forked from dd-ix/ddix-ansible-ixp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDCS-7050SX-64.conf.j2
135 lines (135 loc) · 3.54 KB
/
DCS-7050SX-64.conf.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
{% import 'DCS-MACROS.j2' as dcs with context -%}
!
{{ ansible_managed|comment(decoration="! ") }}
!
aaa root ssh-key {{ secrets.eos.root_pubkey }}
aaa authentication policy local allow-nopassword-remote-login
!
username admin role network-admin secret sha512 {{ secrets.eos.admin_hash }}
username ddix-deploy role network-admin secret sha512 {{ secrets.eos.deploy_hash }}
username ddix-deploy ssh-key {{ secrets.eos.root_pubkey }}
!
service interface unconnected expose
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
logging monitor warnings
!
hostname {{ switch_vars.inventory_hostname_short }}
!
sflow sample 15
sflow vrf inband-mgmt destination 2a01:7700:80b0:4101::3
sflow vrf inband-mgmt source-interface Loopback3
sflow interface disable default
sflow run
!
snmp-server contact DD-IX NOC <[email protected]>
snmp-server location {{ switch_vars.snmp_location }}
snmp-server local-interface Loopback3
snmp-server community {{ secrets.eos.snmp_community }} ro
snmp-server vrf inband-mgmt
!
spanning-tree mode none
!
{% block vlans %}
{% endblock %}
vrf instance inband-mgmt
!
radius-server host 2a01:7700:80b0:6001::4 vrf inband-mgmt key 7 {{ secrets.eos.radius_key }}
!
aaa authentication login default local group radius
aaa authentication login console local group radius
!
{% block interfaces %}
{% endblock %}
!
{% block mac_address_table %}
{% endblock %}
{# RFC8327: BGP Culling ACLs #}
ipv6 access-list bgp-culling-ipv6
10 deny tcp 2001:7f8:79::/64 eq bgp 2001:7f8:79::/64
20 deny tcp 2001:7f8:79::/64 2001:7f8:79::/64 eq bgp
100 permit ipv6 any any
!
ip access-list bgp-culling-ipv4
10 deny tcp 193.201.151.64/26 eq bgp 193.201.151.64/26
20 deny tcp 193.201.151.64/26 193.201.151.64/26 eq bgp
100 permit ip any any
!
ip routing
ip routing vrf inband-mgmt
!
ipv6 unicast-routing
ipv6 unicast-routing vrf inband-mgmt
!
mac access-list block
100 remark drop any
101 deny any any log
!
{% for ifnum, settings in switch_vars.interfaces.Ethernet|dictsort %}
{% if settings.profile == "peer" %}
{{ dcs.mac_acl_peer(ifnum) -}}
{% endif %}
{% endfor %}
{% block routes %}
{% endblock %}
ntp server vrf inband-mgmt 2a01:7700::3 iburst
ntp server vrf inband-mgmt 2a01:7700::4 iburst
ntp server vrf inband-mgmt 2a01:7700::5 iburst
!
router bgp 65044
router-id {{ switch_vars.router_id }}
no bgp default ipv4-unicast
maximum-paths 8 ecmp 8
bgp bestpath tie-break router-id
neighbor backbone peer group
neighbor backbone remote-as 65044
neighbor backbone update-source Loopback0
neighbor backbone send-community
neighbor backone peer group
{% for eos in groups.eos|difference(switch_vars.inventory_hostname) %}
neighbor {{ hostvars[eos].router_id }} peer group backbone
{% endfor %}
!
vlan 600
rd 65044:20600
route-target both 65044:20600
redistribute learned
!
address-family evpn
neighbor backbone activate
!
address-family ipv6
neighbor backbone activate
!
vrf inband-mgmt
rd 65044:30001
route-target import evpn 65044:30001
route-target export evpn 65044:30001
router-id {{ switch_vars.router_id }}
redistribute connected
redistribute static
!
address-family ipv6
redistribute connected
redistribute static
!
router isis backbone
net {{ switch_vars.isis_net }}
is-type level-2
log-adjacency-changes
!
address-family ipv4 unicast
bfd all-interfaces
!
address-family ipv6 unicast
bfd all-interfaces
multi-topology
!
management ssh
vrf inband-mgmt
no shutdown
!
end