that helps us create interfaces #} +{% macro create_interface_vc(port) -%} +{{ port.split("-")[1].split("/")[0] }} +{%- endmacro %} + +{% macro create_interface_ge0(port) -%} +{{ port.split("/")[2] | replace('.0', '')}} +{%- endmacro %} + +{% macro create_interface_ge1(port) -%} +{{ create_interface_ge0(port) | int + 1}} +{%- endmacro %} + +{% macro create_interface_ae(port) -%} +{{ create_interface_ge0(port) | int + 100}} +{%- endmacro %} + + +{# Static Vars #} +{% set root_pw= '<removed>' %} +{% set tech_pw = '<removed>' %} +{% set snmp_community = '<removed>' %} + + +{% set nameservers = [ +        '2a06:5841:f:d::101', +        '2a06:5841:f:e::132', +    ] +%} + +{% set tacplusserver = "<removed>" %} +{% set tacplus_secret = '<removed>'%} + +{% set uplink_ns = namespace(uplink_ports=[], all_ports=[]) %} + +{# +Uplink porter: +Vi reserverer i utgangspunktet alle siste 4 1g porter og 10g porter til uplink. +EX4300-48MP er unntak ettersom det er trengsel på multirate porter. + +#} + +{%- set uplink_ns.active = [] %} +{%- set uplink_ns.unused = [] %} + +{% if "ex4300-48mp" in switch_tags %} +    {% if "10g-uplink" in switch_tags and "10g-copper" in switch_tags %} +        {%- set uplink_ns.uplink_ports = ['mge-0/0/46','mge-0/0/47'] %} +        {%- set uplink_ns.all_ports = ['mge-0/0/46','mge-0/0/47'] %} {# litt mangel på porter her, så bare mulig med 2 stk uplink #} +        {%- if "1-uplink" in switch_tags %} +            {%- set uplink_ns.uplink_ports = ['mge-0/0/46'] %} +        {%- endif %} +    {%- else %} +        {%- set uplink_ns.uplink_ports = ['xe-0/2/0','xe-0/2/1'] %} +        {%- set uplink_ns.all_ports = ['xe-0/2/0','xe-0/2/1' ] %} {# støtter bare 2 uplinks her og, burde holde #} +        {%- if "1-uplink" in switch_tags %} +            {%- set uplink_ns.uplink_ports = ['xe-0/2/0'] %} +        {%- endif %} +    {%- endif %} +{%- elif "10g-uplink" in switch_tags %} +    {%- set uplink_ns.uplink_ports = ['xe-0/1/0','xe-0/1/1'] %} +    {%- set uplink_ns.all_ports = ['xe-0/1/0','xe-0/1/1','xe-0/1/2', 'xe-0/1/3'] %} +    {%- if "1-uplink" in switch_tags %} +        {%- set uplink_ns.uplink_ports = ['xe-0/1/1'] %} +    {%- elif "2-uplinks" in switch_tags %} +        {%- set uplink_ns.uplink_ports = ['xe-0/1/0','xe-0/1/1'] %} +    {%- elif "3-uplinks" in switch_tags %} +        {%- set uplink_ns.uplink_ports = ['xe-0/1/0','xe-0/1/1','xe-0/1/2'] %} +    {%- elif "4-uplinks" in switch_tags %} +        {%- set uplink_ns.uplink_ports = ['xe-0/1/0','xe-0/1/1','xe-0/1/2', 'xe-0/1/3'] %} +    {%- endif %} +{%- elif switch_name == "e1.roof" or switch_name == "e2.roof" %} +    {%- set uplink_ns.uplink_ports = ['ge-0/1/0'] %} +    {%- set uplink_ns.all_ports = ['ge-0/1/0','ge-0/1/1','ge-0/1/2','ge-0/1/3'] %} +{%- else %} +    {%- set uplink_ns.uplink_ports = ['ge-0/0/44','ge-0/0/45'] %} +    {%- set uplink_ns.all_ports = ['ge-0/0/44','ge-0/0/45','ge-0/0/46','ge-0/0/47'] %} +    {%- if "1-uplink" in switch_tags %} +        {%- set uplink_ns.uplink_ports = ['ge-0/0/44'] %} +    {%- elif "2-uplinks" in switch_tags %} +         {%- set uplink_ns.uplink_ports = ['ge-0/0/44','ge-0/0/45'] %} +    {%- elif "3-uplinks" in switch_tags %} +        {%- set uplink_ns.uplink_ports = ['ge-0/0/44','ge-0/0/45','ge-0/0/46'] %} +    {%- elif "4-uplinks" in switch_tags %} +         {%- set uplink_ns.uplink_ports = uplink_ns.all_ports %} +    {%- endif %} +{%- endif %} + +{# MAPS with info we're missing from gondul API#} +{% set distrodata = { +        'd1.floor' : {'if1':'et-0/2/0', 'if2':'et-1/2/0', 'uplink_device':'d1.roof', 'remote_phy1':'et-0/0/49', 'remote_phy2':'et-1/0/49', 'remote_ae':'ae18'}, +        'd2.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/1', 'remote_phy2':'xe-1/0/1', 'remote_ae':'ae10'}, +        'd3.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/2', 'remote_phy2':'xe-1/0/2', 'remote_ae':'ae11'}, +        'd4.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/3', 'remote_phy2':'xe-1/0/3', 'remote_ae':'ae12'}, +        'd5.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/4', 'remote_phy2':'xe-1/0/4', 'remote_ae':'ae13'}, +        'd6.floor' : {'if1':'xe-0/1/0', 'if2':'xe-1/1/0', 'uplink_device':'d1.roof', 'remote_phy1':'xe-0/0/5', 'remote_phy2':'xe-1/0/5', 'remote_ae':'ae14'}, +        'd1.ring' : {'if1':'et-4/0/24', 'if2':'et-5/1/0', 'uplink_device':'r1.tele', 'remote_phy1':'et-4/0/1', 'remote_phy2':'et-5/0/1', 'remote_ae':'ae11'}, +        'd1.bird' : {'if1':'xe-0/1/0', 'if2':'xe-0/1/1', 'uplink_device':'d1.ring', 'remote_phy1':'xe-4/0/2', 'remote_phy2':'xe-4/0/3', 'remote_ae':'ae100'}, +        'd1.sponsor' : {'if1':'xe-0/1/0', 'if2':'xe-0/1/1', 'uplink_device':'d1.ring', 'remote_phy1':'xe-5/2/0', 'remote_phy2':'xe-5/2/1', 'remote_ae':'ae102'}, +        'd1.resepsjon' : {'if1':'xe-0/1/0', 'if2':'xe-0/1/1', 'uplink_device':'d1.ring', 'remote_phy1':'xe-4/0/6', 'remote_phy2':'xe-4/0/7', 'remote_ae':'ae103'}, +    } + %} + +{% set vc_config = { +        'd1.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], +        'd2.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], +        'd3.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], +        'd4.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], +        'd5.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], +        'd6.floor' : [{'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':true}, {'sn':'<removed>', 're':false}], +        'd1.ring' : [{'sn':'<removed>', 'loc':'south'}, {'sn':'<removed>', 'loc':'log', 're':true}, {'sn':'<removed>', 'loc':'swing'}, {'sn':'<removed>', 'loc':'north', }, {'sn':'<removed>', 'loc':'noc','re':true}, {'sn':'<removed>', 'loc':'tele'}], +    } +%} + +{% set ustkutt_distro_ae = { +    'd1.bird' : "ae100", +    'd1.north' : "ae101", +    'd1.sponsor' : 'ae102', +    'd1.resepsjon' : 'ae103' +} %} | 
