├── requirements.yml ├── files ├── images │ ├── 2tier.PNG │ ├── spine_leaf.PNG │ ├── value_cells1.PNG │ ├── value_cells2.PNG │ ├── campus_attached.png │ ├── protected_cells1.PNG │ ├── protected_cells2.PNG │ └── attached_dedicated_dc.PNG ├── dedicated_two_tier_DCN_Settings.xlsx ├── campus_attached_dcToR_DCN_Settings.xlsx ├── dedicated_spine_leaf_ebgp_DCN_Settings.xlsx └── dedicated_spine_leaf_ibgp_DCN_Settings.xlsx ├── ansible.cfg ├── dynamic_ibgp_spine_leaf_inventory.yml ├── dynamic_2tier_dedicated_dc_inventory.yml ├── dynamic_ebgp_spine_leaf_inventory.yml ├── requirements.txt ├── dynamic_campus_attached_dc_tor_inventory.yml ├── tasks └── aoscx │ ├── add_list_of_bgp_neighbors.yml │ ├── create_vsx.yml │ ├── vsx_config.yml │ ├── evpn.yml │ ├── add_lag_members.yml │ ├── vxlan.yml │ ├── create_lag.yml │ └── bgp_neighbor.yml ├── templates ├── 2Tier │ ├── access.j2 │ └── core.j2 ├── iBGP │ ├── spine.j2 │ └── leaf.j2 ├── eBGP │ ├── spine.j2 │ └── leaf.j2 └── 2TierV2 │ ├── access.j2 │ └── core.j2 ├── deploy_2tierv2_dcn.yml ├── configure_mclag.yml ├── deploy_ebgp_evpn_vxlan.yml ├── deploy_ibgp_evpn_vxlan.yml ├── configure_vsx.yml ├── configs └── sample_configs │ ├── arch2 │ ├── Zone1-Rack1-Access1-final.conf │ ├── Zone1-Rack3-Access3-final.conf │ ├── Zone1-Rack1-Access2-final.conf │ ├── Zone1-Rack3-Access4-final.conf │ ├── Zone1-Core1a-final.conf │ └── Zone1-Core1b-final.conf │ ├── arch3_iBGP │ ├── Zone1-Spine1-final.conf │ ├── Zone1-Spine2-final.conf │ ├── Zone1-Rack1-Leaf1a-final.conf │ ├── Zone1-Rack1-Leaf1b-final.conf │ ├── Zone1-Rack3-Leaf3a-final.conf │ └── Zone1-Rack3-Leaf3b-final.conf │ ├── arch3_eBGP │ ├── Zone1-Spine1-final.conf │ ├── Zone1-Spine2-final.conf │ ├── Zone1-Rack1-Leaf1a-final.conf │ ├── Zone1-Rack1-Leaf1b-final.conf │ ├── Zone1-Rack3-Leaf3a-final.conf │ └── Zone1-Rack3-Leaf3b-final.conf │ ├── arch1 │ ├── Zone1-Core1a-final.conf │ └── Zone1-Core1b-final.conf │ └── arch4 │ ├── rsvdc-core1-1.txt │ ├── rsvdc-core1-2.txt │ ├── rsvdc-access1-1.txt │ ├── rsvdc-access1-2.txt │ ├── rsvdc-access2-1.txt │ └── rsvdc-access2-2.txt ├── deploy_campus_attached_dc_tor.yml ├── filter_plugins └── aoscx_filters.py ├── CONTRIBUTING.md ├── deploy_2tier_dedicated_datacenter.yml ├── inventory_2tier_dedicated_dc.yml ├── inventory_2tierv2_dcn.yml ├── inventory_spine_leaf.yml └── LICENSE /requirements.yml: -------------------------------------------------------------------------------- 1 | # aoscx collection from galaxy 2 | collections: 3 | - arubanetworks.aoscx -------------------------------------------------------------------------------- /files/images/2tier.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/images/2tier.PNG -------------------------------------------------------------------------------- /files/images/spine_leaf.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/images/spine_leaf.PNG -------------------------------------------------------------------------------- /files/images/value_cells1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/images/value_cells1.PNG -------------------------------------------------------------------------------- /files/images/value_cells2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/images/value_cells2.PNG -------------------------------------------------------------------------------- /files/images/campus_attached.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/images/campus_attached.png -------------------------------------------------------------------------------- /files/images/protected_cells1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/images/protected_cells1.PNG -------------------------------------------------------------------------------- /files/images/protected_cells2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/images/protected_cells2.PNG -------------------------------------------------------------------------------- /files/images/attached_dedicated_dc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/images/attached_dedicated_dc.PNG -------------------------------------------------------------------------------- /files/dedicated_two_tier_DCN_Settings.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/dedicated_two_tier_DCN_Settings.xlsx -------------------------------------------------------------------------------- /files/campus_attached_dcToR_DCN_Settings.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/campus_attached_dcToR_DCN_Settings.xlsx -------------------------------------------------------------------------------- /files/dedicated_spine_leaf_ebgp_DCN_Settings.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/dedicated_spine_leaf_ebgp_DCN_Settings.xlsx -------------------------------------------------------------------------------- /files/dedicated_spine_leaf_ibgp_DCN_Settings.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aruba/aoscx-ansible-dcn-workflows/HEAD/files/dedicated_spine_leaf_ibgp_DCN_Settings.xlsx -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | ######################## 2 | # Ansible environment 3 | # variables 4 | ######################## 5 | [defaults] 6 | host_key_checking=False 7 | jinja2_native=True 8 | -------------------------------------------------------------------------------- /dynamic_ibgp_spine_leaf_inventory.yml: -------------------------------------------------------------------------------- 1 | --- 2 | plugin: aoscx_dcn_plugin # Name of the plugin 3 | path_to_inventory: ./files # Directory location of CSV 4 | excel_file: dedicated_spine_leaf_ibgp_DCN_Settings.xlsx 5 | -------------------------------------------------------------------------------- /dynamic_2tier_dedicated_dc_inventory.yml: -------------------------------------------------------------------------------- 1 | --- 2 | plugin: aoscx_dcn_plugin # Name of the plugin 3 | path_to_inventory: ./files # Directory location of Excel 4 | excel_file: dedicated_two_tier_DCN_Settings.xlsx # Name of the Excel 5 | -------------------------------------------------------------------------------- /dynamic_ebgp_spine_leaf_inventory.yml: -------------------------------------------------------------------------------- 1 | --- 2 | plugin: aoscx_dcn_plugin # Name of the plugin 3 | path_to_inventory: ./files # Directory location of Excel 4 | excel_file: dedicated_spine_leaf_ebgp_DCN_Settings.xlsx # Name of Excel 5 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | Jinja2>=2.10 # ansible 2 | paramiko>=2.1.1 # ansible 3 | pip>=6.0 4 | requests>=2.2.0 # module_utils/aoscx.py 5 | netaddr>=0.7.5 # templates/2Tier/core.j2 6 | pyaoscx>=2.5.1 7 | openpyxl 8 | -------------------------------------------------------------------------------- /dynamic_campus_attached_dc_tor_inventory.yml: -------------------------------------------------------------------------------- 1 | --- 2 | plugin: aoscx_dcn_plugin # Name of the plugin 3 | path_to_inventory: ./files # Directory location of Excel 4 | excel_file: campus_attached_dcToR_DCN_Settings.xlsx # Name of Excel File 5 | -------------------------------------------------------------------------------- /tasks/aoscx/add_list_of_bgp_neighbors.yml: -------------------------------------------------------------------------------- 1 | # This task list is used to add list of IP address as BGP Neighbors 2 | - name: 3 | include: tasks/aoscx/bgp_neighbor.yml 4 | vars: 5 | neighbor_ip: "{{ loop_neighbors }}" 6 | remote_as: "{{ bgp_neighbors_asn | int }}" 7 | loop: "{{ bgp_neighbors }}" 8 | loop_control: 9 | loop_var: loop_neighbors -------------------------------------------------------------------------------- /templates/2Tier/access.j2: -------------------------------------------------------------------------------- 1 | hostname {{hostname}} 2 | ! 3 | ! 4 | ! 5 | ssh server vrf mgmt 6 | ! 7 | ! 8 | ! 9 | ! 10 | ! 11 | vlan 1 12 | spanning-tree 13 | spanning-tree config-name {{stp_config_name}} 14 | spanning-tree config-revision {{stp_rev_num}} 15 | {% for vlan in server_vlans %} 16 | spanning-tree instance 1 vlan {{vlan}} 17 | {% endfor %} 18 | ! 19 | https-server rest access-mode read-write 20 | https-server vrf mgmt 21 | -------------------------------------------------------------------------------- /deploy_2tierv2_dcn.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | gather_facts: False 3 | collections: 4 | - arubanetworks.aoscx 5 | vars: 6 | ansible_connection: network_cli 7 | tasks: 8 | - name: Generate Template for Device 9 | template: src="{{config_template}}" dest="{{config_path}}{{hostname}}.conf" mode='0777' 10 | 11 | - name: Copy generated config to device via SSH 12 | aoscx_config: 13 | src: "{{config_path}}{{hostname}}.conf" 14 | 15 | - name: Configure system interface-group speeds when provided 16 | block: 17 | - name: Enable auto-confirm 18 | aoscx_command: 19 | commands: ['auto-confirm'] 20 | 21 | - name: enabling 10g speed on system interface-group {{item}} 22 | aoscx_config: 23 | lines: 24 | - system interface-group {{item}} speed 10g 25 | loop: "{{speed_interface_group_10g}}" 26 | 27 | - name: Disable auto-confirm 28 | aoscx_command: 29 | commands: ['no auto-confirm'] 30 | when: speed_interface_group_10g is defined 31 | -------------------------------------------------------------------------------- /configure_mclag.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | gather_facts: False 3 | collections: 4 | - arubanetworks.aoscx 5 | vars: 6 | mclag_id: 12 7 | mclag_vlans: 8 | - 11 9 | - 12 10 | mclag_ports: 11 | - 1/1/2 12 | - 1/1/4 13 | mclag_description: MCLAG_12 14 | tasks: 15 | - name: Create VLANs {{mclag_vlans}} 16 | aoscx_vlan: 17 | vlan_id: "{{ item }}" 18 | with_items: "{{ mclag_vlans }}" 19 | 20 | - name: Create MCLAG Interface 64 with 3 interfaces. 21 | aoscx_lag_interface: 22 | state: create 23 | name: lag{{ mclag_id }} 24 | interfaces: "{{ mclag_ports }}" 25 | multi_chassis: true 26 | 27 | - name: Configure MCLAG L2 Interface 28 | aoscx_l2_interface: 29 | interface: lag{{ mclag_id }} 30 | vlan_mode: trunk 31 | vlan_trunks: "{{ mclag_vlans}}" 32 | 33 | - name: Enable MCLAG Interface 34 | aoscx_interface: 35 | name: lag{{ mclag_id }} 36 | enabled: true 37 | description: "{{ mclag_description }}" 38 | -------------------------------------------------------------------------------- /deploy_ebgp_evpn_vxlan.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: aoscx_switches 3 | collections: 4 | - arubanetworks.aoscx 5 | gather_facts: False 6 | vars: 7 | ansible_connection: network_cli 8 | tasks: 9 | - name: Generate Template for Device 10 | template: src="{{templates_path | default("./")}}eBGP/{{config_template}}" dest="{{config_path}}{{inventory_hostname}}.conf" mode='0777' 11 | 12 | - name: Copy generated config to device via SSH 13 | aoscx_config: 14 | src: "{{config_path}}{{hostname}}.conf" 15 | 16 | - name: Configure system interface-group speeds when provided 17 | block: 18 | - name: Enable auto-confirm 19 | aoscx_command: 20 | commands: ['auto-confirm'] 21 | 22 | - name: enabling 10g speed on system interface-group {{item}} 23 | aoscx_config: 24 | lines: 25 | - system interface-group {{item}} speed 10g 26 | loop: "{{speed_interface_group_10g}}" 27 | 28 | - name: Disable auto-confirm 29 | aoscx_command: 30 | commands: ['no auto-confirm'] 31 | when: speed_interface_group_10g is defined 32 | -------------------------------------------------------------------------------- /deploy_ibgp_evpn_vxlan.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: aoscx_switches 3 | collections: 4 | - arubanetworks.aoscx 5 | vars: 6 | ansible_connection: network_cli 7 | gather_facts: False 8 | tasks: 9 | - name: Generate Template for Device 10 | template: src="{{templates_path | default("./")}}iBGP/{{config_template}}" dest="{{config_path}}{{inventory_hostname}}.conf" mode='0777' 11 | 12 | - name: Copy generated config to device via SSH 13 | aoscx_config: 14 | src: "{{config_path}}{{hostname}}.conf" 15 | 16 | - name: Configure system interface-group speeds when provided 17 | block: 18 | - name: Enable auto-confirm 19 | aoscx_command: 20 | commands: ['auto-confirm'] 21 | 22 | - name: enabling 10g speed on system interface-group {{item}} 23 | aoscx_config: 24 | lines: 25 | - system interface-group {{item}} speed 10g 26 | loop: "{{speed_interface_group_10g}}" 27 | 28 | - name: Disable auto-confirm 29 | aoscx_command: 30 | commands: ['no auto-confirm'] 31 | when: speed_interface_group_10g is defined 32 | -------------------------------------------------------------------------------- /templates/2Tier/core.j2: -------------------------------------------------------------------------------- 1 | hostname {{hostname}} 2 | ! 3 | ! 4 | ! 5 | ssh server vrf mgmt 6 | ! 7 | ! 8 | ! 9 | ! 10 | ! 11 | router ospf 1 12 | router-id {{loopback0_ip}} 13 | area {{ospf_area}} 14 | vlan 1 15 | vlan {{ibgp_transit_vlan}} 16 | spanning-tree 17 | spanning-tree priority {{stp_priority}} 18 | spanning-tree config-name {{stp_config_name}} 19 | spanning-tree config-revision {{stp_rev_num}} 20 | {% for vlan in server_vlans %} 21 | spanning-tree instance 1 vlan {{vlan}} 22 | {% endfor %} 23 | interface vlan4000 24 | description IBGP transit 25 | ip address {{ibgp_transit_vlan_ip}}/31 26 | ip ospf 1 area {{ospf_area}} 27 | ip ospf network point-to-point 28 | {% if mtu is defined %} 29 | ip mtu {{mtu}} 30 | {% endif %} 31 | interface loopback 0 32 | ip address {{loopback0_ip}}/32 33 | ip ospf 1 area {{ospf_area}} 34 | router bgp {{asn}} 35 | bgp router-id {{loopback0_ip}} 36 | address-family ipv4 unicast 37 | {% for vlan in core_vlan_interfaces %} 38 | network {{vlan.ipv4 | ipaddr('0')}} 39 | {% endfor %} 40 | ! 41 | https-server rest access-mode read-write 42 | https-server vrf mgmt 43 | -------------------------------------------------------------------------------- /templates/iBGP/spine.j2: -------------------------------------------------------------------------------- 1 | hostname {{hostname}} 2 | ! 3 | ! 4 | ! 5 | ssh server vrf mgmt 6 | ! 7 | ! 8 | ! 9 | ! 10 | ! 11 | router ospf 1 12 | router-id {{loopback0_ip}} 13 | area {{ospf_area}} 14 | vlan 1 15 | {% for vsx_pair, vsx_pair_data in vsx_pair_downlinks.items() %} 16 | {% for interface_data in vsx_pair_data %} 17 | interface {{interface_data.vsx_pair_downlink_int}} 18 | no shutdown 19 | {% if mtu is defined %} 20 | ip mtu {{mtu}} 21 | mtu {{mtu}} 22 | {% endif %} 23 | description {{vsx_pair}}-Downlink 24 | ip address {{interface_data.vsx_pair_downlink_ip}}/31 25 | ip ospf 1 area {{ospf_area}} 26 | ip ospf network point-to-point 27 | {% endfor %} 28 | {% endfor %} 29 | interface loopback 0 30 | ip address {{loopback0_ip}}/32 31 | ip ospf 1 area {{ospf_area}} 32 | router bgp {{asn}} 33 | bgp router-id {{loopback0_ip}} 34 | {% for vsx_pair in vsx_pairs %} 35 | {% for loopback in vsx_pair.loopback_ips %} 36 | neighbor {{loopback}} remote-as {{asn}} 37 | neighbor {{loopback}} update-source loopback 0 38 | {% endfor %} 39 | {% endfor %} 40 | address-family l2vpn evpn 41 | {% for vsx_pair in vsx_pairs %} 42 | {% for loopback in vsx_pair.loopback_ips %} 43 | neighbor {{loopback}} activate 44 | neighbor {{loopback}} route-reflector-client 45 | neighbor {{loopback}} send-community extended 46 | {% endfor %} 47 | {% endfor %} 48 | exit-address-family 49 | ! 50 | https-server rest access-mode read-write 51 | https-server vrf mgmt 52 | -------------------------------------------------------------------------------- /configure_vsx.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | gather_facts: False 3 | collections: 4 | - arubanetworks.aoscx 5 | vars: 6 | vsx_role: primary 7 | vsx_keepalive_int: 1/1/32 8 | vsx_keepalive_ip_primary: 192.168.1.110 9 | vsx_keepalive_ip_secondary: 192.168.1.111 10 | vsx_system_mac: 00:00:00:00:01:11 11 | vsx_isl_lagid: 1 12 | vsx_isl_ports: 13 | - 1/1/10 14 | - 1/1/11 15 | tasks: 16 | - set_fact: 17 | is_primary: "{{ vsx_role == 'primary' }}" 18 | 19 | - name: Create VSX keepalive L3 interface 20 | aoscx_l3_interface: 21 | interface: "{{ vsx_keepalive_int }}" 22 | description: "VSX KA" 23 | ipv4: "{{ vsx_keepalive_ip_primary if is_primary else vsx_keepalive_ip_secondary}}/31" 24 | 25 | - name: Create MCLAG Interface 64 with 3 interfaces. 26 | aoscx_lag_interface: 27 | state: create 28 | name: lag{{ vsx_isl_lagid }} 29 | interfaces: "{{ vsx_isl_ports }}" 30 | 31 | - name: Enable ISL Lag Interface 32 | aoscx_interface: 33 | name: lag{{ mclag_id }} 34 | enabled: true 35 | description: "VSX ISL" 36 | 37 | - name: Create VSX configuration 38 | aoscx_vsx: 39 | device_role: "{{ vsx_role }}" 40 | isl_port: lag"{{ vsx_isl_lagid }}" 41 | keepalive_peer_ip: "{{ vsx_keepalive_ip_secondary if is_primary else vsx_keepalive_ip_primary }}" 42 | keepalive_src_ip: "{{ vsx_keepalive_ip_primary if is_primary else vsx_keepalive_ip_secondary }}" 43 | system_mac: "{{ vsx_system_mac }}" 44 | -------------------------------------------------------------------------------- /tasks/aoscx/create_vsx.yml: -------------------------------------------------------------------------------- 1 | # This task list is used to configure VSX 2 | - block: 3 | # Login to AOS-CX Switch 4 | - name: Login to AOS-CX Switch 5 | uri: 6 | url: "https://{{ ansible_host }}/rest/v1/login" 7 | method: POST 8 | return_content: yes 9 | headers: 10 | Content-Type: "application/x-www-form-urlencoded" 11 | Accept: application/json 12 | body: "username={{ ansible_user }}&password={{ ansible_password }}" 13 | validate_certs: no 14 | status_code: 200 15 | follow_redirects: yes 16 | register: cx_session 17 | 18 | # Create VSX table entry 19 | - name: Create VSX table entry 20 | uri: 21 | url: "https://{{ ansible_host }}/rest/v1/system/vsx" 22 | method: POST 23 | body_format: json 24 | headers: 25 | cookie: "{{ cx_session.set_cookie }}" 26 | body: { 27 | "device_role": "{{ role }}", 28 | "isl_port": "/rest/v1/system/ports/lag{{ isl_lag_id }}", 29 | "keepalive_peer_ip": "{{ keepalive_peer_ip }}", 30 | "keepalive_src_ip": "{{ keepalive_src_ip }}", 31 | "system_mac": "{{ system_mac }}" 32 | } 33 | validate_certs: no 34 | status_code: 201 35 | register: response 36 | changed_when: response.status == 201 37 | 38 | rescue: 39 | - debug: 40 | msg: "{{ response.msg }}" 41 | 42 | always: 43 | # Logout from AOS-CX Switch 44 | - name: Logout from AOS-CX Switch 45 | uri: 46 | url: 'https://{{ ansible_host }}/rest/v1/logout' 47 | method: POST 48 | body_format: json 49 | headers: 50 | cookie: "{{ cx_session.set_cookie }}" 51 | validate_certs: no 52 | status_code: 200 53 | -------------------------------------------------------------------------------- /tasks/aoscx/vsx_config.yml: -------------------------------------------------------------------------------- 1 | # This task list is used to configure VSX and its attributes 2 | - block: 3 | # Login to AOS-CX Switch 4 | - name: Login to AOS-CX Switch 5 | uri: 6 | url: "https://{{ ansible_host }}/rest/v1/login" 7 | method: POST 8 | return_content: yes 9 | headers: 10 | Content-Type: "application/x-www-form-urlencoded" 11 | Accept: application/json 12 | body: "username={{ ansible_user }}&password={{ ansible_password }}" 13 | validate_certs: no 14 | status_code: 200 15 | follow_redirects: yes 16 | register: cx_session 17 | 18 | # Create VSX table entry 19 | - name: Create VSX table entry 20 | uri: 21 | url: "https://{{ ansible_host }}/rest/v1/system/vsx" 22 | method: POST 23 | body_format: json 24 | headers: 25 | cookie: "{{ cx_session.set_cookie }}" 26 | body: { 27 | "device_role": "{{ role }}", 28 | "isl_port": "/rest/v1/system/ports/lag{{ isl_lag_id }}", 29 | "keepalive_peer_ip": "{{ keepalive_peer_ip }}", 30 | "keepalive_src_ip": "{{ keepalive_src_ip }}", 31 | "system_mac": "{{ system_mac }}" 32 | } 33 | validate_certs: no 34 | status_code: 201 35 | register: response 36 | changed_when: response.status == 201 37 | 38 | rescue: 39 | - debug: 40 | msg: "{{ response.msg }}" 41 | 42 | always: 43 | # Logout from AOS-CX Switch 44 | - name: Logout from AOS-CX Switch 45 | uri: 46 | url: 'https://{{ ansible_host }}/rest/v1/logout' 47 | method: POST 48 | body_format: json 49 | headers: 50 | cookie: "{{ cx_session.set_cookie }}" 51 | validate_certs: no 52 | status_code: 200 53 | -------------------------------------------------------------------------------- /configs/sample_configs/arch2/Zone1-Rack1-Access1-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack1-Access1 5 | user admin group administrators password ciphertext AQBapZ4yCW+QbkkvhYYoSS0WaqDVKw88SZxmgXHIxwMipV9EYgAAAMAuiAnGsQwvlI3bNifJth6elIQWykn7bGlAq+byxaItlAZQiZom10jqCFTailvy80jwvoNQdgLf6Ie6XIqed9Jzxk3X14GujvBxfL4XFHit14RQIALWT12Cj1o9TE55wRck 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | vlan 11 17 | name VLAN 11 18 | spanning-tree 19 | spanning-tree config-name Zone1 20 | spanning-tree config-revision 1 21 | spanning-tree instance 1 vlan 11 22 | interface mgmt 23 | no shutdown 24 | ip static 10.10.10.56/24 25 | default-gateway 10.10.10.254 26 | system interface-group 1 speed 10g 27 | !interface group 1 contains ports 1/1/1-1/1/12 28 | system interface-group 3 speed 10g 29 | !interface group 3 contains ports 1/1/25-1/1/36 30 | interface lag 1 31 | no shutdown 32 | description VSX ISL 33 | no routing 34 | vlan trunk native 1 tag 35 | vlan trunk allowed all 36 | lacp mode active 37 | interface lag 11 multi-chassis 38 | no shutdown 39 | description Zone1-Cores 40 | no routing 41 | vlan trunk native 1 tag 42 | vlan trunk allowed 11 43 | lacp mode active 44 | interface 1/1/31 45 | no shutdown 46 | description VSX KA 47 | ip address 192.168.1.110/31 48 | interface 1/1/32 49 | no shutdown 50 | mtu 9198 51 | description VSX ISL 52 | lag 1 53 | interface 1/1/49 54 | no shutdown 55 | mtu 9198 56 | description Zone1-Cores 57 | lag 11 58 | interface 1/1/50 59 | no shutdown 60 | mtu 9198 61 | description Zone1-Cores 62 | lag 11 63 | vsx 64 | system-mac 00:00:00:00:01:11 65 | inter-switch-link lag 1 66 | role primary 67 | keepalive peer 192.168.1.111 source 192.168.1.110 68 | https-server rest access-mode read-write 69 | https-server vrf mgmt 70 | -------------------------------------------------------------------------------- /templates/eBGP/spine.j2: -------------------------------------------------------------------------------- 1 | hostname {{hostname}} 2 | ! 3 | ! 4 | ! 5 | ssh server vrf mgmt 6 | ! 7 | ! 8 | ! 9 | ! 10 | ! 11 | vlan 1 12 | {% for vsx_pair, vsx_pair_data in vsx_pair_downlinks.items() %} 13 | {% for interface_data in vsx_pair_data %} 14 | interface {{interface_data.vsx_pair_downlink_int}} 15 | no shutdown 16 | description {{vsx_pair}}-Downlink 17 | ip address {{interface_data.vsx_pair_downlink_ip}}/31 18 | {% if mtu is defined %} 19 | ip mtu {{mtu}} 20 | mtu {{mtu}} 21 | {% endif %} 22 | {% endfor %} 23 | {% endfor %} 24 | interface loopback 0 25 | ip address {{loopback0_ip}}/32 26 | router bgp {{asn}} 27 | bgp router-id {{loopback0_ip}} 28 | bgp fast-external-fallover 29 | bgp bestpath as-path multipath-relax 30 | {% for vsx_pair in vsx_pairs %} 31 | {% for loopback in vsx_pair.loopback_ips %} 32 | neighbor {{loopback}} remote-as {{vsx_pair.vsx_pair_asn}} 33 | neighbor {{loopback}} ebgp-multihop 3 34 | {% endfor %} 35 | {% endfor %} 36 | {% for vsx_pair, vsx_pair_data in vsx_pair_downlinks.items() %} 37 | {% for interface_data in vsx_pair_data %} 38 | neighbor {{interface_data.vsx_pair_uplink_ip}} remote-as {{interface_data.vsx_pair_asn}} 39 | {% endfor %} 40 | {% endfor %} 41 | address-family ipv4 unicast 42 | {% for vsx_pair, vsx_pair_data in vsx_pair_downlinks.items() %} 43 | {% for interface_data in vsx_pair_data %} 44 | neighbor {{interface_data.vsx_pair_uplink_ip}} activate 45 | {% endfor %} 46 | {% endfor %} 47 | redistribute connected 48 | network {{loopback0_ip}}/32 49 | exit-address-family 50 | address-family l2vpn evpn 51 | {% for vsx_pair in vsx_pairs %} 52 | {% for loopback in vsx_pair.loopback_ips %} 53 | neighbor {{loopback}} activate 54 | neighbor {{loopback}} next-hop-unchanged 55 | neighbor {{loopback}} send-community extended 56 | {% endfor %} 57 | {% endfor %} 58 | exit-address-family 59 | ! 60 | https-server rest access-mode read-write 61 | https-server vrf mgmt 62 | -------------------------------------------------------------------------------- /configs/sample_configs/arch2/Zone1-Rack3-Access3-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack3-Access3 5 | user admin group administrators password ciphertext AQBapd0lfpkb1JQ/PeM7VAdLaPTFpCWvep8Ky+FcXCXZQjzuYgAAABM81mz9TPm9mRgJCcs5jU94yotLIjlGFmqRd7CPrUe2I/hhn9STUUgq5O+A0aM94fIRyUcLkDyRzgAKnzk1HmDNlT1yWnxptSrdw2lh0C9wBxf/UpiQFZe+RU1NxIoXC18J 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | vlan 11 17 | name VLAN 11 18 | spanning-tree 19 | spanning-tree config-name Zone1 20 | spanning-tree config-revision 1 21 | spanning-tree instance 1 vlan 11 22 | interface mgmt 23 | no shutdown 24 | ip static 10.10.10.60/24 25 | default-gateway 10.10.10.254 26 | system interface-group 1 speed 10g 27 | !interface group 1 contains ports 1/1/1-1/1/12 28 | system interface-group 3 speed 10g 29 | !interface group 3 contains ports 1/1/25-1/1/36 30 | system interface-group 4 speed 10g 31 | !interface group 4 contains ports 1/1/37-1/1/48 32 | interface lag 1 33 | no shutdown 34 | description VSX ISL 35 | no routing 36 | vlan trunk native 1 tag 37 | vlan trunk allowed all 38 | lacp mode active 39 | interface lag 12 multi-chassis 40 | no shutdown 41 | description Zone1-Cores 42 | no routing 43 | vlan trunk native 1 tag 44 | vlan trunk allowed 11 45 | lacp mode active 46 | interface 1/1/31 47 | no shutdown 48 | description VSX KA 49 | ip address 192.168.1.112/31 50 | interface 1/1/32 51 | no shutdown 52 | mtu 9198 53 | description VSX ISL 54 | lag 1 55 | interface 1/1/49 56 | no shutdown 57 | mtu 9198 58 | description Zone1-Cores 59 | lag 12 60 | interface 1/1/50 61 | no shutdown 62 | mtu 9198 63 | description Zone1-Cores 64 | lag 12 65 | vsx 66 | system-mac 00:00:00:00:03:13 67 | inter-switch-link lag 1 68 | role primary 69 | keepalive peer 192.168.1.113 source 192.168.1.112 70 | https-server rest access-mode read-write 71 | https-server vrf mgmt 72 | -------------------------------------------------------------------------------- /configs/sample_configs/arch2/Zone1-Rack1-Access2-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack1-Access2 5 | user admin group administrators password ciphertext AQBapd3Qg7OPKcjRayIQyuxOPabPIbT8bvU05pOk8sc+vAXyYgAAAGtM+A5APROROs6l56dpUdXic8SskYkcBHqp0rxFPtTqgmXoEzI21Mk5T3CR023fONvCpIZGpS4WUmReFVaiMR2XKnitYUhfkJLCK19Kl9uBL85jHFsthncP+X7/1q0bs/RG 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | vlan 11 17 | name VLAN 11 18 | spanning-tree 19 | spanning-tree config-name Zone1 20 | spanning-tree config-revision 1 21 | spanning-tree instance 1 vlan 11 22 | interface mgmt 23 | no shutdown 24 | ip static 10.10.10.57/24 25 | default-gateway 10.10.10.254 26 | system interface-group 1 speed 10g 27 | !interface group 1 contains ports 1/1/1-1/1/12 28 | system interface-group 3 speed 10g 29 | !interface group 3 contains ports 1/1/25-1/1/36 30 | system interface-group 4 speed 10g 31 | !interface group 4 contains ports 1/1/37-1/1/48 32 | interface lag 1 33 | no shutdown 34 | description VSX ISL 35 | no routing 36 | vlan trunk native 1 tag 37 | vlan trunk allowed all 38 | lacp mode active 39 | interface lag 11 multi-chassis 40 | no shutdown 41 | description Zone1-Cores 42 | no routing 43 | vlan trunk native 1 tag 44 | vlan trunk allowed 11 45 | lacp mode active 46 | interface 1/1/31 47 | no shutdown 48 | description VSX KA 49 | ip address 192.168.1.111/31 50 | interface 1/1/32 51 | no shutdown 52 | mtu 9198 53 | description VSX ISL 54 | lag 1 55 | interface 1/1/49 56 | no shutdown 57 | mtu 9198 58 | description Zone1-Cores 59 | lag 11 60 | interface 1/1/50 61 | no shutdown 62 | mtu 9198 63 | description Zone1-Cores 64 | lag 11 65 | vsx 66 | system-mac 00:00:00:00:01:11 67 | inter-switch-link lag 1 68 | role secondary 69 | keepalive peer 192.168.1.110 source 192.168.1.111 70 | https-server rest access-mode read-write 71 | https-server vrf mgmt 72 | -------------------------------------------------------------------------------- /configs/sample_configs/arch2/Zone1-Rack3-Access4-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack3-Access4 5 | user admin group administrators password ciphertext AQBapaHRO1zdYAmv8jyi6BEy2EdGo7mXog4SaUdBnB6VBVmrYgAAAMswpUXLpjUGA0QadW9dCf7EgZkDyT6oT740N0z8ey2PTAAz8DT02vzpz1sAo27jMoqJ3YCXA0bW05qG+CWqweUfanbUEccqyrEu8SpcQjUoYdHYFZFHFtniXxA7d9wFijPV 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | vlan 11 17 | name VLAN 11 18 | spanning-tree 19 | spanning-tree config-name Zone1 20 | spanning-tree config-revision 1 21 | spanning-tree instance 1 vlan 11 22 | interface mgmt 23 | no shutdown 24 | ip static 10.10.10.61/24 25 | default-gateway 10.10.10.254 26 | system interface-group 1 speed 10g 27 | !interface group 1 contains ports 1/1/1-1/1/12 28 | system interface-group 3 speed 10g 29 | !interface group 3 contains ports 1/1/25-1/1/36 30 | system interface-group 4 speed 10g 31 | !interface group 4 contains ports 1/1/37-1/1/48 32 | interface lag 1 33 | no shutdown 34 | description VSX ISL 35 | no routing 36 | vlan trunk native 1 tag 37 | vlan trunk allowed all 38 | lacp mode active 39 | interface lag 12 multi-chassis 40 | no shutdown 41 | description Zone1-Cores 42 | no routing 43 | vlan trunk native 1 tag 44 | vlan trunk allowed 11 45 | lacp mode active 46 | interface 1/1/31 47 | no shutdown 48 | description VSX KA 49 | ip address 192.168.1.113/31 50 | interface 1/1/32 51 | no shutdown 52 | mtu 9198 53 | description VSX ISL 54 | lag 1 55 | interface 1/1/49 56 | no shutdown 57 | mtu 9198 58 | description Zone1-Cores 59 | lag 12 60 | interface 1/1/50 61 | no shutdown 62 | mtu 9198 63 | description Zone1-Cores 64 | lag 12 65 | vsx 66 | system-mac 00:00:00:00:03:13 67 | inter-switch-link lag 1 68 | role secondary 69 | keepalive peer 192.168.1.112 source 192.168.1.113 70 | https-server rest access-mode read-write 71 | https-server vrf mgmt 72 | -------------------------------------------------------------------------------- /tasks/aoscx/evpn.yml: -------------------------------------------------------------------------------- 1 | # This task list is used to create an EVPN instance 2 | - block: 3 | # Login to AOS-CX Switch 4 | - name: Login to AOS-CX Switch 5 | uri: 6 | url: "https://{{ansible_host}}/rest/v1/login" 7 | method: POST 8 | return_content: yes 9 | headers: 10 | Content-Type: "application/x-www-form-urlencoded" 11 | Accept: application/json 12 | body: "username={{ansible_user}}&password={{ansible_password}}" 13 | validate_certs: no 14 | status_code: 200 15 | follow_redirects: yes 16 | register: cx_session 17 | 18 | - name: Create EVPN Instance 19 | uri: 20 | url: "https://{{ansible_host}}/rest/v1/system/evpns" 21 | method: POST 22 | body_format: json 23 | headers: 24 | cookie: "{{ cx_session.set_cookie }}" 25 | body: { 26 | } 27 | validate_certs: no 28 | status_code: 201 29 | register: response 30 | changed_when: response.status == 201 31 | 32 | - name: Add EVPN VLAN and Route Targets 33 | uri: 34 | url: "https://{{ansible_host}}/rest/v1/system/evpns/evpn_vlans" 35 | method: POST 36 | body_format: json 37 | headers: 38 | cookie: "{{ cx_session.set_cookie }}" 39 | body: {"export_route_targets": "{{export_route}}", 40 | "import_route_targets": "{{import_route}}", 41 | "rd": "{{rd}}", 42 | "vlan": "/rest/v1/system/vlans/{{vlan_id}}" 43 | } 44 | validate_certs: no 45 | status_code: 201 46 | register: response 47 | changed_when: response.status == 201 48 | rescue: 49 | - debug: 50 | msg: "{{response.msg}}" 51 | 52 | always: 53 | # Logout from AOS-CX Switch 54 | - name: Logout from AOS-CX Switch 55 | uri: 56 | url: 'https://{{ansible_host}}/rest/v1/logout' 57 | method: POST 58 | body_format: json 59 | headers: 60 | cookie: "{{ cx_session.set_cookie }}" 61 | validate_certs: no 62 | status_code: 200 63 | -------------------------------------------------------------------------------- /tasks/aoscx/add_lag_members.yml: -------------------------------------------------------------------------------- 1 | # This task list is used to add ports as members of a LAG interface 2 | 3 | # Get the physical port's Interface table entry 4 | - name: Get the physical port's Interface table entry 5 | uri: 6 | url: "https://{{ ansible_host }}/rest/v1/system/interfaces/{{ port | replace_special_characters }}?selector=configuration" 7 | method: GET 8 | body_format: json 9 | headers: 10 | cookie: "{{ cx_session.set_cookie }}" 11 | validate_certs: no 12 | status_code: 200 13 | register: response 14 | changed_when: response.status == 200 15 | 16 | # Convert response JSON to dict 17 | - name: Convert response JSON to dict 18 | set_fact: 19 | interface_dict: "{{ response.json | to_json | json_to_dict }}" 20 | no_log: False 21 | 22 | # Set admin state to 'up' in JSON 23 | - name: Set admin state to 'up' in JSON 24 | set_fact: 25 | interface_dict: "{{ interface_dict | add_admin_state_interface(True) }}" 26 | no_log: False 27 | 28 | # Add LACP aggregation key to JSON 29 | - name: Add LACP aggregation key to JSON 30 | set_fact: 31 | interface_dict: "{{ interface_dict | add_lacp_key_interface(lag_id) }}" 32 | no_log: False 33 | 34 | # If defined, add description to JSON 35 | - name: Add description to JSON 36 | block: 37 | - name: Add description to JSON 38 | set_fact: 39 | interface_dict: "{{ interface_dict | combine({'description': lag_description}) }}" 40 | when: lag_description is defined 41 | 42 | # If defined, add MTU to JSON 43 | - name: Add MTU to JSON 44 | set_fact: 45 | interface_dict: "{{ interface_dict | add_mtu_interface(mtu)}}" 46 | when: mtu is defined 47 | 48 | # PUT the updated JSON for the Interface table entry 49 | - name: PUT the updated JSON for the Interface table entry 50 | uri: 51 | url: "https://{{ ansible_host }}/rest/v1/system/interfaces/{{ port | replace_special_characters }}" 52 | method: PUT 53 | body_format: json 54 | headers: 55 | cookie: "{{ cx_session.set_cookie }}" 56 | body: "{{ interface_dict }}" 57 | validate_certs: no 58 | status_code: 200 59 | register: response 60 | changed_when: response.status == 200 61 | 62 | # Delete Port table entry for the physical port 63 | - name: Delete Port table entry for the physical port 64 | uri: 65 | url: "https://{{ ansible_host }}/rest/v1/system/ports/{{ port | replace_special_characters }}" 66 | method: DELETE 67 | body_format: json 68 | headers: 69 | cookie: "{{ cx_session.set_cookie }}" 70 | validate_certs: no 71 | status_code: 204 72 | register: response 73 | changed_when: response.status == 204 -------------------------------------------------------------------------------- /configs/sample_configs/arch3_iBGP/Zone1-Spine1-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0040 3 | !export-password: default 4 | hostname Zone1-Spine1 5 | user admin group administrators password ciphertext AQBapeeuZ6Nw+Phok7vJbD6r75PivsY6o/r0QfxdpH1h3fQYYgAAACrisdLluFaTV+Fj1JfL0WsZPS8LBYsoE/N6qohz8bziNZQvKts2XD+d+Hgx+qrd64f4Htq7A/1mAvqetP90ljtfIOX27j/ZvVwqV6ewUQyQ7V7rFCe8BIXyVCXZD5QhqRdg 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.11 17 | area 0.0.0.0 18 | vlan 1 19 | interface mgmt 20 | no shutdown 21 | ip static 10.10.10.54/24 22 | default-gateway 10.10.10.254 23 | interface 1/1/23 24 | no shutdown 25 | mtu 9198 26 | description rack3-Downlink 27 | ip mtu 9198 28 | ip address 192.168.2.13/31 29 | ip ospf 1 area 0.0.0.0 30 | ip ospf network point-to-point 31 | interface 1/1/24 32 | no shutdown 33 | mtu 9198 34 | description rack3-Downlink 35 | ip mtu 9198 36 | ip address 192.168.2.9/31 37 | ip ospf 1 area 0.0.0.0 38 | ip ospf network point-to-point 39 | interface 1/1/27 40 | no shutdown 41 | mtu 9198 42 | description rack1-Downlink 43 | ip mtu 9198 44 | ip address 192.168.2.1/31 45 | ip ospf 1 area 0.0.0.0 46 | ip ospf network point-to-point 47 | interface 1/1/28 48 | no shutdown 49 | mtu 9198 50 | description rack1-Downlink 51 | ip mtu 9198 52 | ip address 192.168.2.5/31 53 | ip ospf 1 area 0.0.0.0 54 | ip ospf network point-to-point 55 | interface loopback 0 56 | ip address 192.168.1.11/32 57 | ip ospf 1 area 0.0.0.0 58 | router bgp 65101 59 | bgp router-id 192.168.1.11 60 | neighbor 192.168.1.1 remote-as 65101 61 | neighbor 192.168.1.1 update-source loopback 0 62 | neighbor 192.168.1.2 remote-as 65101 63 | neighbor 192.168.1.2 update-source loopback 0 64 | neighbor 192.168.1.5 remote-as 65101 65 | neighbor 192.168.1.5 update-source loopback 0 66 | neighbor 192.168.1.6 remote-as 65101 67 | neighbor 192.168.1.6 update-source loopback 0 68 | address-family l2vpn evpn 69 | neighbor 192.168.1.1 activate 70 | neighbor 192.168.1.1 route-reflector-client 71 | neighbor 192.168.1.1 send-community extended 72 | neighbor 192.168.1.2 activate 73 | neighbor 192.168.1.2 route-reflector-client 74 | neighbor 192.168.1.2 send-community extended 75 | neighbor 192.168.1.5 activate 76 | neighbor 192.168.1.5 route-reflector-client 77 | neighbor 192.168.1.5 send-community extended 78 | neighbor 192.168.1.6 activate 79 | neighbor 192.168.1.6 route-reflector-client 80 | neighbor 192.168.1.6 send-community extended 81 | exit-address-family 82 | ! 83 | https-server rest access-mode read-write 84 | https-server vrf mgmt 85 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_iBGP/Zone1-Spine2-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0040 3 | !export-password: default 4 | hostname Zone1-Spine2 5 | user admin group administrators password ciphertext AQBapW41EEHA+zskBXcBrm9Rr+euZNH+d4Q5BiGgeNrIvw1gYgAAANRxoQcfTTV7tma79JXNUOqrhv2y0xM21jrQxXeufK4O4aCwIfhuPJA7SPvno9iqnFJ9ehwrWSd5HdcyT1eb80glx6No9vqdDGKvOUfi6IOlDg6rcdaJcQWJ+tO7bZYVz5uz 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.12 17 | area 0.0.0.0 18 | vlan 1 19 | interface mgmt 20 | no shutdown 21 | ip static 10.10.10.55/24 22 | default-gateway 10.10.10.254 23 | interface 1/1/23 24 | no shutdown 25 | mtu 9198 26 | description rack3-Downlink 27 | ip mtu 9198 28 | ip address 192.168.2.15/31 29 | ip ospf 1 area 0.0.0.0 30 | ip ospf network point-to-point 31 | interface 1/1/24 32 | no shutdown 33 | mtu 9198 34 | description rack3-Downlink 35 | ip mtu 9198 36 | ip address 192.168.2.11/31 37 | ip ospf 1 area 0.0.0.0 38 | ip ospf network point-to-point 39 | interface 1/1/27 40 | no shutdown 41 | mtu 9198 42 | description rack1-Downlink 43 | ip mtu 9198 44 | ip address 192.168.2.3/31 45 | ip ospf 1 area 0.0.0.0 46 | ip ospf network point-to-point 47 | interface 1/1/28 48 | no shutdown 49 | mtu 9198 50 | description rack1-Downlink 51 | ip mtu 9198 52 | ip address 192.168.2.7/31 53 | ip ospf 1 area 0.0.0.0 54 | ip ospf network point-to-point 55 | interface loopback 0 56 | ip address 192.168.1.12/32 57 | ip ospf 1 area 0.0.0.0 58 | router bgp 65101 59 | bgp router-id 192.168.1.12 60 | neighbor 192.168.1.1 remote-as 65101 61 | neighbor 192.168.1.1 update-source loopback 0 62 | neighbor 192.168.1.2 remote-as 65101 63 | neighbor 192.168.1.2 update-source loopback 0 64 | neighbor 192.168.1.5 remote-as 65101 65 | neighbor 192.168.1.5 update-source loopback 0 66 | neighbor 192.168.1.6 remote-as 65101 67 | neighbor 192.168.1.6 update-source loopback 0 68 | address-family l2vpn evpn 69 | neighbor 192.168.1.1 activate 70 | neighbor 192.168.1.1 route-reflector-client 71 | neighbor 192.168.1.1 send-community extended 72 | neighbor 192.168.1.2 activate 73 | neighbor 192.168.1.2 route-reflector-client 74 | neighbor 192.168.1.2 send-community extended 75 | neighbor 192.168.1.5 activate 76 | neighbor 192.168.1.5 route-reflector-client 77 | neighbor 192.168.1.5 send-community extended 78 | neighbor 192.168.1.6 activate 79 | neighbor 192.168.1.6 route-reflector-client 80 | neighbor 192.168.1.6 send-community extended 81 | exit-address-family 82 | ! 83 | https-server rest access-mode read-write 84 | https-server vrf mgmt 85 | -------------------------------------------------------------------------------- /tasks/aoscx/vxlan.yml: -------------------------------------------------------------------------------- 1 | # This task list is used to configure VXLAN 2 | - block: 3 | # Login to AOS-CX Switch 4 | - name: Login to AOS-CX Switch 5 | uri: 6 | url: "https://{{ansible_host}}/rest/v1/login" 7 | method: POST 8 | return_content: yes 9 | headers: 10 | Content-Type: "application/x-www-form-urlencoded" 11 | Accept: application/json 12 | body: "username={{ansible_user}}&password={{ansible_password}}" 13 | validate_certs: no 14 | status_code: 200 15 | follow_redirects: yes 16 | register: cx_session 17 | 18 | - name: Create VXLAN Port table entry 19 | uri: 20 | url: "https://{{ansible_host}}/rest/v1/system/ports" 21 | method: POST 22 | body_format: json 23 | headers: 24 | cookie: "{{ cx_session.set_cookie }}" 25 | body: { "admin": "up", 26 | "interfaces": [], 27 | "name": "{{vxlan}}", 28 | "routing": False 29 | } 30 | validate_certs: no 31 | status_code: 201 32 | register: response 33 | changed_when: response.status == 201 34 | 35 | - name: Create VXLAN Interface table entry 36 | uri: 37 | url: "https://{{ansible_host}}/rest/v1/system/interfaces" 38 | method: POST 39 | body_format: json 40 | headers: 41 | cookie: "{{ cx_session.set_cookie }}" 42 | body: {"name": "{{vxlan}}", 43 | "options": {"local_ip": "{{source_ip}}", "vxlan_dest_udp_port": "4789"}, 44 | "referenced_by": "/rest/v1/system/ports/{{vxlan}}", 45 | "type": "vxlan", 46 | "user_config":{"admin": "up"} 47 | } 48 | validate_certs: no 49 | status_code: 201 50 | register: response 51 | changed_when: response.status == 201 52 | 53 | - name: Create VXLAN VNI Mapping 54 | uri: 55 | url: "https://{{ansible_host}}/rest/v1/system/virtual_network_ids" 56 | method: POST 57 | body_format: json 58 | headers: 59 | cookie: "{{ cx_session.set_cookie }}" 60 | body: {"id": "{{vlan_id}}", 61 | "interface": "/rest/v1/system/interfaces/{{vxlan}}", 62 | "type": "vxlan_vni", 63 | "vlan": "/rest/v1/system/vlans/{{vlan_id}}" 64 | } 65 | validate_certs: no 66 | status_code: 201 67 | register: response 68 | changed_when: response.status == 201 69 | 70 | rescue: 71 | - debug: 72 | msg: "{{response.msg}}" 73 | 74 | always: 75 | # Logout from AOS-CX Switch 76 | - name: Logout from AOS-CX Switch 77 | uri: 78 | url: 'https://{{ansible_host}}/rest/v1/logout' 79 | method: POST 80 | body_format: json 81 | headers: 82 | cookie: "{{ cx_session.set_cookie }}" 83 | validate_certs: no 84 | status_code: 200 85 | -------------------------------------------------------------------------------- /templates/iBGP/leaf.j2: -------------------------------------------------------------------------------- 1 | hostname {{hostname}} 2 | ! 3 | ! 4 | ! 5 | ssh server vrf mgmt 6 | ! 7 | ! 8 | ! 9 | ! 10 | ! 11 | router ospf 1 12 | router-id {{loopback0_ip}} 13 | area {{ospf_area}} 14 | vlan 1 15 | {% for vlan in server_vlans %} 16 | vlan {{vlan}} 17 | name VLAN {{vlan}} 18 | description Server VLAN 19 | {% endfor %} 20 | {% for vlan in server_vlans %} 21 | interface vxlan 1 22 | source ip {{loopback1_ip}} 23 | no shutdown 24 | vni {{vlan}} 25 | vlan {{vlan}} 26 | {% endfor %} 27 | {% for vlan in server_vlans %} 28 | evpn 29 | vlan {{vlan}} 30 | rd auto 31 | route-target export auto 32 | route-target import auto 33 | {% endfor %} 34 | interface {{vsx_keepalive_int}} 35 | no shutdown 36 | description VSX KA 37 | {% if vsx_role == 'primary' %} 38 | ip address {{vsx_keepalive_ip_primary}}/31 39 | {% else %} 40 | ip address {{vsx_keepalive_ip_secondary}}/31 41 | {% endif %} 42 | interface lag {{vsx_isl_lagid}} 43 | no shutdown 44 | description VSX ISL LAG 45 | no routing 46 | vlan trunk native 1 tag 47 | vlan trunk allowed all 48 | lacp mode active 49 | {% for interface in vsx_isl_ports %} 50 | interface {{interface}} 51 | no shutdown 52 | description VSX ISL 53 | {% if mtu is defined %} 54 | mtu {{mtu}} 55 | {% endif %} 56 | lag {{vsx_isl_lagid}} 57 | {% endfor %} 58 | {% for int_data in vsx_pair_L3fabric_ips %} 59 | interface {{int_data.interface}} 60 | no shutdown 61 | {% if mtu is defined %} 62 | ip mtu {{mtu}} 63 | mtu {{mtu}} 64 | {% endif %} 65 | description Spine-Uplink 66 | ip address {{int_data.ipv4}}/31 67 | ip ospf 1 area {{ospf_area}} 68 | ip ospf network point-to-point 69 | {% endfor %} 70 | interface loopback 0 71 | ip address {{loopback0_ip}}/32 72 | ip ospf 1 area {{ospf_area}} 73 | interface loopback 1 74 | ip address {{loopback1_ip}}/32 75 | ip ospf 1 area {{ospf_area}} 76 | vsx 77 | inter-switch-link lag {{vsx_isl_lagid}} 78 | role {{vsx_role}} 79 | {% if vsx_role == 'primary' %} 80 | keepalive peer {{vsx_keepalive_ip_secondary}} source {{vsx_keepalive_ip_primary}} 81 | {% else %} 82 | keepalive peer {{vsx_keepalive_ip_primary}} source {{vsx_keepalive_ip_secondary}} 83 | {% endif %} 84 | no split-recovery 85 | router bgp {{asn}} 86 | bgp router-id {{loopback0_ip}} 87 | {% for loopback0_ip in spine_loopback0_ips %} 88 | neighbor {{loopback0_ip}} remote-as {{asn}} 89 | neighbor {{loopback0_ip}} update-source loopback 0 90 | {% endfor %} 91 | address-family l2vpn evpn 92 | {% for loopback0_ip in spine_loopback0_ips %} 93 | neighbor {{loopback0_ip}} activate 94 | neighbor {{loopback0_ip}} send-community extended 95 | {% endfor %} 96 | exit-address-family 97 | ! 98 | https-server rest access-mode read-write 99 | https-server vrf mgmt 100 | -------------------------------------------------------------------------------- /tasks/aoscx/create_lag.yml: -------------------------------------------------------------------------------- 1 | # This task list is used to create a lag interface 2 | - block: 3 | # Login to AOS-CX Switch 4 | - name: Login to AOS-CX Switch 5 | uri: 6 | url: "https://{{ ansible_host }}/rest/v1/login" 7 | method: POST 8 | return_content: yes 9 | headers: 10 | Content-Type: "application/x-www-form-urlencoded" 11 | Accept: application/json 12 | body: "username={{ ansible_user }}&password={{ ansible_password }}" 13 | validate_certs: no 14 | status_code: 200 15 | follow_redirects: yes 16 | register: cx_session 17 | 18 | # Add ports as LAG members 19 | - name: Add ports as LAG members 20 | include: add_lag_members.yml port={{ loop_ports }} lag_id={{lag_id}} 21 | loop: "{{ ports }}" 22 | loop_control: 23 | loop_var: loop_ports 24 | 25 | # Set up body for the subsequent POST call 26 | - name: Set up body for POST call 27 | set_fact: 28 | post_body: {"admin": "up", 29 | "interfaces": "{{ ports | map_ports_to_uris }}", 30 | "name": "lag{{ lag_id }}", 31 | "description": "{{ lag_description }}", 32 | "routing": False, 33 | "lacp": "active", 34 | "vlan_mode": "native-tagged", 35 | "vlan_tag": "/rest/v1/system/vlans/1" 36 | } 37 | 38 | # If defined, add trunk_vlans to JSON 39 | - name: Add trunked VLANs to JSON 40 | block: 41 | - set_fact: 42 | vlan_trunks_dict: "{{ lag_trunk_vlans | map_vlans_to_uris }}" 43 | 44 | - name: Add trunked VLANs to JSON 45 | set_fact: 46 | post_body: "{{ post_body | combine({'vlan_trunks': vlan_trunks_dict}) }}" 47 | when: lag_trunk_vlans is defined 48 | 49 | # If mclag field is True, add boolean to the JSON to make it an MCLAG 50 | - name: Set MCLAG field as True in JSON 51 | set_fact: 52 | post_body: "{{ post_body | combine({'other_config': {'mclag_enabled': True}}) }}" 53 | when: mclag|default(False) == True 54 | 55 | # Create Port table entry for LAG 56 | - name: Create Port table entry for LAG {{ lag_id | mandatory }} 57 | uri: 58 | url: "https://{{ ansible_host }}/rest/v1/system/ports" 59 | method: POST 60 | body_format: json 61 | headers: 62 | cookie: "{{ cx_session.set_cookie }}" 63 | body: "{{ post_body }}" 64 | validate_certs: no 65 | status_code: 201 66 | register: response 67 | changed_when: response.status == 201 68 | 69 | always: 70 | # Logout from AOS-CX Switch 71 | - name: Logout from AOS-CX Switch 72 | uri: 73 | url: 'https://{{ ansible_host }}/rest/v1/logout' 74 | method: POST 75 | body_format: json 76 | headers: 77 | cookie: "{{ cx_session.set_cookie }}" 78 | validate_certs: no 79 | status_code: 200 -------------------------------------------------------------------------------- /configs/sample_configs/arch3_iBGP/Zone1-Rack1-Leaf1a-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack1-Leaf1a 5 | user admin group administrators password ciphertext AQBapZ4yCW+QbkkvhYYoSS0WaqDVKw88SZxmgXHIxwMipV9EYgAAAMAuiAnGsQwvlI3bNifJth6elIQWykn7bGlAq+byxaItlAZQiZom10jqCFTailvy80jwvoNQdgLf6Ie6XIqed9Jzxk3X14GujvBxfL4XFHit14RQIALWT12Cj1o9TE55wRck 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.1 17 | area 0.0.0.0 18 | vlan 1 19 | vlan 11 20 | name VLAN 11 21 | description Server VLAN 22 | evpn 23 | vlan 11 24 | rd auto 25 | route-target export auto 26 | route-target import auto 27 | interface mgmt 28 | no shutdown 29 | ip static 10.10.10.56/24 30 | default-gateway 10.10.10.254 31 | system interface-group 1 speed 10g 32 | !interface group 1 contains ports 1/1/1-1/1/12 33 | system interface-group 3 speed 10g 34 | !interface group 3 contains ports 1/1/25-1/1/36 35 | interface lag 1 36 | no shutdown 37 | description VSX ISL LAG 38 | no routing 39 | vlan trunk native 1 tag 40 | vlan trunk allowed all 41 | lacp mode active 42 | interface 1/1/1 43 | no shutdown 44 | no routing 45 | vlan access 11 46 | interface 1/1/31 47 | no shutdown 48 | description VSX KA 49 | ip address 192.168.1.110/31 50 | interface 1/1/32 51 | no shutdown 52 | mtu 9198 53 | description VSX ISL 54 | lag 1 55 | interface 1/1/49 56 | no shutdown 57 | mtu 9198 58 | description Spine-Uplink 59 | ip mtu 9198 60 | ip address 192.168.2.0/31 61 | ip ospf 1 area 0.0.0.0 62 | ip ospf network point-to-point 63 | interface 1/1/50 64 | no shutdown 65 | mtu 9198 66 | description Spine-Uplink 67 | ip mtu 9198 68 | ip address 192.168.2.2/31 69 | ip ospf 1 area 0.0.0.0 70 | ip ospf network point-to-point 71 | interface loopback 0 72 | ip address 192.168.1.1/32 73 | ip ospf 1 area 0.0.0.0 74 | interface loopback 1 75 | ip address 192.168.100.1/32 76 | ip ospf 1 area 0.0.0.0 77 | interface vxlan 1 78 | source ip 192.168.100.1 79 | no shutdown 80 | vni 11 81 | vlan 11 82 | vsx 83 | inter-switch-link lag 1 84 | role primary 85 | keepalive peer 192.168.1.111 source 192.168.1.110 86 | no split-recovery 87 | router bgp 65101 88 | bgp router-id 192.168.1.1 89 | neighbor 192.168.1.11 remote-as 65101 90 | neighbor 192.168.1.11 update-source loopback 0 91 | neighbor 192.168.1.12 remote-as 65101 92 | neighbor 192.168.1.12 update-source loopback 0 93 | address-family l2vpn evpn 94 | neighbor 192.168.1.11 activate 95 | neighbor 192.168.1.11 send-community extended 96 | neighbor 192.168.1.12 activate 97 | neighbor 192.168.1.12 send-community extended 98 | exit-address-family 99 | ! 100 | https-server rest access-mode read-write 101 | https-server vrf mgmt 102 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_iBGP/Zone1-Rack1-Leaf1b-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack1-Leaf1b 5 | user admin group administrators password ciphertext AQBapd3Qg7OPKcjRayIQyuxOPabPIbT8bvU05pOk8sc+vAXyYgAAAGtM+A5APROROs6l56dpUdXic8SskYkcBHqp0rxFPtTqgmXoEzI21Mk5T3CR023fONvCpIZGpS4WUmReFVaiMR2XKnitYUhfkJLCK19Kl9uBL85jHFsthncP+X7/1q0bs/RG 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.2 17 | area 0.0.0.0 18 | vlan 1 19 | vlan 11 20 | name VLAN 11 21 | description Server VLAN 22 | evpn 23 | vlan 11 24 | rd auto 25 | route-target export auto 26 | route-target import auto 27 | interface mgmt 28 | no shutdown 29 | ip static 10.10.10.57/24 30 | default-gateway 10.10.10.254 31 | system interface-group 1 speed 10g 32 | !interface group 1 contains ports 1/1/1-1/1/12 33 | system interface-group 3 speed 10g 34 | !interface group 3 contains ports 1/1/25-1/1/36 35 | system interface-group 4 speed 10g 36 | !interface group 4 contains ports 1/1/37-1/1/48 37 | interface lag 1 38 | no shutdown 39 | description VSX ISL LAG 40 | no routing 41 | vlan trunk native 1 tag 42 | vlan trunk allowed all 43 | lacp mode active 44 | interface 1/1/31 45 | no shutdown 46 | description VSX KA 47 | ip address 192.168.1.111/31 48 | interface 1/1/32 49 | no shutdown 50 | mtu 9198 51 | description VSX ISL 52 | lag 1 53 | interface 1/1/49 54 | no shutdown 55 | mtu 9198 56 | description Spine-Uplink 57 | ip mtu 9198 58 | ip address 192.168.2.4/31 59 | ip ospf 1 area 0.0.0.0 60 | ip ospf network point-to-point 61 | interface 1/1/50 62 | no shutdown 63 | mtu 9198 64 | description Spine-Uplink 65 | ip mtu 9198 66 | ip address 192.168.2.6/31 67 | ip ospf 1 area 0.0.0.0 68 | ip ospf network point-to-point 69 | interface loopback 0 70 | ip address 192.168.1.2/32 71 | ip ospf 1 area 0.0.0.0 72 | interface loopback 1 73 | ip address 192.168.100.2/32 74 | ip ospf 1 area 0.0.0.0 75 | interface vxlan 1 76 | source ip 192.168.100.2 77 | no shutdown 78 | vni 11 79 | vlan 11 80 | vsx 81 | inter-switch-link lag 1 82 | role secondary 83 | keepalive peer 192.168.1.110 source 192.168.1.111 84 | no split-recovery 85 | router bgp 65101 86 | bgp router-id 192.168.1.2 87 | neighbor 192.168.1.11 remote-as 65101 88 | neighbor 192.168.1.11 update-source loopback 0 89 | neighbor 192.168.1.12 remote-as 65101 90 | neighbor 192.168.1.12 update-source loopback 0 91 | address-family l2vpn evpn 92 | neighbor 192.168.1.11 activate 93 | neighbor 192.168.1.11 send-community extended 94 | neighbor 192.168.1.12 activate 95 | neighbor 192.168.1.12 send-community extended 96 | exit-address-family 97 | ! 98 | https-server rest access-mode read-write 99 | https-server vrf mgmt 100 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_iBGP/Zone1-Rack3-Leaf3a-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack3-Leaf3a 5 | user admin group administrators password ciphertext AQBapd0lfpkb1JQ/PeM7VAdLaPTFpCWvep8Ky+FcXCXZQjzuYgAAABM81mz9TPm9mRgJCcs5jU94yotLIjlGFmqRd7CPrUe2I/hhn9STUUgq5O+A0aM94fIRyUcLkDyRzgAKnzk1HmDNlT1yWnxptSrdw2lh0C9wBxf/UpiQFZe+RU1NxIoXC18J 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.5 17 | area 0.0.0.0 18 | vlan 1 19 | vlan 11 20 | name VLAN 11 21 | description Server VLAN 22 | evpn 23 | vlan 11 24 | rd auto 25 | route-target export auto 26 | route-target import auto 27 | interface mgmt 28 | no shutdown 29 | ip static 10.10.10.60/24 30 | default-gateway 10.10.10.254 31 | system interface-group 1 speed 10g 32 | !interface group 1 contains ports 1/1/1-1/1/12 33 | system interface-group 3 speed 10g 34 | !interface group 3 contains ports 1/1/25-1/1/36 35 | system interface-group 4 speed 10g 36 | !interface group 4 contains ports 1/1/37-1/1/48 37 | interface lag 1 38 | no shutdown 39 | description VSX ISL LAG 40 | no routing 41 | vlan trunk native 1 tag 42 | vlan trunk allowed all 43 | lacp mode active 44 | interface 1/1/31 45 | no shutdown 46 | description VSX KA 47 | ip address 192.168.1.112/31 48 | interface 1/1/32 49 | no shutdown 50 | mtu 9198 51 | description VSX ISL 52 | lag 1 53 | interface 1/1/49 54 | no shutdown 55 | mtu 9198 56 | description Spine-Uplink 57 | ip mtu 9198 58 | ip address 192.168.2.8/31 59 | ip ospf 1 area 0.0.0.0 60 | ip ospf network point-to-point 61 | interface 1/1/50 62 | no shutdown 63 | mtu 9198 64 | description Spine-Uplink 65 | ip mtu 9198 66 | ip address 192.168.2.10/31 67 | ip ospf 1 area 0.0.0.0 68 | ip ospf network point-to-point 69 | interface loopback 0 70 | ip address 192.168.1.5/32 71 | ip ospf 1 area 0.0.0.0 72 | interface loopback 1 73 | ip address 192.168.100.5/32 74 | ip ospf 1 area 0.0.0.0 75 | interface vxlan 1 76 | source ip 192.168.100.5 77 | no shutdown 78 | vni 11 79 | vlan 11 80 | vsx 81 | inter-switch-link lag 1 82 | role primary 83 | keepalive peer 192.168.1.113 source 192.168.1.112 84 | no split-recovery 85 | router bgp 65101 86 | bgp router-id 192.168.1.5 87 | neighbor 192.168.1.11 remote-as 65101 88 | neighbor 192.168.1.11 update-source loopback 0 89 | neighbor 192.168.1.12 remote-as 65101 90 | neighbor 192.168.1.12 update-source loopback 0 91 | address-family l2vpn evpn 92 | neighbor 192.168.1.11 activate 93 | neighbor 192.168.1.11 send-community extended 94 | neighbor 192.168.1.12 activate 95 | neighbor 192.168.1.12 send-community extended 96 | exit-address-family 97 | ! 98 | https-server rest access-mode read-write 99 | https-server vrf mgmt 100 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_eBGP/Zone1-Spine1-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0040 3 | !export-password: default 4 | hostname Zone1-Spine1 5 | user admin group administrators password ciphertext AQBapeeuZ6Nw+Phok7vJbD6r75PivsY6o/r0QfxdpH1h3fQYYgAAACrisdLluFaTV+Fj1JfL0WsZPS8LBYsoE/N6qohz8bziNZQvKts2XD+d+Hgx+qrd64f4Htq7A/1mAvqetP90ljtfIOX27j/ZvVwqV6ewUQyQ7V7rFCe8BIXyVCXZD5QhqRdg 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | interface mgmt 17 | no shutdown 18 | ip static 10.10.10.54/24 19 | default-gateway 10.10.10.254 20 | interface 1/1/23 21 | no shutdown 22 | mtu 9198 23 | description rack3-Downlink 24 | ip mtu 9198 25 | ip address 192.168.2.13/31 26 | interface 1/1/24 27 | no shutdown 28 | mtu 9198 29 | description rack3-Downlink 30 | ip mtu 9198 31 | ip address 192.168.2.9/31 32 | interface 1/1/27 33 | no shutdown 34 | mtu 9198 35 | description rack1-Downlink 36 | ip mtu 9198 37 | ip address 192.168.2.1/31 38 | interface 1/1/28 39 | no shutdown 40 | mtu 9198 41 | description rack1-Downlink 42 | ip mtu 9198 43 | ip address 192.168.2.5/31 44 | interface loopback 0 45 | ip address 192.168.1.11/32 46 | router bgp 65101 47 | bgp router-id 192.168.1.11 48 | bgp fast-external-fallover 49 | bgp bestpath as-path multipath-relax 50 | neighbor 192.168.1.1 remote-as 65001 51 | neighbor 192.168.1.1 ebgp-multihop 3 52 | neighbor 192.168.1.1 update-source loopback 0 53 | neighbor 192.168.1.2 remote-as 65001 54 | neighbor 192.168.1.2 ebgp-multihop 3 55 | neighbor 192.168.1.2 update-source loopback 0 56 | neighbor 192.168.1.5 remote-as 65003 57 | neighbor 192.168.1.5 ebgp-multihop 3 58 | neighbor 192.168.1.5 update-source loopback 0 59 | neighbor 192.168.1.6 remote-as 65003 60 | neighbor 192.168.1.6 ebgp-multihop 3 61 | neighbor 192.168.1.6 update-source loopback 0 62 | neighbor 192.168.2.0 remote-as 65001 63 | neighbor 192.168.2.4 remote-as 65001 64 | neighbor 192.168.2.8 remote-as 65003 65 | neighbor 192.168.2.12 remote-as 65003 66 | address-family ipv4 unicast 67 | neighbor 192.168.2.0 activate 68 | neighbor 192.168.2.4 activate 69 | neighbor 192.168.2.8 activate 70 | neighbor 192.168.2.12 activate 71 | redistribute connected 72 | network 192.168.1.11/32 73 | exit-address-family 74 | address-family l2vpn evpn 75 | neighbor 192.168.1.1 activate 76 | neighbor 192.168.1.1 next-hop-unchanged 77 | neighbor 192.168.1.1 send-community extended 78 | neighbor 192.168.1.2 activate 79 | neighbor 192.168.1.2 next-hop-unchanged 80 | neighbor 192.168.1.2 send-community extended 81 | neighbor 192.168.1.5 activate 82 | neighbor 192.168.1.5 next-hop-unchanged 83 | neighbor 192.168.1.5 send-community extended 84 | neighbor 192.168.1.6 activate 85 | neighbor 192.168.1.6 next-hop-unchanged 86 | neighbor 192.168.1.6 send-community extended 87 | exit-address-family 88 | ! 89 | https-server rest access-mode read-write 90 | https-server vrf mgmt 91 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_eBGP/Zone1-Spine2-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0040 3 | !export-password: default 4 | hostname Zone1-Spine2 5 | user admin group administrators password ciphertext AQBapW41EEHA+zskBXcBrm9Rr+euZNH+d4Q5BiGgeNrIvw1gYgAAANRxoQcfTTV7tma79JXNUOqrhv2y0xM21jrQxXeufK4O4aCwIfhuPJA7SPvno9iqnFJ9ehwrWSd5HdcyT1eb80glx6No9vqdDGKvOUfi6IOlDg6rcdaJcQWJ+tO7bZYVz5uz 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | interface mgmt 17 | no shutdown 18 | ip static 10.10.10.55/24 19 | default-gateway 10.10.10.254 20 | interface 1/1/23 21 | no shutdown 22 | mtu 9198 23 | description rack3-Downlink 24 | ip mtu 9198 25 | ip address 192.168.2.15/31 26 | interface 1/1/24 27 | no shutdown 28 | mtu 9198 29 | description rack3-Downlink 30 | ip mtu 9198 31 | ip address 192.168.2.11/31 32 | interface 1/1/27 33 | no shutdown 34 | mtu 9198 35 | description rack1-Downlink 36 | ip mtu 9198 37 | ip address 192.168.2.3/31 38 | interface 1/1/28 39 | no shutdown 40 | mtu 9198 41 | description rack1-Downlink 42 | ip mtu 9198 43 | ip address 192.168.2.7/31 44 | interface loopback 0 45 | ip address 192.168.1.12/32 46 | router bgp 65101 47 | bgp router-id 192.168.1.12 48 | bgp fast-external-fallover 49 | bgp bestpath as-path multipath-relax 50 | neighbor 192.168.1.1 remote-as 65001 51 | neighbor 192.168.1.1 ebgp-multihop 3 52 | neighbor 192.168.1.1 update-source loopback 0 53 | neighbor 192.168.1.2 remote-as 65001 54 | neighbor 192.168.1.2 ebgp-multihop 3 55 | neighbor 192.168.1.2 update-source loopback 0 56 | neighbor 192.168.1.5 remote-as 65003 57 | neighbor 192.168.1.5 ebgp-multihop 3 58 | neighbor 192.168.1.5 update-source loopback 0 59 | neighbor 192.168.1.6 remote-as 65003 60 | neighbor 192.168.1.6 ebgp-multihop 3 61 | neighbor 192.168.1.6 update-source loopback 0 62 | neighbor 192.168.2.2 remote-as 65001 63 | neighbor 192.168.2.6 remote-as 65001 64 | neighbor 192.168.2.10 remote-as 65003 65 | neighbor 192.168.2.14 remote-as 65003 66 | address-family ipv4 unicast 67 | neighbor 192.168.2.2 activate 68 | neighbor 192.168.2.6 activate 69 | neighbor 192.168.2.10 activate 70 | neighbor 192.168.2.14 activate 71 | redistribute connected 72 | network 192.168.1.12/32 73 | exit-address-family 74 | address-family l2vpn evpn 75 | neighbor 192.168.1.1 activate 76 | neighbor 192.168.1.1 next-hop-unchanged 77 | neighbor 192.168.1.1 send-community extended 78 | neighbor 192.168.1.2 activate 79 | neighbor 192.168.1.2 next-hop-unchanged 80 | neighbor 192.168.1.2 send-community extended 81 | neighbor 192.168.1.5 activate 82 | neighbor 192.168.1.5 next-hop-unchanged 83 | neighbor 192.168.1.5 send-community extended 84 | neighbor 192.168.1.6 activate 85 | neighbor 192.168.1.6 next-hop-unchanged 86 | neighbor 192.168.1.6 send-community extended 87 | exit-address-family 88 | ! 89 | https-server rest access-mode read-write 90 | https-server vrf mgmt 91 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_iBGP/Zone1-Rack3-Leaf3b-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack3-Leaf3b 5 | user admin group administrators password ciphertext AQBapaHRO1zdYAmv8jyi6BEy2EdGo7mXog4SaUdBnB6VBVmrYgAAAMswpUXLpjUGA0QadW9dCf7EgZkDyT6oT740N0z8ey2PTAAz8DT02vzpz1sAo27jMoqJ3YCXA0bW05qG+CWqweUfanbUEccqyrEu8SpcQjUoYdHYFZFHFtniXxA7d9wFijPV 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.6 17 | area 0.0.0.0 18 | vlan 1 19 | vlan 11 20 | name VLAN 11 21 | description Server VLAN 22 | evpn 23 | vlan 11 24 | rd auto 25 | route-target export auto 26 | route-target import auto 27 | interface mgmt 28 | no shutdown 29 | ip static 10.10.10.61/24 30 | default-gateway 10.10.10.254 31 | system interface-group 1 speed 10g 32 | !interface group 1 contains ports 1/1/1-1/1/12 33 | system interface-group 3 speed 10g 34 | !interface group 3 contains ports 1/1/25-1/1/36 35 | system interface-group 4 speed 10g 36 | !interface group 4 contains ports 1/1/37-1/1/48 37 | interface lag 1 38 | no shutdown 39 | description VSX ISL LAG 40 | no routing 41 | vlan trunk native 1 tag 42 | vlan trunk allowed all 43 | lacp mode active 44 | interface 1/1/1 45 | no shutdown 46 | no routing 47 | vlan access 11 48 | interface 1/1/31 49 | no shutdown 50 | description VSX KA 51 | ip address 192.168.1.113/31 52 | interface 1/1/32 53 | no shutdown 54 | mtu 9198 55 | description VSX ISL 56 | lag 1 57 | interface 1/1/49 58 | no shutdown 59 | mtu 9198 60 | description Spine-Uplink 61 | ip mtu 9198 62 | ip address 192.168.2.12/31 63 | ip ospf 1 area 0.0.0.0 64 | ip ospf network point-to-point 65 | interface 1/1/50 66 | no shutdown 67 | mtu 9198 68 | description Spine-Uplink 69 | ip mtu 9198 70 | ip address 192.168.2.14/31 71 | ip ospf 1 area 0.0.0.0 72 | ip ospf network point-to-point 73 | interface loopback 0 74 | ip address 192.168.1.6/32 75 | ip ospf 1 area 0.0.0.0 76 | interface loopback 1 77 | ip address 192.168.100.6/32 78 | ip ospf 1 area 0.0.0.0 79 | interface vxlan 1 80 | source ip 192.168.100.6 81 | no shutdown 82 | vni 11 83 | vlan 11 84 | vsx 85 | inter-switch-link lag 1 86 | role secondary 87 | keepalive peer 192.168.1.112 source 192.168.1.113 88 | no split-recovery 89 | router bgp 65101 90 | bgp router-id 192.168.1.6 91 | neighbor 192.168.1.11 remote-as 65101 92 | neighbor 192.168.1.11 update-source loopback 0 93 | neighbor 192.168.1.12 remote-as 65101 94 | neighbor 192.168.1.12 update-source loopback 0 95 | address-family l2vpn evpn 96 | neighbor 192.168.1.11 activate 97 | neighbor 192.168.1.11 send-community extended 98 | neighbor 192.168.1.12 activate 99 | neighbor 192.168.1.12 send-community extended 100 | exit-address-family 101 | ! 102 | https-server rest access-mode read-write 103 | https-server vrf mgmt 104 | -------------------------------------------------------------------------------- /configs/sample_configs/arch1/Zone1-Core1a-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0040 3 | !export-password: default 4 | hostname Zone1-Core1a 5 | user admin group administrators password ciphertext AQBapeeuZ6Nw+Phok7vJbD6r75PivsY6o/r0QfxdpH1h3fQYYgAAACrisdLluFaTV+Fj1JfL0WsZPS8LBYsoE/N6qohz8bziNZQvKts2XD+d+Hgx+qrd64f4Htq7A/1mAvqetP90ljtfIOX27j/ZvVwqV6ewUQyQ7V7rFCe8BIXyVCXZD5QhqRdg 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.11 17 | area 0.0.0.0 18 | vlan 1 19 | vlan 11 20 | name VLAN 11 21 | vlan 4000 22 | spanning-tree 23 | spanning-tree priority 1 24 | spanning-tree config-name Zone1 25 | spanning-tree config-revision 1 26 | spanning-tree instance 1 vlan 11 27 | interface mgmt 28 | no shutdown 29 | ip static 10.10.10.54/24 30 | default-gateway 10.10.10.254 31 | interface lag 1 32 | no shutdown 33 | description VSX ISL 34 | no routing 35 | vlan trunk native 1 tag 36 | vlan trunk allowed all 37 | lacp mode active 38 | interface lag 11 multi-chassis 39 | no shutdown 40 | description Zone1-Rack1-Access1/2 41 | no routing 42 | vlan trunk native 1 tag 43 | vlan trunk allowed 11 44 | lacp mode active 45 | interface lag 12 multi-chassis 46 | no shutdown 47 | description Zone1-Rack3-Access3/4 48 | no routing 49 | vlan trunk native 1 tag 50 | vlan trunk allowed 11 51 | lacp mode active 52 | interface 1/1/23 53 | no shutdown 54 | mtu 9198 55 | description Zone1-Rack3-Access3/4 56 | lag 12 57 | interface 1/1/24 58 | no shutdown 59 | mtu 9198 60 | description Zone1-Rack3-Access3/4 61 | lag 12 62 | interface 1/1/27 63 | no shutdown 64 | mtu 9198 65 | description Zone1-Rack1-Access1/2 66 | lag 11 67 | interface 1/1/28 68 | no shutdown 69 | mtu 9198 70 | description Zone1-Rack1-Access1/2 71 | lag 11 72 | interface 1/1/31 73 | no shutdown 74 | description VSX KA 75 | ip address 192.168.1.100/31 76 | interface 1/1/32 77 | no shutdown 78 | mtu 9198 79 | description VSX ISL 80 | lag 1 81 | interface loopback 0 82 | ip address 192.168.1.11/32 83 | ip ospf 1 area 0.0.0.0 84 | interface vlan11 85 | ip address 11.1.1.3/24 86 | active-gateway ip mac 00:00:00:00:01:01 87 | active-gateway ip 11.1.1.1 88 | interface vlan4000 89 | description IBGP transit 90 | ip mtu 9198 91 | ip address 10.1.2.2/31 92 | ip ospf 1 area 0.0.0.0 93 | ip ospf network point-to-point 94 | vsx 95 | system-mac 00:00:00:00:01:01 96 | inter-switch-link lag 1 97 | role primary 98 | keepalive peer 192.168.1.101 source 192.168.1.100 99 | router bgp 65101 100 | bgp router-id 192.168.1.11 101 | neighbor 192.168.1.12 remote-as 65101 102 | neighbor 192.168.1.12 update-source loopback 0 103 | address-family ipv4 unicast 104 | neighbor 192.168.1.12 activate 105 | neighbor 192.168.1.12 next-hop-self 106 | network 11.1.1.0/24 107 | exit-address-family 108 | ! 109 | https-server rest access-mode read-write 110 | https-server vrf mgmt 111 | -------------------------------------------------------------------------------- /configs/sample_configs/arch2/Zone1-Core1a-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0040 3 | !export-password: default 4 | hostname Zone1-Core1a 5 | user admin group administrators password ciphertext AQBapeeuZ6Nw+Phok7vJbD6r75PivsY6o/r0QfxdpH1h3fQYYgAAACrisdLluFaTV+Fj1JfL0WsZPS8LBYsoE/N6qohz8bziNZQvKts2XD+d+Hgx+qrd64f4Htq7A/1mAvqetP90ljtfIOX27j/ZvVwqV6ewUQyQ7V7rFCe8BIXyVCXZD5QhqRdg 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.11 17 | area 0.0.0.0 18 | vlan 1 19 | vlan 11 20 | name VLAN 11 21 | vlan 4000 22 | spanning-tree 23 | spanning-tree priority 1 24 | spanning-tree config-name Zone1 25 | spanning-tree config-revision 1 26 | spanning-tree instance 1 vlan 11 27 | interface mgmt 28 | no shutdown 29 | ip static 10.10.10.54/24 30 | default-gateway 10.10.10.254 31 | interface lag 1 32 | no shutdown 33 | description VSX ISL 34 | no routing 35 | vlan trunk native 1 tag 36 | vlan trunk allowed all 37 | lacp mode active 38 | interface lag 11 multi-chassis 39 | no shutdown 40 | description Zone1-Rack1-Access1/2 41 | no routing 42 | vlan trunk native 1 tag 43 | vlan trunk allowed 11 44 | lacp mode active 45 | interface lag 12 multi-chassis 46 | no shutdown 47 | description Zone1-Rack3-Access3/4 48 | no routing 49 | vlan trunk native 1 tag 50 | vlan trunk allowed 11 51 | lacp mode active 52 | interface 1/1/23 53 | no shutdown 54 | mtu 9198 55 | description Zone1-Rack3-Access3/4 56 | lag 12 57 | interface 1/1/24 58 | no shutdown 59 | mtu 9198 60 | description Zone1-Rack3-Access3/4 61 | lag 12 62 | interface 1/1/27 63 | no shutdown 64 | mtu 9198 65 | description Zone1-Rack1-Access1/2 66 | lag 11 67 | interface 1/1/28 68 | no shutdown 69 | mtu 9198 70 | description Zone1-Rack1-Access1/2 71 | lag 11 72 | interface 1/1/31 73 | no shutdown 74 | description VSX KA 75 | ip address 192.168.1.100/31 76 | interface 1/1/32 77 | no shutdown 78 | mtu 9198 79 | description VSX ISL 80 | lag 1 81 | interface loopback 0 82 | ip address 192.168.1.11/32 83 | ip ospf 1 area 0.0.0.0 84 | interface vlan11 85 | ip address 11.1.1.3/24 86 | active-gateway ip mac 00:00:00:00:01:01 87 | active-gateway ip 11.1.1.1 88 | interface vlan4000 89 | description IBGP transit 90 | ip mtu 9198 91 | ip address 10.1.2.2/31 92 | ip ospf 1 area 0.0.0.0 93 | ip ospf network point-to-point 94 | vsx 95 | system-mac 00:00:00:00:01:01 96 | inter-switch-link lag 1 97 | role primary 98 | keepalive peer 192.168.1.101 source 192.168.1.100 99 | router bgp 65101 100 | bgp router-id 192.168.1.11 101 | neighbor 192.168.1.12 remote-as 65101 102 | neighbor 192.168.1.12 update-source loopback 0 103 | address-family ipv4 unicast 104 | neighbor 192.168.1.12 activate 105 | neighbor 192.168.1.12 next-hop-self 106 | network 11.1.1.0/24 107 | exit-address-family 108 | ! 109 | https-server rest access-mode read-write 110 | https-server vrf mgmt 111 | -------------------------------------------------------------------------------- /configs/sample_configs/arch1/Zone1-Core1b-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0040 3 | !export-password: default 4 | hostname Zone1-Core1b 5 | user admin group administrators password ciphertext AQBapW41EEHA+zskBXcBrm9Rr+euZNH+d4Q5BiGgeNrIvw1gYgAAANRxoQcfTTV7tma79JXNUOqrhv2y0xM21jrQxXeufK4O4aCwIfhuPJA7SPvno9iqnFJ9ehwrWSd5HdcyT1eb80glx6No9vqdDGKvOUfi6IOlDg6rcdaJcQWJ+tO7bZYVz5uz 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.12 17 | area 0.0.0.0 18 | vlan 1 19 | vlan 11 20 | name VLAN 11 21 | vlan 4000 22 | spanning-tree 23 | spanning-tree priority 1 24 | spanning-tree config-name Zone1 25 | spanning-tree config-revision 1 26 | spanning-tree instance 1 vlan 11 27 | interface mgmt 28 | no shutdown 29 | ip static 10.10.10.55/24 30 | default-gateway 10.10.10.254 31 | interface lag 1 32 | no shutdown 33 | description VSX ISL 34 | no routing 35 | vlan trunk native 1 tag 36 | vlan trunk allowed all 37 | lacp mode active 38 | interface lag 11 multi-chassis 39 | no shutdown 40 | description Zone1-Rack1-Access1/2 41 | no routing 42 | vlan trunk native 1 tag 43 | vlan trunk allowed 11 44 | lacp mode active 45 | interface lag 12 multi-chassis 46 | no shutdown 47 | description Zone1-Rack3-Access3/4 48 | no routing 49 | vlan trunk native 1 tag 50 | vlan trunk allowed 11 51 | lacp mode active 52 | interface 1/1/23 53 | no shutdown 54 | mtu 9198 55 | description Zone1-Rack3-Access3/4 56 | lag 12 57 | interface 1/1/24 58 | no shutdown 59 | mtu 9198 60 | description Zone1-Rack3-Access3/4 61 | lag 12 62 | interface 1/1/27 63 | no shutdown 64 | mtu 9198 65 | description Zone1-Rack1-Access1/2 66 | lag 11 67 | interface 1/1/28 68 | no shutdown 69 | mtu 9198 70 | description Zone1-Rack1-Access1/2 71 | lag 11 72 | interface 1/1/31 73 | no shutdown 74 | description VSX KA 75 | ip address 192.168.1.101/31 76 | interface 1/1/32 77 | no shutdown 78 | mtu 9198 79 | description VSX ISL 80 | lag 1 81 | interface loopback 0 82 | ip address 192.168.1.12/32 83 | ip ospf 1 area 0.0.0.0 84 | interface vlan11 85 | ip address 11.1.1.4/24 86 | active-gateway ip mac 00:00:00:00:01:01 87 | active-gateway ip 11.1.1.1 88 | interface vlan4000 89 | description IBGP transit 90 | ip mtu 9198 91 | ip address 10.1.2.3/31 92 | ip ospf 1 area 0.0.0.0 93 | ip ospf network point-to-point 94 | vsx 95 | system-mac 00:00:00:00:01:01 96 | inter-switch-link lag 1 97 | role secondary 98 | keepalive peer 192.168.1.100 source 192.168.1.101 99 | router bgp 65101 100 | bgp router-id 192.168.1.12 101 | neighbor 192.168.1.11 remote-as 65101 102 | neighbor 192.168.1.11 update-source loopback 0 103 | address-family ipv4 unicast 104 | neighbor 192.168.1.11 activate 105 | neighbor 192.168.1.11 next-hop-self 106 | network 11.1.1.0/24 107 | exit-address-family 108 | ! 109 | https-server rest access-mode read-write 110 | https-server vrf mgmt 111 | -------------------------------------------------------------------------------- /configs/sample_configs/arch2/Zone1-Core1b-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0040 3 | !export-password: default 4 | hostname Zone1-Core1b 5 | user admin group administrators password ciphertext AQBapW41EEHA+zskBXcBrm9Rr+euZNH+d4Q5BiGgeNrIvw1gYgAAANRxoQcfTTV7tma79JXNUOqrhv2y0xM21jrQxXeufK4O4aCwIfhuPJA7SPvno9iqnFJ9ehwrWSd5HdcyT1eb80glx6No9vqdDGKvOUfi6IOlDg6rcdaJcQWJ+tO7bZYVz5uz 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | router ospf 1 16 | router-id 192.168.1.12 17 | area 0.0.0.0 18 | vlan 1 19 | vlan 11 20 | name VLAN 11 21 | vlan 4000 22 | spanning-tree 23 | spanning-tree priority 1 24 | spanning-tree config-name Zone1 25 | spanning-tree config-revision 1 26 | spanning-tree instance 1 vlan 11 27 | interface mgmt 28 | no shutdown 29 | ip static 10.10.10.55/24 30 | default-gateway 10.10.10.254 31 | interface lag 1 32 | no shutdown 33 | description VSX ISL 34 | no routing 35 | vlan trunk native 1 tag 36 | vlan trunk allowed all 37 | lacp mode active 38 | interface lag 11 multi-chassis 39 | no shutdown 40 | description Zone1-Rack1-Access1/2 41 | no routing 42 | vlan trunk native 1 tag 43 | vlan trunk allowed 11 44 | lacp mode active 45 | interface lag 12 multi-chassis 46 | no shutdown 47 | description Zone1-Rack3-Access3/4 48 | no routing 49 | vlan trunk native 1 tag 50 | vlan trunk allowed 11 51 | lacp mode active 52 | interface 1/1/23 53 | no shutdown 54 | mtu 9198 55 | description Zone1-Rack3-Access3/4 56 | lag 12 57 | interface 1/1/24 58 | no shutdown 59 | mtu 9198 60 | description Zone1-Rack3-Access3/4 61 | lag 12 62 | interface 1/1/27 63 | no shutdown 64 | mtu 9198 65 | description Zone1-Rack1-Access1/2 66 | lag 11 67 | interface 1/1/28 68 | no shutdown 69 | mtu 9198 70 | description Zone1-Rack1-Access1/2 71 | lag 11 72 | interface 1/1/31 73 | no shutdown 74 | description VSX KA 75 | ip address 192.168.1.101/31 76 | interface 1/1/32 77 | no shutdown 78 | mtu 9198 79 | description VSX ISL 80 | lag 1 81 | interface loopback 0 82 | ip address 192.168.1.12/32 83 | ip ospf 1 area 0.0.0.0 84 | interface vlan11 85 | ip address 11.1.1.4/24 86 | active-gateway ip mac 00:00:00:00:01:01 87 | active-gateway ip 11.1.1.1 88 | interface vlan4000 89 | description IBGP transit 90 | ip mtu 9198 91 | ip address 10.1.2.3/31 92 | ip ospf 1 area 0.0.0.0 93 | ip ospf network point-to-point 94 | vsx 95 | system-mac 00:00:00:00:01:01 96 | inter-switch-link lag 1 97 | role secondary 98 | keepalive peer 192.168.1.100 source 192.168.1.101 99 | router bgp 65101 100 | bgp router-id 192.168.1.12 101 | neighbor 192.168.1.11 remote-as 65101 102 | neighbor 192.168.1.11 update-source loopback 0 103 | address-family ipv4 unicast 104 | neighbor 192.168.1.11 activate 105 | neighbor 192.168.1.11 next-hop-self 106 | network 11.1.1.0/24 107 | exit-address-family 108 | ! 109 | https-server rest access-mode read-write 110 | https-server vrf mgmt 111 | -------------------------------------------------------------------------------- /templates/eBGP/leaf.j2: -------------------------------------------------------------------------------- 1 | hostname {{hostname}} 2 | ! 3 | ! 4 | ! 5 | ssh server vrf mgmt 6 | ! 7 | ! 8 | ! 9 | ! 10 | ! 11 | vlan 1 12 | {% for vlan in server_vlans %} 13 | vlan {{vlan}} 14 | name VLAN {{vlan}} 15 | description Server VLAN 16 | {% endfor %} 17 | {% for vlan in server_vlans %} 18 | interface vxlan 1 19 | source ip {{loopback1_ip}} 20 | no shutdown 21 | vni {{vlan}} 22 | vlan {{vlan}} 23 | {% endfor %} 24 | {% for vlan in server_vlans %} 25 | evpn 26 | vlan {{vlan}} 27 | rd auto 28 | route-target export 1:{{vlan}} 29 | route-target import 1:{{vlan}} 30 | {% endfor %} 31 | interface {{vsx_keepalive_int}} 32 | no shutdown 33 | description VSX KA 34 | {% if vsx_role == 'primary' %} 35 | ip address {{vsx_keepalive_ip_primary}}/31 36 | {% else %} 37 | ip address {{vsx_keepalive_ip_secondary}}/31 38 | {% endif %} 39 | interface lag {{vsx_isl_lagid}} 40 | no shutdown 41 | description VSX ISL LAG 42 | no routing 43 | vlan trunk native 1 tag 44 | vlan trunk allowed all 45 | lacp mode active 46 | {% for interface in vsx_isl_ports %} 47 | interface {{interface}} 48 | no shutdown 49 | description VSX ISL 50 | {% if mtu is defined %} 51 | mtu {{mtu}} 52 | {% endif %} 53 | lag {{vsx_isl_lagid}} 54 | {% endfor %} 55 | {% for int_data in vsx_pair_L3fabric_ips %} 56 | interface {{int_data.interface}} 57 | no shutdown 58 | {% if mtu is defined %} 59 | ip mtu {{mtu}} 60 | mtu {{mtu}} 61 | {% endif %} 62 | description Spine-Uplink 63 | ip address {{int_data.ipv4}}/31 64 | {% endfor %} 65 | interface loopback 0 66 | ip address {{loopback0_ip}}/32 67 | interface loopback 1 68 | ip address {{loopback1_ip}}/32 69 | vsx 70 | inter-switch-link lag {{vsx_isl_lagid}} 71 | role {{vsx_role}} 72 | {% if vsx_role == 'primary' %} 73 | keepalive peer {{vsx_keepalive_ip_secondary}} source {{vsx_keepalive_ip_primary}} 74 | {% else %} 75 | keepalive peer {{vsx_keepalive_ip_primary}} source {{vsx_keepalive_ip_secondary}} 76 | {% endif %} 77 | no split-recovery 78 | router bgp {{vsx_pair_asn}} 79 | bgp router-id {{loopback0_ip}} 80 | bgp fast-external-fallover 81 | bgp bestpath as-path multipath-relax 82 | {% for loopback0_ip in spine_loopback0_ips %} 83 | neighbor {{loopback0_ip}} remote-as {{asn}} 84 | neighbor {{loopback0_ip}} ebgp-multihop 3 85 | neighbor {{loopback0_ip}} update-source loopback 0 86 | {% endfor %} 87 | {% for spine_ip in spine_L3fabric_ips %} 88 | neighbor {{spine_ip}} remote-as {{asn}} 89 | {% endfor %} 90 | address-family ipv4 unicast 91 | {% for spine_ip in spine_L3fabric_ips %} 92 | neighbor {{spine_ip}} activate 93 | {% endfor %} 94 | redistribute connected 95 | network {{loopback0_ip}}/32 96 | network {{loopback1_ip}}/32 97 | exit-address-family 98 | address-family l2vpn evpn 99 | {% for loopback0_ip in spine_loopback0_ips %} 100 | neighbor {{loopback0_ip}} activate 101 | neighbor {{loopback0_ip}} next-hop-unchanged 102 | neighbor {{loopback0_ip}} send-community extended 103 | {% endfor %} 104 | exit-address-family 105 | ! 106 | https-server rest access-mode read-write 107 | https-server vrf mgmt 108 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_eBGP/Zone1-Rack1-Leaf1a-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack1-Leaf1a 5 | user admin group administrators password ciphertext AQBapZ4yCW+QbkkvhYYoSS0WaqDVKw88SZxmgXHIxwMipV9EYgAAAMAuiAnGsQwvlI3bNifJth6elIQWykn7bGlAq+byxaItlAZQiZom10jqCFTailvy80jwvoNQdgLf6Ie6XIqed9Jzxk3X14GujvBxfL4XFHit14RQIALWT12Cj1o9TE55wRck 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | vlan 11 17 | name VLAN 11 18 | description Server VLAN 19 | evpn 20 | vlan 11 21 | rd auto 22 | route-target export 1:11 23 | route-target import 1:11 24 | interface mgmt 25 | no shutdown 26 | ip static 10.10.10.56/24 27 | default-gateway 10.10.10.254 28 | system interface-group 1 speed 10g 29 | !interface group 1 contains ports 1/1/1-1/1/12 30 | system interface-group 3 speed 10g 31 | !interface group 3 contains ports 1/1/25-1/1/36 32 | interface lag 1 33 | no shutdown 34 | description VSX ISL LAG 35 | no routing 36 | vlan trunk native 1 tag 37 | vlan trunk allowed all 38 | lacp mode active 39 | interface 1/1/1 40 | no shutdown 41 | no routing 42 | vlan access 11 43 | interface 1/1/31 44 | no shutdown 45 | description VSX KA 46 | ip address 192.168.1.110/31 47 | interface 1/1/32 48 | no shutdown 49 | mtu 9198 50 | description VSX ISL 51 | lag 1 52 | interface 1/1/49 53 | no shutdown 54 | mtu 9198 55 | description Spine-Uplink 56 | ip mtu 9198 57 | ip address 192.168.2.0/31 58 | interface 1/1/50 59 | no shutdown 60 | mtu 9198 61 | description Spine-Uplink 62 | ip mtu 9198 63 | ip address 192.168.2.2/31 64 | interface loopback 0 65 | ip address 192.168.1.1/32 66 | interface loopback 1 67 | ip address 192.168.100.1/32 68 | interface vxlan 1 69 | source ip 192.168.100.1 70 | no shutdown 71 | vni 11 72 | vlan 11 73 | vsx 74 | inter-switch-link lag 1 75 | role primary 76 | keepalive peer 192.168.1.111 source 192.168.1.110 77 | no split-recovery 78 | router bgp 65001 79 | bgp router-id 192.168.1.1 80 | bgp fast-external-fallover 81 | bgp bestpath as-path multipath-relax 82 | neighbor 192.168.1.11 remote-as 65101 83 | neighbor 192.168.1.11 ebgp-multihop 3 84 | neighbor 192.168.1.11 update-source loopback 0 85 | neighbor 192.168.1.12 remote-as 65101 86 | neighbor 192.168.1.12 ebgp-multihop 3 87 | neighbor 192.168.1.12 update-source loopback 0 88 | neighbor 192.168.2.1 remote-as 65101 89 | neighbor 192.168.2.3 remote-as 65101 90 | neighbor 192.168.2.5 remote-as 65101 91 | neighbor 192.168.2.7 remote-as 65101 92 | address-family ipv4 unicast 93 | neighbor 192.168.2.1 activate 94 | neighbor 192.168.2.3 activate 95 | neighbor 192.168.2.5 activate 96 | neighbor 192.168.2.7 activate 97 | redistribute connected 98 | network 192.168.1.1/32 99 | network 192.168.100.1/32 100 | exit-address-family 101 | address-family l2vpn evpn 102 | neighbor 192.168.1.11 activate 103 | neighbor 192.168.1.11 next-hop-unchanged 104 | neighbor 192.168.1.11 send-community extended 105 | neighbor 192.168.1.12 activate 106 | neighbor 192.168.1.12 next-hop-unchanged 107 | neighbor 192.168.1.12 send-community extended 108 | exit-address-family 109 | ! 110 | https-server rest access-mode read-write 111 | https-server vrf mgmt 112 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_eBGP/Zone1-Rack1-Leaf1b-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack1-Leaf1b 5 | user admin group administrators password ciphertext AQBapd3Qg7OPKcjRayIQyuxOPabPIbT8bvU05pOk8sc+vAXyYgAAAGtM+A5APROROs6l56dpUdXic8SskYkcBHqp0rxFPtTqgmXoEzI21Mk5T3CR023fONvCpIZGpS4WUmReFVaiMR2XKnitYUhfkJLCK19Kl9uBL85jHFsthncP+X7/1q0bs/RG 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | vlan 11 17 | name VLAN 11 18 | description Server VLAN 19 | evpn 20 | vlan 11 21 | rd auto 22 | route-target export 1:11 23 | route-target import 1:11 24 | interface mgmt 25 | no shutdown 26 | ip static 10.10.10.57/24 27 | default-gateway 10.10.10.254 28 | system interface-group 1 speed 10g 29 | !interface group 1 contains ports 1/1/1-1/1/12 30 | system interface-group 3 speed 10g 31 | !interface group 3 contains ports 1/1/25-1/1/36 32 | system interface-group 4 speed 10g 33 | !interface group 4 contains ports 1/1/37-1/1/48 34 | interface lag 1 35 | no shutdown 36 | description VSX ISL LAG 37 | no routing 38 | vlan trunk native 1 tag 39 | vlan trunk allowed all 40 | lacp mode active 41 | interface 1/1/31 42 | no shutdown 43 | description VSX KA 44 | ip address 192.168.1.111/31 45 | interface 1/1/32 46 | no shutdown 47 | mtu 9198 48 | description VSX ISL 49 | lag 1 50 | interface 1/1/49 51 | no shutdown 52 | mtu 9198 53 | description Spine-Uplink 54 | ip mtu 9198 55 | ip address 192.168.2.4/31 56 | interface 1/1/50 57 | no shutdown 58 | mtu 9198 59 | description Spine-Uplink 60 | ip mtu 9198 61 | ip address 192.168.2.6/31 62 | interface loopback 0 63 | ip address 192.168.1.2/32 64 | interface loopback 1 65 | ip address 192.168.100.2/32 66 | interface vxlan 1 67 | source ip 192.168.100.2 68 | no shutdown 69 | vni 11 70 | vlan 11 71 | vsx 72 | inter-switch-link lag 1 73 | role secondary 74 | keepalive peer 192.168.1.110 source 192.168.1.111 75 | no split-recovery 76 | router bgp 65001 77 | bgp router-id 192.168.1.2 78 | bgp fast-external-fallover 79 | bgp bestpath as-path multipath-relax 80 | neighbor 192.168.1.11 remote-as 65101 81 | neighbor 192.168.1.11 ebgp-multihop 3 82 | neighbor 192.168.1.11 update-source loopback 0 83 | neighbor 192.168.1.12 remote-as 65101 84 | neighbor 192.168.1.12 ebgp-multihop 3 85 | neighbor 192.168.1.12 update-source loopback 0 86 | neighbor 192.168.2.1 remote-as 65101 87 | neighbor 192.168.2.3 remote-as 65101 88 | neighbor 192.168.2.5 remote-as 65101 89 | neighbor 192.168.2.7 remote-as 65101 90 | address-family ipv4 unicast 91 | neighbor 192.168.2.1 activate 92 | neighbor 192.168.2.3 activate 93 | neighbor 192.168.2.5 activate 94 | neighbor 192.168.2.7 activate 95 | redistribute connected 96 | network 192.168.1.2/32 97 | network 192.168.100.2/32 98 | exit-address-family 99 | address-family l2vpn evpn 100 | neighbor 192.168.1.11 activate 101 | neighbor 192.168.1.11 next-hop-unchanged 102 | neighbor 192.168.1.11 send-community extended 103 | neighbor 192.168.1.12 activate 104 | neighbor 192.168.1.12 next-hop-unchanged 105 | neighbor 192.168.1.12 send-community extended 106 | exit-address-family 107 | ! 108 | https-server rest access-mode read-write 109 | https-server vrf mgmt 110 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_eBGP/Zone1-Rack3-Leaf3a-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack3-Leaf3a 5 | user admin group administrators password ciphertext AQBapd0lfpkb1JQ/PeM7VAdLaPTFpCWvep8Ky+FcXCXZQjzuYgAAABM81mz9TPm9mRgJCcs5jU94yotLIjlGFmqRd7CPrUe2I/hhn9STUUgq5O+A0aM94fIRyUcLkDyRzgAKnzk1HmDNlT1yWnxptSrdw2lh0C9wBxf/UpiQFZe+RU1NxIoXC18J 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | vlan 11 17 | name VLAN 11 18 | description Server VLAN 19 | evpn 20 | vlan 11 21 | rd auto 22 | route-target export 1:11 23 | route-target import 1:11 24 | interface mgmt 25 | no shutdown 26 | ip static 10.10.10.60/24 27 | default-gateway 10.10.10.254 28 | system interface-group 1 speed 10g 29 | !interface group 1 contains ports 1/1/1-1/1/12 30 | system interface-group 3 speed 10g 31 | !interface group 3 contains ports 1/1/25-1/1/36 32 | system interface-group 4 speed 10g 33 | !interface group 4 contains ports 1/1/37-1/1/48 34 | interface lag 1 35 | no shutdown 36 | description VSX ISL LAG 37 | no routing 38 | vlan trunk native 1 tag 39 | vlan trunk allowed all 40 | lacp mode active 41 | interface 1/1/31 42 | no shutdown 43 | description VSX KA 44 | ip address 192.168.1.112/31 45 | interface 1/1/32 46 | no shutdown 47 | mtu 9198 48 | description VSX ISL 49 | lag 1 50 | interface 1/1/49 51 | no shutdown 52 | mtu 9198 53 | description Spine-Uplink 54 | ip mtu 9198 55 | ip address 192.168.2.8/31 56 | interface 1/1/50 57 | no shutdown 58 | mtu 9198 59 | description Spine-Uplink 60 | ip mtu 9198 61 | ip address 192.168.2.10/31 62 | interface loopback 0 63 | ip address 192.168.1.5/32 64 | interface loopback 1 65 | ip address 192.168.100.5/32 66 | interface vxlan 1 67 | source ip 192.168.100.5 68 | no shutdown 69 | vni 11 70 | vlan 11 71 | vsx 72 | inter-switch-link lag 1 73 | role primary 74 | keepalive peer 192.168.1.113 source 192.168.1.112 75 | no split-recovery 76 | router bgp 65003 77 | bgp router-id 192.168.1.5 78 | bgp fast-external-fallover 79 | bgp bestpath as-path multipath-relax 80 | neighbor 192.168.1.11 remote-as 65101 81 | neighbor 192.168.1.11 ebgp-multihop 3 82 | neighbor 192.168.1.11 update-source loopback 0 83 | neighbor 192.168.1.12 remote-as 65101 84 | neighbor 192.168.1.12 ebgp-multihop 3 85 | neighbor 192.168.1.12 update-source loopback 0 86 | neighbor 192.168.2.9 remote-as 65101 87 | neighbor 192.168.2.11 remote-as 65101 88 | neighbor 192.168.2.13 remote-as 65101 89 | neighbor 192.168.2.15 remote-as 65101 90 | address-family ipv4 unicast 91 | neighbor 192.168.2.9 activate 92 | neighbor 192.168.2.11 activate 93 | neighbor 192.168.2.13 activate 94 | neighbor 192.168.2.15 activate 95 | redistribute connected 96 | network 192.168.1.5/32 97 | network 192.168.100.5/32 98 | exit-address-family 99 | address-family l2vpn evpn 100 | neighbor 192.168.1.11 activate 101 | neighbor 192.168.1.11 next-hop-unchanged 102 | neighbor 192.168.1.11 send-community extended 103 | neighbor 192.168.1.12 activate 104 | neighbor 192.168.1.12 next-hop-unchanged 105 | neighbor 192.168.1.12 send-community extended 106 | exit-address-family 107 | ! 108 | https-server rest access-mode read-write 109 | https-server vrf mgmt 110 | -------------------------------------------------------------------------------- /configs/sample_configs/arch3_eBGP/Zone1-Rack3-Leaf3b-final.conf: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.04.0020 3 | !export-password: default 4 | hostname Zone1-Rack3-Leaf3b 5 | user admin group administrators password ciphertext AQBapaHRO1zdYAmv8jyi6BEy2EdGo7mXog4SaUdBnB6VBVmrYgAAAMswpUXLpjUGA0QadW9dCf7EgZkDyT6oT740N0z8ey2PTAAz8DT02vzpz1sAo27jMoqJ3YCXA0bW05qG+CWqweUfanbUEccqyrEu8SpcQjUoYdHYFZFHFtniXxA7d9wFijPV 6 | ! 7 | ! 8 | ! 9 | ssh server vrf mgmt 10 | ! 11 | ! 12 | ! 13 | ! 14 | ! 15 | vlan 1 16 | vlan 11 17 | name VLAN 11 18 | description Server VLAN 19 | evpn 20 | vlan 11 21 | rd auto 22 | route-target export 1:11 23 | route-target import 1:11 24 | interface mgmt 25 | no shutdown 26 | ip static 10.10.10.61/24 27 | default-gateway 10.10.10.254 28 | system interface-group 1 speed 10g 29 | !interface group 1 contains ports 1/1/1-1/1/12 30 | system interface-group 3 speed 10g 31 | !interface group 3 contains ports 1/1/25-1/1/36 32 | system interface-group 4 speed 10g 33 | !interface group 4 contains ports 1/1/37-1/1/48 34 | interface lag 1 35 | no shutdown 36 | description VSX ISL LAG 37 | no routing 38 | vlan trunk native 1 tag 39 | vlan trunk allowed all 40 | lacp mode active 41 | interface 1/1/1 42 | no shutdown 43 | no routing 44 | vlan access 11 45 | interface 1/1/31 46 | no shutdown 47 | description VSX KA 48 | ip address 192.168.1.113/31 49 | interface 1/1/32 50 | no shutdown 51 | mtu 9198 52 | description VSX ISL 53 | lag 1 54 | interface 1/1/49 55 | no shutdown 56 | mtu 9198 57 | description Spine-Uplink 58 | ip mtu 9198 59 | ip address 192.168.2.12/31 60 | interface 1/1/50 61 | no shutdown 62 | mtu 9198 63 | description Spine-Uplink 64 | ip mtu 9198 65 | ip address 192.168.2.14/31 66 | interface loopback 0 67 | ip address 192.168.1.6/32 68 | interface loopback 1 69 | ip address 192.168.100.6/32 70 | interface vxlan 1 71 | source ip 192.168.100.6 72 | no shutdown 73 | vni 11 74 | vlan 11 75 | vsx 76 | inter-switch-link lag 1 77 | role secondary 78 | keepalive peer 192.168.1.112 source 192.168.1.113 79 | no split-recovery 80 | router bgp 65003 81 | bgp router-id 192.168.1.6 82 | bgp fast-external-fallover 83 | bgp bestpath as-path multipath-relax 84 | neighbor 192.168.1.11 remote-as 65101 85 | neighbor 192.168.1.11 ebgp-multihop 3 86 | neighbor 192.168.1.11 update-source loopback 0 87 | neighbor 192.168.1.12 remote-as 65101 88 | neighbor 192.168.1.12 ebgp-multihop 3 89 | neighbor 192.168.1.12 update-source loopback 0 90 | neighbor 192.168.2.9 remote-as 65101 91 | neighbor 192.168.2.11 remote-as 65101 92 | neighbor 192.168.2.13 remote-as 65101 93 | neighbor 192.168.2.15 remote-as 65101 94 | address-family ipv4 unicast 95 | neighbor 192.168.2.9 activate 96 | neighbor 192.168.2.11 activate 97 | neighbor 192.168.2.13 activate 98 | neighbor 192.168.2.15 activate 99 | redistribute connected 100 | network 192.168.1.6/32 101 | network 192.168.100.6/32 102 | exit-address-family 103 | address-family l2vpn evpn 104 | neighbor 192.168.1.11 activate 105 | neighbor 192.168.1.11 next-hop-unchanged 106 | neighbor 192.168.1.11 send-community extended 107 | neighbor 192.168.1.12 activate 108 | neighbor 192.168.1.12 next-hop-unchanged 109 | neighbor 192.168.1.12 send-community extended 110 | exit-address-family 111 | ! 112 | https-server rest access-mode read-write 113 | https-server vrf mgmt 114 | -------------------------------------------------------------------------------- /templates/2TierV2/access.j2: -------------------------------------------------------------------------------- 1 | hostname {{ hostname}} 2 | profile aggregation-leaf 3 | ntp enable 4 | {% for server in ntp_servers %} 5 | ntp server {{ server }} 6 | {% endfor %} 7 | ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst 8 | ntp vrf {{ ntp_vrf | default("mgmt", true) }} 9 | ! 10 | ! 11 | ! 12 | ! 13 | {% for server in tacacs_servers %} 14 | tacacs-server host {{server.host}} key ciphertext {{server.ciphertext}} vrf mgmt 15 | {% endfor %} 16 | ! 17 | ! 18 | ! 19 | ssh server vrf mgmt 20 | vlan 1 21 | {% for vlan in host_vlans %} 22 | vlan {{vlan.id}} 23 | name {{vlan.name}} 24 | ip igmp snooping enable 25 | {% endfor %} 26 | spanning-tree 27 | {% if group is defined %} 28 | spanning-tree config-name {{group}} 29 | {% elif stp_config_name is defined %} 30 | spanning-tree config-name {{stp_config_name}} 31 | {% endif %} 32 | interface mgmt 33 | no shutdown 34 | ip dhcp 35 | {% if speed_interface_group_10g is defined %} 36 | auto-confirm 37 | {% for int_group in speed_interface_group_10g %} 38 | system interface-group {{int_group}} speed 10g 39 | {% endfor %} 40 | {% endif %} 41 | 42 | {% for lag in mclags %} 43 | interface lag {{lag.id}} multi-chassis 44 | no shutdown 45 | no routing 46 | description {{lag.description}} 47 | vlan trunk native 1 48 | {% for vlan in lag.allowed_vlans %} 49 | vlan trunk allowed {{vlan}} 50 | {% endfor %} 51 | lacp mode active 52 | {% if lag.id == '1' %} 53 | spanning-tree root-guard 54 | {% endif %} 55 | {% endfor %} 56 | interface lag {{vsx_isl_lagid}} 57 | no shutdown 58 | description VSX-ISL-LAG 59 | no routing 60 | vlan trunk native 1 tag 61 | vlan trunk allowed all 62 | lacp mode active 63 | {% if vsx_isl_ports is defined %} 64 | {% for interface in vsx_isl_ports %} 65 | interface {{interface}} 66 | no shutdown 67 | description VSX ISL 68 | {% if mtu is defined %} 69 | mtu {{mtu}} 70 | {% else %} 71 | mtu 9198 72 | {% endif %} 73 | lag {{vsx_isl_lagid}} 74 | {% endfor %} 75 | {% else %} 76 | {% endif %} 77 | {% if vsx_keepalive_int is defined %} 78 | interface {{vsx_keepalive_int}} 79 | no shutdown 80 | description VSX KA 81 | {% if vsx_role == 'primary' %} 82 | ip address {{vsx_keepalive_ip_primary}}/31 83 | {% else %} 84 | ip address {{vsx_keepalive_ip_secondary}}/31 85 | {% endif %} 86 | {% endif %} 87 | {% for lag in mclags %} 88 | {% for interface in lag.interfaces %} 89 | interface {{interface}} 90 | no shutdown 91 | description {{lag.description}} 92 | mtu {{mtu}} 93 | lag {{lag.id}} 94 | {% endfor %} 95 | {% endfor %} 96 | snmp-server system-location {{ system_location }} 97 | snmp-server system-contact {{ system_contact }} 98 | vsx 99 | system-mac {{vsx_system_mac | default('02:00:00:00:10:01', true)}} 100 | inter-switch-link lag {{vsx_isl_lagid | default('256', true)}} 101 | role {{vsx_role}} 102 | {% if vsx_keepalive_vrf is defined %} 103 | {% if vsx_role == 'primary' %} 104 | keepalive peer {{vsx_keepalive_ip_secondary}} source {{vsx_keepalive_ip_primary}} vrf {{vsx_keepalive_vrf}} 105 | {% else %} 106 | keepalive peer {{vsx_keepalive_ip_primary}} source {{vsx_keepalive_ip_secondary}} vrf {{vsx_keepalive_vrf}} 107 | {% endif %} 108 | {% else %} 109 | {% if vsx_role == 'primary' %} 110 | keepalive peer {{vsx_keepalive_ip_secondary}} source {{vsx_keepalive_ip_primary}} 111 | {% else %} 112 | keepalive peer {{vsx_keepalive_ip_primary}} source {{vsx_keepalive_ip_secondary}} 113 | {% endif %} 114 | {% endif %} 115 | {% for server in dns_servers %} 116 | ip dns server-address {{server}} vrf mgmt 117 | {% endfor %} 118 | ! 119 | ! 120 | ! 121 | ! 122 | ! 123 | https-server vrf mgmt 124 | -------------------------------------------------------------------------------- /deploy_campus_attached_dc_tor.yml: -------------------------------------------------------------------------------- 1 | - hosts: dc_tor 2 | gather_facts: False 3 | collections: 4 | - arubanetworks.aoscx 5 | vars: 6 | ansible_connection: network_cli 7 | tasks: 8 | - name: Generate Template for Device 9 | template: src="{{config_template}}" dest="{{config_path}}{{hostname}}.conf" mode='0777' 10 | 11 | - name: Copy generated config to device via SSH 12 | aoscx_config: 13 | src: "{{config_path}}{{hostname}}.conf" 14 | 15 | - name: Configure system interface-group speeds when provided 16 | block: 17 | - name: Enable auto-confirm 18 | aoscx_command: 19 | commands: ['auto-confirm'] 20 | 21 | - name: enabling 10g speed on system interface-group {{item}} 22 | aoscx_config: 23 | lines: 24 | - system interface-group {{item}} speed 10g 25 | loop: "{{speed_interface_group_10g}}" 26 | 27 | - name: Disable auto-confirm 28 | aoscx_command: 29 | commands: ['no auto-confirm'] 30 | when: speed_interface_group_10g is defined 31 | 32 | - hosts: dc_tor 33 | gather_facts: False 34 | collections: 35 | - arubanetworks.aoscx 36 | tasks: 37 | - set_fact: 38 | is_primary: "{{ vsx_role == 'primary' }}" 39 | 40 | - name: Enable keepalive Interface 41 | aoscx_interface: 42 | name: "{{ vsx_keepalive_int }}" 43 | enabled: true 44 | description: "VSX KA" 45 | 46 | - name: Create VSX keepalive L3 interface 47 | aoscx_l3_interface: 48 | interface: "{{ vsx_keepalive_int }}" 49 | description: "VSX KA" 50 | ipv4: "{{ vsx_keepalive_ip_primary if is_primary else vsx_keepalive_ip_secondary}}/31" 51 | 52 | - name: Create ISL LAG for VSX 53 | aoscx_lag_interface: 54 | state: create 55 | name: lag{{ vsx_isl_lagid }} 56 | interfaces: "{{ vsx_isl_ports }}" 57 | 58 | - name: Enable ISL LAG for VSX 59 | aoscx_interface: 60 | name: lag{{ vsx_isl_lagid }} 61 | enabled: true 62 | description: "VSX ISL" 63 | 64 | - name: Create VSX configuration 65 | aoscx_vsx: 66 | device_role: "{{ vsx_role }}" 67 | isl_port: lag{{ vsx_isl_lagid }} 68 | keepalive_peer_ip: "{{ vsx_keepalive_ip_secondary if is_primary else vsx_keepalive_ip_primary }}" 69 | keepalive_src_ip: "{{ vsx_keepalive_ip_primary if is_primary else vsx_keepalive_ip_secondary }}" 70 | system_mac: "{{ vsx_system_mac }}" 71 | 72 | - name: Create VLANs 73 | aoscx_vlan: 74 | vlan_id: "{{ item }}" 75 | with_items: "{{ server_vlans }}" 76 | 77 | - name: Create VLAN interface 78 | aoscx_vlan_interface: 79 | vlan_id: "{{item.vlan_id}}" 80 | ipv4: "{{item.ipv4}}" 81 | active_gateway_ip: "{{item.active_gateway_ip}}" 82 | active_gateway_mac_v4: "{{item.active_gateway_mac}}" 83 | loop: "{{core_vlan_interfaces}}" 84 | 85 | - name: Create Downstream MCLAG to Access 86 | aoscx_lag_interface: 87 | state: create 88 | name: lag{{ vsx_pair_dict.mclag_id }} 89 | interfaces: "{{ vsx_pair_dict.access_mclag_downlink_ports }}" 90 | multi_chassis: true 91 | loop: "{{vsx_pair_mclags}}" 92 | loop_control: 93 | loop_var: vsx_pair_dict 94 | 95 | - name: Configure MCLAG L2 Interface 96 | aoscx_l2_interface: 97 | interface: lag{{ vsx_pair_dict.mclag_id }} 98 | vlan_mode: trunk 99 | vlan_trunks: "{{ vsx_pair_dict.trunk_vlans}}" 100 | loop: "{{vsx_pair_mclags}}" 101 | loop_control: 102 | loop_var: vsx_pair_dict 103 | 104 | - name: Enable MCLAG Interface 105 | aoscx_interface: 106 | name: lag{{ vsx_pair_dict.mclag_id }} 107 | enabled: true 108 | description: "{{vsx_pair_dict.mclag_description }}" 109 | loop: "{{vsx_pair_mclags}}" 110 | loop_control: 111 | loop_var: vsx_pair_dict 112 | 113 | - name: Create Core BGP Neighbor 114 | include: tasks/aoscx/bgp_neighbor.yml 115 | vars: 116 | bgp_asn: "{{asn}}" 117 | neighbor_ip: "{{core_vsx_neighbor_ip}}" 118 | ipv4_unicast: True 119 | nexthopself: True 120 | ebgp_hop_count: 1 121 | remote_as: "{{asn}}" -------------------------------------------------------------------------------- /tasks/aoscx/bgp_neighbor.yml: -------------------------------------------------------------------------------- 1 | # This task list is used to add a BGP neighbor to an existing BGP ASN router 2 | - block: 3 | # Login to AOS-CX Switch 4 | - name: Login to AOS-CX Switch 5 | uri: 6 | url: "https://{{ansible_host}}/rest/v1/login" 7 | method: POST 8 | return_content: yes 9 | headers: 10 | Content-Type: "application/x-www-form-urlencoded" 11 | Accept: application/json 12 | x-use-csrf-token: true 13 | body: "username={{ansible_user}}&password={{ansible_password}}" 14 | validate_certs: no 15 | status_code: 200 16 | follow_redirects: yes 17 | register: cx_session 18 | 19 | - name: Create BGP Neighbor 20 | uri: 21 | url: "https://{{ansible_host}}/rest/v10.09/system/vrfs/default/bgp_routers/{{bgp_asn}}/bgp_neighbors" 22 | method: POST 23 | body_format: json 24 | headers: 25 | cookie: "{{ cx_session.set_cookie }}" 26 | x-csrf-token: "{{ cx_session.set_cookie }}" 27 | body: { 28 | "ORF_capability": {}, 29 | "ORF_prefix_list": {}, 30 | "add_paths": { 31 | "ipv4-unicast": "disable", 32 | "ipv6-unicast": "disable" 33 | }, 34 | "add_paths_adv_best_n": { 35 | "ipv4-unicast": 1, 36 | "ipv6-unicast": 1 37 | }, 38 | "advertisement_interval": {}, 39 | "allow_as_in": {}, 40 | "aspath_filters": {}, 41 | "bfd_enable": false, 42 | "bgp_peer_group": null, 43 | "default_originate": { 44 | "ipv4-unicast": false, 45 | "ipv6-unicast": false 46 | }, 47 | "default_originate_route_map": {}, 48 | "description": null, 49 | "ebgp_hop_count": 1, 50 | "fall_over": false, 51 | "gshut": { 52 | "local_pref": 0, 53 | "timer": 180 54 | }, 55 | "ignore_leading_as": false, 56 | "inbound_soft_reconfiguration": { 57 | "ipv4-unicast": false, 58 | "ipv6-unicast": false 59 | }, 60 | "local_as": null, 61 | "local_as_mode": "none", 62 | "passive": false, 63 | "password": null, 64 | "prefix_lists": {}, 65 | "remove_private_as": false, 66 | "route_maps": {}, 67 | "tcp_port_number": null, 68 | "timers": { 69 | "connect-retry": 120, 70 | "holdtime": 180, 71 | "keepalive": 60 72 | }, 73 | "ttl_security_hops": null, 74 | "update_source": null, 75 | "vsx_sync_exclude": null, 76 | "weight": 0, 77 | "ip_or_ifname_or_group_name": "{{neighbor_ip}}", 78 | "is_peer_group": False, 79 | "activate": {"ipv4-unicast": "{{ipv4_unicast| default(False)}}", "ipv6-unicast": False, 80 | "l2vpn-evpn": "{{l2_evpn| default(False)}}"}, 81 | "ebgp_hop_count": "{{ebgp_hop_count}}", 82 | "local_interface": {"loopback0": "/rest/v10.09/system/interfaces/loopback0"}, 83 | "max_prefix_options": {}, 84 | "next_hop_self": {"ipv4-unicast": "{{nexthopself| default(False)}}","ipv6-unicast": false, 85 | "l2vpn-evpn": "{{nexthopunchanged| default(False)}}"}, 86 | "next_hop_unchanged": {"l2vpn-evpn": "{{nexthopunchanged| default(False)}}"}, 87 | "route_reflector_client": { 88 | "ipv4-unicast": False, 89 | "ipv6-unicast": False, 90 | "l2vpn-evpn": "{{routereflectorclient|default(False)}}"}, 91 | "remote_as": "{{remote_as|int}}", 92 | "send_community": {"ipv4-unicast": "none", "ipv6-unicast": "none", 93 | "l2vpn-evpn": "{{send_community_l2_evpn| default('none')}}"}, 94 | "shutdown": False 95 | } 96 | validate_certs: no 97 | status_code: 201 98 | register: response 99 | changed_when: response.status == 201 100 | 101 | rescue: 102 | - debug: 103 | msg: "{{response.msg}}" 104 | 105 | always: 106 | # Logout from AOS-CX Switch 107 | - name: Logout from AOS-CX Switch 108 | uri: 109 | url: 'https://{{ansible_host}}/rest/v10.09/logout' 110 | method: POST 111 | body_format: json 112 | headers: 113 | cookie: "{{ cx_session.set_cookie }}" 114 | validate_certs: no 115 | status_code: 200 116 | -------------------------------------------------------------------------------- /configs/sample_configs/arch4/rsvdc-core1-1.txt: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.13.1000 3 | !export-password: default 4 | hostname RSVDC-CORE1-1 5 | user admin group administrators password ciphertext AQBapetVmtD4dXlkd3rWXjrI57yHNA4Zr0HszgOE7BgeEtekYgAAALC1aBsgvgOxs5UvlJtdipTnLbOzykRphH6kLpXi7FKHrFgrrm0n7EGSjtSLbOEvADjo8TtIC9hU1ZJbe25QdO2znb4JzsYtdE9yq4IMMFtzARalPNC85VYOcbZylD+0iEeF 6 | clock timezone america/los_angeles 7 | profile l3-agg 8 | ntp server 10.2.120.98 prefer 9 | ntp server 10.2.120.99 prefer 10 | ntp enable 11 | ntp vrf mgmt 12 | ! 13 | ! 14 | ! 15 | ! 16 | tacacs-server host 10.2.120.94 key ciphertext AQBapah6J58j0GKl3+uHUBUlAKt4DOo0wBo+DyDjLrayIJ8jCQAAANRLzagS8NJrTQ== vrf mgmt 17 | tacacs-server host 10.2.120.95 key ciphertext AQBapWA2l0klkgqYXjMyTwXPBiM4rnR4xSc41ul+Ufo7PaAhCQAAAJvSMgzD8n1wWw== vrf mgmt 18 | ! 19 | ! 20 | ! 21 | ssh server vrf mgmt 22 | vlan 1 23 | vlan 101 24 | name PROD-WEB 25 | vlan 102 26 | name PROD-DB 27 | vlan 4000 28 | name CORE-ROUTING 29 | spanning-tree 30 | spanning-tree priority 0 31 | spanning-tree config-name RSVDC 32 | interface mgmt 33 | no shutdown 34 | ip dhcp 35 | interface lag 1 multi-chassis 36 | description RACK-1 37 | no shutdown 38 | no routing 39 | vlan trunk native 1 40 | vlan trunk allowed all 41 | lacp mode active 42 | lacp fallback 43 | spanning-tree root-guard 44 | interface lag 2 multi-chassis 45 | description RACK-2 46 | no shutdown 47 | no routing 48 | vlan trunk native 1 49 | vlan trunk allowed all 50 | lacp mode active 51 | lacp fallback 52 | spanning-tree root-guard 53 | interface lag 101 multi-chassis 54 | description EXT-FW1-1 55 | no shutdown 56 | no routing 57 | vlan trunk native 1 58 | vlan trunk allowed 4000 59 | lacp mode active 60 | lacp fallback 61 | spanning-tree root-guard 62 | interface lag 102 multi-chassis 63 | description EXT-FW1-2 64 | no shutdown 65 | no routing 66 | vlan trunk native 1 67 | vlan trunk allowed 4000 68 | lacp mode active 69 | lacp fallback 70 | spanning-tree root-guard 71 | interface lag 256 72 | description VSX_ISL_LAG 73 | no shutdown 74 | no routing 75 | vlan trunk native 1 76 | vlan trunk allowed all 77 | lacp mode active 78 | interface 1/1/1 79 | description RSVDC-ACCESS1-1 80 | no shutdown 81 | mtu 9198 82 | lag 1 83 | interface 1/1/2 84 | description RSVDC-ACCESS1-2 85 | no shutdown 86 | mtu 9198 87 | lag 1 88 | interface 1/1/3 89 | description RSVDC-ACCESS2-1 90 | no shutdown 91 | mtu 9198 92 | lag 2 93 | interface 1/1/4 94 | description RSVDC-ACCESS2-2 95 | no shutdown 96 | mtu 9198 97 | lag 2 98 | interface 1/1/29 99 | description EXT-FW1-1 100 | no shutdown 101 | mtu 9198 102 | lag 101 103 | interface 1/1/30 104 | description EXT-FW1-2 105 | no shutdown 106 | mtu 9198 107 | lag 102 108 | interface 1/1/31 109 | description VSX-ISL 110 | no shutdown 111 | mtu 9198 112 | lag 256 113 | interface 1/1/32 114 | description VSX-ISL 115 | no shutdown 116 | mtu 9198 117 | lag 256 118 | interface loopback 0 119 | ip address 10.250.12.1/32 120 | ip ospf 1 area 0.0.0.0 121 | interface vlan 101 122 | description PROD-WEB-SVI 123 | ip mtu 9198 124 | ip address 10.12.101.2/24 125 | active-gateway ip mac 02:00:0a:01:65:01 126 | active-gateway ip 10.12.101.1 127 | ip ospf 1 area 0.0.0.0 128 | ip igmp enable 129 | ip pim-sparse enable 130 | interface vlan 102 131 | description PROD-DB-SVI 132 | ip mtu 9198 133 | ip address 10.12.102.2/24 134 | active-gateway ip mac 02:00:0a:01:65:01 135 | active-gateway ip 10.12.102.1 136 | ip ospf 1 area 0.0.0.0 137 | ip igmp enable 138 | ip pim-sparse enable 139 | interface vlan 4000 140 | description CORE-ROUTING-SVI 141 | ip mtu 9000 142 | ip address 10.255.12.1/29 143 | ip ospf 1 area 0.0.0.0 144 | no ip ospf passive 145 | ip pim-sparse enable 146 | snmp-server system-location DC01, Roseville, CA 147 | snmp-server system-contact netadmin@orangetme.local 148 | vsx 149 | system-mac 02:00:00:00:10:00 150 | inter-switch-link lag 256 151 | role primary 152 | keepalive peer 172.16.104.102 source 172.16.104.101 vrf mgmt 153 | ip dns domain-name example.local vrf mgmt 154 | ip dns server-address 10.2.120.98 vrf mgmt 155 | ip dns server-address 10.2.120.99 vrf mgmt 156 | ! 157 | ! 158 | ! 159 | ! 160 | ! 161 | router ospf 1 162 | router-id 10.250.12.1 163 | passive-interface default 164 | area 0.0.0.0 165 | router pim 166 | enable 167 | active-active 168 | https-server vrf mgmt 169 | configuration-lockout central managed 170 | -------------------------------------------------------------------------------- /templates/2TierV2/core.j2: -------------------------------------------------------------------------------- 1 | 2 | hostname {{ hostname}} 3 | user admin group administrators password ciphertext AQBapetVmtD4dXlkd3rWXjrI57yHNA4Zr0HszgOE7BgeEtekYgAAALC1aBsgvgOxs5UvlJtdipTnLbOzykRphH6kLpXi7FKHrFgrrm0n7EGSjtSLbOEvADjo8TtIC9hU1ZJbe25QdO2znb4JzsYtdE9yq4IMMFtzARalPNC85VYOcbZylD+0iEeF 4 | clock timezone {{timezone}} 5 | profile l3-agg 6 | {% for server in ntp_servers %} 7 | ntp server {{ server }} 8 | {% endfor %} 9 | ntp enable 10 | ntp vrf {{ ntp_vrf | default("mgmt", true) }} 11 | ! 12 | ! 13 | ! 14 | ! 15 | {% for server in tacacs_servers %} 16 | tacacs-server host {{server.host}} key ciphertext {{server.ciphertext}} vrf mgmt 17 | {% endfor %} 18 | ! 19 | ! 20 | ! 21 | ssh server vrf mgmt 22 | router ospf 1 23 | router-id {{loopback0_ip}} 24 | passive-interface default 25 | area {{ospf_area}} 26 | router pim 27 | enable 28 | active-active 29 | vlan 1 30 | {% for vlan in host_vlans %} 31 | vlan {{vlan.id}} 32 | name {{vlan.name}} 33 | {% endfor %} 34 | {% for vlan in routing_vlans %} 35 | vlan {{vlan.id}} 36 | name {{vlan.name}} 37 | {% endfor %} 38 | spanning-tree 39 | spanning-tree priority 0 40 | {% if group is defined %} 41 | spanning-tree config-name {{group}} 42 | {% elif stp_config_name is defined %} 43 | spanning-tree config-name {{stp_config_name}} 44 | {% endif %} 45 | interface mgmt 46 | no shutdown 47 | ip dhcp 48 | {% for lag in mclags %} 49 | interface lag {{ lag.id }} multi-chassis 50 | description {{ lag.description }} 51 | no shutdown 52 | no routing 53 | vlan trunk native 1 54 | {% for vlan in lag.allowed_vlans %} 55 | vlan trunk allowed {{vlan}} 56 | {% endfor %} 57 | lacp mode active 58 | lacp fallback 59 | spanning-tree root-guard 60 | {% endfor %} 61 | {% for lag in mclags %} 62 | {% for interface in lag.interfaces %} 63 | interface {{interface}} 64 | no shutdown 65 | description {{ lag.description }} 66 | {% if mtu is defined %} 67 | mtu {{mtu}} 68 | {% endif %} 69 | lag {{lag.id}} 70 | {% endfor %} 71 | {% endfor %} 72 | interface lag {{vsx_isl_lagid}} 73 | no shutdown 74 | description VSX-ISL-LAG 75 | no routing 76 | vlan trunk native 1 tag 77 | vlan trunk allowed all 78 | lacp mode active 79 | {% for interface in vsx_isl_ports %} 80 | interface {{interface}} 81 | no shutdown 82 | description VSX-ISL 83 | {% if mtu is defined %} 84 | mtu {{mtu}} 85 | {% endif %} 86 | lag {{vsx_isl_lagid}} 87 | {% endfor %} 88 | {% if vsx_keepalive_int is defined %} 89 | interface {{vsx_keepalive_int}} 90 | no shutdown 91 | description VSX KA 92 | {% if vsx_role == 'primary' %} 93 | ip address {{vsx_keepalive_ip_primary}}/31 94 | {% else %} 95 | ip address {{vsx_keepalive_ip_secondary}}/31 96 | {% endif %} 97 | {% endif %} 98 | {% for vlan in host_vlans %} 99 | interface vlan {{vlan.id}} 100 | description {{vlan.name}} 101 | ip mtu 9198 102 | ip address {{vlan.ip_address}}/{{vlan.mask | default('24', true)}} 103 | active-gateway ip mac {{vlan.active_gateway_mac}} 104 | active-gateway ip {{vlan.active_gateway_ip}} 105 | ip ospf 1 area {{ospf_area}} 106 | ip igmp enable 107 | ip pim-sparse enable 108 | {% endfor %} 109 | {% for vlan in routing_vlans %} 110 | interface vlan {{vlan.id}} 111 | description {{vlan.name}} 112 | ip mtu 9000 113 | ip address {{vlan.ip_address}}/{{vlan.mask | default('29', true)}} 114 | ip ospf 1 area {{ospf_area}} 115 | no ip ospf passive 116 | ip pim-sparse enable 117 | {% endfor %} 118 | interface loopback 0 119 | ip address {{loopback0_ip}}/32 120 | ip ospf 1 area {{ospf_area}} 121 | snmp-server system-location {{ system_location }} 122 | snmp-server system-contact {{ system_contact }} 123 | vsx 124 | system-mac {{vsx_system_mac | default('02:00:00:00:10:01', true)}} 125 | inter-switch-link lag {{vsx_isl_lagid | default('256', true)}} 126 | role {{vsx_role}} 127 | {% if vsx_keepalive_vrf is defined %} 128 | {% if vsx_role == 'primary' %} 129 | keepalive peer {{vsx_keepalive_ip_secondary}} source {{vsx_keepalive_ip_primary}} vrf {{vsx_keepalive_vrf}} 130 | {% else %} 131 | keepalive peer {{vsx_keepalive_ip_primary}} source {{vsx_keepalive_ip_secondary}} vrf {{vsx_keepalive_vrf}} 132 | {% endif %} 133 | {% else %} 134 | {% if vsx_role == 'primary' %} 135 | keepalive peer {{vsx_keepalive_ip_secondary}} source {{vsx_keepalive_ip_primary}} 136 | {% else %} 137 | keepalive peer {{vsx_keepalive_ip_primary}} source {{vsx_keepalive_ip_secondary}} 138 | {% endif %} 139 | {% endif %} 140 | ip dns domain-name {{ dns_domain | default("example.local", true) }} 141 | {% for server in dns_servers %} 142 | ip dns server-address {{server}} vrf mgmt 143 | {% endfor %} 144 | ! 145 | ! 146 | ! 147 | ! 148 | ! 149 | https-server vrf mgmt 150 | -------------------------------------------------------------------------------- /filter_plugins/aoscx_filters.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | # (C) Copyright 2019 Hewlett Packard Enterprise Development LP. 5 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 | import json 7 | 8 | 9 | class FilterModule(object): 10 | def filters(self): 11 | return { 12 | 'replace_special_characters': self.replace_special_characters, 13 | 'map_ports_to_uris': self.map_ports_to_uris, 14 | 'map_vlans_to_uris': self.map_vlans_to_uris, 15 | 'json_to_dict': self.json_to_dict, 16 | 'add_lacp_key_interface': self.add_lacp_key_interface, 17 | 'add_mtu_interface': self.add_mtu_interface, 18 | 'add_admin_state_interface': self.add_admin_state_interface, 19 | 'replace_value_in_key': self.replace_value_in_key, 20 | 'add_key_and_value': self.add_key_and_value 21 | } 22 | 23 | def replace_special_characters(self, str_special_chars): 24 | """ 25 | Replaces special characters in a string with their percent-encoded counterparts 26 | ':' -> '%3A' 27 | '/' -> '%2F' 28 | ',' -> '%2C' 29 | (e.g. "1/1/9" -> "1%2F1%2F9") 30 | :param str_special_chars: string in which to substitute characters 31 | :return: new string with characters replaced by their percent-encoded counterparts 32 | """ 33 | str_percents = str_special_chars.replace(":", "%3A").replace("/", "%2F").replace( 34 | ",", "%2C") 35 | return str_percents 36 | 37 | def map_ports_to_uris(self, port_info_list): 38 | """ 39 | Maps a list of port dictionaries to a list of Port table entry URIs 40 | (e.g. [{"name": "1/1/1", "description": "one"}, {"name": "1/1/2"}] -> 41 | ["/rest/v1/system/interfaces/1", "/rest/v1/system/interfaces/2"]) 42 | :param port_info_list: List of port dictionaries 43 | return: List of Port table entry URIs 44 | """ 45 | 46 | return ["/rest/v1/system/interfaces/%s" % self.replace_special_characters(port) for port in port_info_list] 47 | 48 | def map_vlans_to_uris(self, vlans_list): 49 | """ 50 | Maps a list of VLAN IDs to a list of VLAN table entry URIs 51 | (e.g. [1, 2] -> ["/rest/v1/system/vlans/1", "/rest/v1/system/vlans/2"]) 52 | :param vlans_list: List of VLAN IDs 53 | return: List of VLAN table entry URIs 54 | """ 55 | 56 | return ["/rest/v1/system/vlans/%d" % int(vlan) for vlan in vlans_list] 57 | 58 | def json_to_dict(self, json_string): 59 | """ 60 | This function converts the JSON string to a dict 61 | :param json_string: JSON string 62 | :return: interface_json 63 | """ 64 | return json.loads(json_string) 65 | 66 | def add_lacp_key_interface(self, interface_json, lag_id): 67 | """ 68 | This function sets the LACP aggregation key field in an Interface entry JSON 69 | :param interface_json: JSON from REST API GET /rest/v1/system 70 | :param lag_id: Numeric ID of the LAG to which the port is to be added 71 | :return: interface_json 72 | """ 73 | if 'other_config' in interface_json.keys(): 74 | interface_json['other_config']['lacp-aggregation-key'] = int(lag_id) 75 | else: 76 | interface_json['other_config'] = {'lacp-aggregation-key': int(lag_id)} 77 | 78 | return interface_json 79 | 80 | def add_mtu_interface(self, interface_json, mtu): 81 | """ 82 | This function sets the MTU value in an Interface entry JSON 83 | :param interface_json: JSON from REST API GET /rest/v1/system 84 | :param mtu: Numeric MTU value 85 | :return: interface_json 86 | """ 87 | if 'user_config' in interface_json.keys(): 88 | interface_json['user_config']['mtu'] = int(mtu) 89 | else: 90 | interface_json['user_config'] = {'mtu': int(mtu)} 91 | 92 | return interface_json 93 | 94 | def add_admin_state_interface(self, interface_json, enabled): 95 | """ 96 | This function sets the admin state in an Interface entry JSON 97 | :param interface_json: JSON from REST API GET /rest/v1/system 98 | :param enabled: True to enable; False otherwise 99 | :return: interface_json 100 | """ 101 | if enabled: 102 | state = "up" 103 | else: 104 | state = "down" 105 | 106 | if 'user_config' in interface_json.keys(): 107 | interface_json['user_config']['admin'] = state 108 | else: 109 | interface_json['user_config'] = {'admin': state} 110 | 111 | return interface_json 112 | 113 | def replace_value_in_key(self, get_json_data, json_key, json_value): 114 | """ 115 | This function replaces the given key's value in the provided JSON 116 | with the given value. There is no error checking or validation. 117 | :param get_json_data: JSON from REST API GET 118 | :param json_key: Key string expected to be in get_json_data 119 | :param json_value: Value to be stored in get_json_data 120 | :return: get_json_data 121 | """ 122 | 123 | if json_key in get_json_data.keys(): 124 | if type(json_value) == type(get_json_data[json_key]): 125 | get_json_data[json_key] = json_value 126 | 127 | return get_json_data 128 | 129 | def add_key_and_value(self, get_json_data, json_key, json_value): 130 | """ 131 | This function adds the given key to the provided JSON 132 | with the given value. There is no error checking or validation. 133 | :param get_json_data: JSON from REST API GET 134 | :param json_key: Key string to be added to get_json_data 135 | :param json_value: Value to be stored in get_json_data 136 | :return: get_json_data 137 | """ 138 | 139 | get_json_data[json_key] = json_value 140 | 141 | return get_json_data 142 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution Guidelines 2 | 3 | If you're reading this, you're probably thinking about contributing to this repository. We really appreciate that--thank you! 4 | 5 | This document provides guidelines on contributing to this repository. Please follow these guidelines when creating issues, making commits, and submitting pull requests. The repository maintainers review all pull requests and verify that they conform to these guidelines before approving and merging. 6 | 7 | #### Table Of Contents 8 | [How Can I Contribute?](#how-can-i-contribute) 9 | * [Contribution Ideas](#contribution-ideas) 10 | * [What should I know before I get started?](#what-should-i-know-before-i-get-started) 11 | 12 | [Licensing](#licensing) 13 | * [Developer's Certificate of Origin](#developers-certificate-of-origin) 14 | * [Sign Your Work](#sign-your-work) 15 | 16 | [Coding Conventions](#coding-conventions) 17 | 18 | [Additional Notes](#additional-notes) 19 | * [Resources](#resources) 20 | 21 | ## How Can I Contribute? 22 | 23 | ### Contribution Ideas 24 | 25 | 1. Raise issues for bugs, features, and enhancements. 26 | 1. Submit updates and improvements to the documentation. 27 | 1. Submit articles and guides, which are also part of the documentation. 28 | 1. Help out repo maintainers by answering questions in [Airheads Developer Community][airheads-link]. 29 | 1. Share feedback and let us know about interesting use cases in [Airheads Developer Community][airheads-link]. 30 | 31 | ### What should I know before I get started? 32 | 33 | The best way to directly collaborate with the project contributors is through GitHub. 34 | 35 | * If you want to raise an issue such as a defect, an enhancement request, feature request, or a general issue, please open a GitHub issue. 36 | * If you want to contribute to our code by either fixing a problem, enhancing some code, or creating a new feature, please open a GitHub pull request against the development branch. 37 | > **Note:** All pull requests require an associated issue number, must be made against the **development** branch, and require acknowledgement of the DCO. See the [Licensing](#licensing) section below. 38 | 39 | Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing. 40 | 41 | It is your responsibility to test and verify, prior to submitting a pull request, that your updated code doesn't introduce any bugs. Please write a clear commit message for each commit. Brief messages are fine for small changes, but bigger changes warrant a little more detail (at least a few sentences). 42 | Note that all patches from all contributors get reviewed. 43 | After a pull request is made, other contributors will offer feedback. If the patch passes review, a maintainer will accept it with a comment. 44 | When a pull request fails review, the author is expected to update the pull request to address the issue until it passes review and the pull request merges successfully. 45 | 46 | At least one review from a maintainer is required for all patches. 47 | 48 | ## Licensing 49 | 50 | All contributions must include acceptance of the DCO: 51 | 52 | ### Developer’s Certificate of Origin 53 | 54 | > Developer Certificate of Origin Version 1.1 55 | > 56 | > Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 660 57 | > York Street, Suite 102, San Francisco, CA 94110 USA 58 | > 59 | > Everyone is permitted to copy and distribute verbatim copies of this 60 | > license document, but changing it is not allowed. 61 | > 62 | > Developer's Certificate of Origin 1.1 63 | > 64 | > By making a contribution to this project, I certify that: 65 | > 66 | > \(a) The contribution was created in whole or in part by me and I have 67 | > the right to submit it under the open source license indicated in the 68 | > file; or 69 | > 70 | > \(b) The contribution is based upon previous work that, to the best of my 71 | > knowledge, is covered under an appropriate open source license and I 72 | > have the right under that license to submit that work with 73 | > modifications, whether created in whole or in part by me, under the same 74 | > open source license (unless I am permitted to submit under a different 75 | > license), as indicated in the file; or 76 | > 77 | > \(c) The contribution was provided directly to me by some other person 78 | > who certified (a), (b) or (c) and I have not modified it. 79 | > 80 | > \(d) I understand and agree that this project and the contribution are 81 | > public and that a record of the contribution (including all personal 82 | > information I submit with it, including my sign-off) is maintained 83 | > indefinitely and may be redistributed consistent with this project or 84 | > the open source license(s) involved. 85 | 86 | ### Sign Your Work 87 | 88 | To accept the DCO, simply add this line to each commit message with your 89 | name and email address (`git commit -s` will do this for you): 90 | 91 | Signed-off-by: Jane Example 92 | 93 | For legal reasons, no anonymous or pseudonymous contributions are 94 | accepted. 95 | 96 | ## Coding Conventions 97 | 98 | 1. Python code should conform to PEP-8. PyCharm editor has a built-in PEP-8 checker. 99 | 1. Since this is a collaborative project, document your code with comments that will help other contributors understand the code you write. 100 | 1. When in doubt, follow conventions you see used in the source already. 101 | 102 | ## Additional Notes 103 | 104 | > **Note:** Please don't file an issue to ask a question. Please reach out to us via email or disucssion forums. 105 | 106 | ### Resources 107 | 108 | | Resource | Description | 109 | | --- | --- | 110 | | [Aruba Developer Hub][devhub-link] | Aruba Developer Hub that showcases all automated solutions for Aruba products. | 111 | | [Airheads Developer Community][airheads-link] | Aruba Airheads forum to discuss all things network automation. | 112 | | [Aruba Bots Automate Videos][aruba-bots-playlist-link]| YouTube playlist containing instructional videos for Ansible and Python automation repositories. | 113 | | [aruba-automation@hpe.com][email-link] | Distribution list email to contact the Aruba Automation Technical Marketing Engineering team. | 114 | 115 | 116 | [devhub-link]: https://developer.arubanetworks.com/ 117 | [airheads-link]: https://community.arubanetworks.com/t5/Developer-Community/bd-p/DeveloperCommunity 118 | [aruba-bots-playlist-link]: https://www.youtube.com/playlist?list=PLsYGHuNuBZcY02FUh95ZpOB5VFkPurVaX 119 | [email-link]: mailto:aruba-automation@hpe.com 120 | -------------------------------------------------------------------------------- /configs/sample_configs/arch4/rsvdc-core1-2.txt: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX GL.10.13.1000 3 | !export-password: default 4 | hostname RSVDC-CORE1-2 5 | user admin group administrators password ciphertext AQBapVj0CGNeuTF6KhzNF88xzLvFgsicKCwPEbErEfmx4qrvYgAAAA4SMWzRJcChS47l3UcPoBDPMQDUeSZSnualBxa0AXFRwtVQPRkslr6gx2NB6JE2Wt1z7hwKYGVjXQLbUR2Y2cMLeJvzFBD8eCRXbrWCNYrp4yOWKH8DeT9Mj0a/S5A2IiHf 6 | clock timezone america/los_angeles 7 | profile l3-agg 8 | ntp server 10.2.120.98 prefer 9 | ntp server 10.2.120.99 prefer 10 | ntp enable 11 | ntp vrf mgmt 12 | ! 13 | ! 14 | ! 15 | ! 16 | tacacs-server host 10.2.120.94 key ciphertext AQBapcfUlAbikNy9W9RhU5ZgbbFRoHjiJxpiU5MBnxbZ7qkOCQAAACGs3uenZoSEOA== vrf mgmt 17 | tacacs-server host 10.2.120.95 key ciphertext AQBapcwAlPRihl+PO3yec4U2mx+icqWajjxp48WXQdSJgu18CQAAAF9qUKZ4hMiGDQ== vrf mgmt 18 | ! 19 | ! 20 | ! 21 | ssh server vrf mgmt 22 | vlan 1 23 | vlan 101 24 | name PROD-WEB 25 | vlan 102 26 | name PROD-DB 27 | vlan 4000 28 | name CORE-ROUTING 29 | spanning-tree 30 | spanning-tree priority 0 31 | spanning-tree config-name RSVDC 32 | interface mgmt 33 | no shutdown 34 | ip dhcp 35 | interface lag 1 multi-chassis 36 | description RACK-1 37 | no shutdown 38 | no routing 39 | vlan trunk native 1 40 | vlan trunk allowed all 41 | lacp mode active 42 | lacp fallback 43 | spanning-tree root-guard 44 | interface lag 2 multi-chassis 45 | description RACK-2 46 | no shutdown 47 | no routing 48 | vlan trunk native 1 49 | vlan trunk allowed all 50 | lacp mode active 51 | lacp fallback 52 | spanning-tree root-guard 53 | interface lag 101 multi-chassis 54 | description EXT-FW1-1 55 | no shutdown 56 | no routing 57 | vlan trunk native 1 58 | vlan trunk allowed 4000 59 | lacp mode active 60 | lacp fallback 61 | spanning-tree root-guard 62 | interface lag 102 multi-chassis 63 | description EXT-FW1-2 64 | no shutdown 65 | no routing 66 | vlan trunk native 1 67 | vlan trunk allowed 4000 68 | lacp mode active 69 | lacp fallback 70 | spanning-tree root-guard 71 | interface lag 256 72 | description VSX_ISL_LAG 73 | no shutdown 74 | no routing 75 | vlan trunk native 1 76 | vlan trunk allowed all 77 | lacp mode active 78 | interface 1/1/1 79 | description RSVDC-ACCESS1-1 80 | no shutdown 81 | mtu 9198 82 | lag 1 83 | interface 1/1/2 84 | description RSVDC-ACCESS1-2 85 | no shutdown 86 | mtu 9198 87 | lag 1 88 | interface 1/1/3 89 | description RSVDC-ACCESS2-1 90 | no shutdown 91 | mtu 9198 92 | lag 2 93 | interface 1/1/4 94 | description RSVDC-ACCESS2-2 95 | no shutdown 96 | mtu 9198 97 | lag 2 98 | interface 1/1/5 99 | no shutdown 100 | no routing 101 | vlan access 1 102 | interface 1/1/6 103 | no shutdown 104 | no routing 105 | vlan access 1 106 | interface 1/1/7 107 | no shutdown 108 | no routing 109 | vlan access 1 110 | interface 1/1/8 111 | no shutdown 112 | no routing 113 | vlan access 1 114 | interface 1/1/9 115 | no shutdown 116 | no routing 117 | vlan access 1 118 | interface 1/1/10 119 | no shutdown 120 | no routing 121 | vlan access 1 122 | interface 1/1/11 123 | no shutdown 124 | no routing 125 | vlan access 1 126 | interface 1/1/12 127 | no shutdown 128 | no routing 129 | vlan access 1 130 | interface 1/1/13 131 | no shutdown 132 | no routing 133 | vlan access 1 134 | interface 1/1/14 135 | no shutdown 136 | no routing 137 | vlan access 1 138 | interface 1/1/15 139 | no shutdown 140 | no routing 141 | vlan access 1 142 | interface 1/1/16 143 | no shutdown 144 | no routing 145 | vlan access 1 146 | interface 1/1/17 147 | no shutdown 148 | no routing 149 | vlan access 1 150 | interface 1/1/18 151 | no shutdown 152 | no routing 153 | vlan access 1 154 | interface 1/1/19 155 | no shutdown 156 | no routing 157 | vlan access 1 158 | interface 1/1/20 159 | no shutdown 160 | no routing 161 | vlan access 1 162 | interface 1/1/21 163 | no shutdown 164 | no routing 165 | vlan access 1 166 | interface 1/1/22 167 | no shutdown 168 | no routing 169 | vlan access 1 170 | interface 1/1/23 171 | no shutdown 172 | no routing 173 | vlan access 1 174 | interface 1/1/24 175 | no shutdown 176 | no routing 177 | vlan access 1 178 | interface 1/1/25 179 | no shutdown 180 | no routing 181 | vlan access 1 182 | interface 1/1/26 183 | no shutdown 184 | no routing 185 | vlan access 1 186 | interface 1/1/27 187 | no shutdown 188 | no routing 189 | vlan access 1 190 | interface 1/1/28 191 | no shutdown 192 | no routing 193 | vlan access 1 194 | interface 1/1/29 195 | description EXT-FW1-1 196 | no shutdown 197 | mtu 9198 198 | lag 101 199 | interface 1/1/30 200 | description EXT-FW1-2 201 | no shutdown 202 | mtu 9198 203 | lag 102 204 | interface 1/1/31 205 | description VSX-ISL 206 | no shutdown 207 | mtu 9198 208 | lag 256 209 | interface 1/1/32 210 | description VSX-ISL 211 | no shutdown 212 | mtu 9198 213 | lag 256 214 | interface loopback 0 215 | ip address 10.250.12.2/32 216 | ip ospf 1 area 0.0.0.0 217 | interface vlan 101 218 | description PROD-WEB-SVI 219 | ip mtu 9198 220 | ip address 10.12.101.3/24 221 | active-gateway ip mac 02:00:0a:01:65:01 222 | active-gateway ip 10.12.101.1 223 | ip ospf 1 area 0.0.0.0 224 | ip igmp enable 225 | ip pim-sparse enable 226 | interface vlan 102 227 | description PROD-DB-SVI 228 | ip mtu 9198 229 | ip address 10.12.102.3/24 230 | active-gateway ip mac 02:00:0a:01:65:01 231 | active-gateway ip 10.12.102.1 232 | ip ospf 1 area 0.0.0.0 233 | ip igmp enable 234 | ip pim-sparse enable 235 | interface vlan 4000 236 | description CORE-ROUTING-SVI 237 | ip mtu 9000 238 | ip address 10.255.12.2/29 239 | ip ospf 1 area 0.0.0.0 240 | no ip ospf passive 241 | ip pim-sparse enable 242 | snmp-server system-location DC01, Roseville, CA 243 | snmp-server system-contact netadmin@orangetme.local 244 | vsx 245 | system-mac 02:00:00:00:10:00 246 | inter-switch-link lag 256 247 | role secondary 248 | keepalive peer 172.16.104.101 source 172.16.104.102 vrf mgmt 249 | ip dns domain-name example.local vrf mgmt 250 | ip dns server-address 10.2.120.98 vrf mgmt 251 | ip dns server-address 10.2.120.99 vrf mgmt 252 | ! 253 | ! 254 | ! 255 | ! 256 | ! 257 | router ospf 1 258 | router-id 10.250.12.2 259 | passive-interface default 260 | area 0.0.0.0 261 | router pim 262 | enable 263 | active-active 264 | https-server vrf mgmt 265 | configuration-lockout central managed 266 | -------------------------------------------------------------------------------- /deploy_2tier_dedicated_datacenter.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | gather_facts: False 3 | collections: 4 | - arubanetworks.aoscx 5 | vars: 6 | ansible_connection: network_cli 7 | tasks: 8 | - name: Generate Template for Device 9 | template: src="{{config_template}}" dest="{{config_path}}{{hostname}}.conf" mode='0777' 10 | 11 | - name: Copy generated config to device via SSH 12 | aoscx_config: 13 | src: "{{config_path}}{{hostname}}.conf" 14 | 15 | - name: Configure system interface-group speeds when provided 16 | block: 17 | - name: Enable auto-confirm 18 | aoscx_command: 19 | commands: ['auto-confirm'] 20 | 21 | - name: enabling 10g speed on system interface-group {{item}} 22 | aoscx_config: 23 | lines: 24 | - system interface-group {{item}} speed 10g 25 | loop: "{{speed_interface_group_10g}}" 26 | 27 | - name: Disable auto-confirm 28 | aoscx_command: 29 | commands: ['no auto-confirm'] 30 | when: speed_interface_group_10g is defined 31 | 32 | - hosts: core 33 | gather_facts: False 34 | collections: 35 | - arubanetworks.aoscx 36 | tasks: 37 | - set_fact: 38 | is_primary: "{{ vsx_role == 'primary' }}" 39 | 40 | - name: Enable keepalive Interface 41 | aoscx_interface: 42 | name: "{{ vsx_keepalive_int }}" 43 | enabled: true 44 | description: "VSX KA" 45 | 46 | - name: Create VSX keepalive L3 interface 47 | aoscx_l3_interface: 48 | interface: "{{ vsx_keepalive_int }}" 49 | description: "VSX KA" 50 | ipv4: "{{ vsx_keepalive_ip_primary if is_primary else vsx_keepalive_ip_secondary}}/31" 51 | 52 | - name: Create ISL LAG for VSX 53 | aoscx_lag_interface: 54 | state: create 55 | name: lag{{ vsx_isl_lagid }} 56 | interfaces: "{{ vsx_isl_ports }}" 57 | 58 | - name: Enable ISL LAG for VSX 59 | aoscx_interface: 60 | name: lag{{ vsx_isl_lagid }} 61 | enabled: true 62 | description: "VSX ISL" 63 | 64 | - name: Create VSX configuration 65 | aoscx_vsx: 66 | device_role: "{{ vsx_role }}" 67 | isl_port: lag"{{ vsx_isl_lagid }}" 68 | keepalive_peer_ip: "{{ vsx_keepalive_ip_secondary if is_primary else vsx_keepalive_ip_primary }}" 69 | keepalive_src_ip: "{{ vsx_keepalive_ip_primary if is_primary else vsx_keepalive_ip_secondary }}" 70 | system_mac: "{{ vsx_system_mac }}" 71 | 72 | - name: Create VLANs 73 | aoscx_vlan: 74 | vlan_id: "{{ item }}" 75 | with_items: "{{ server_vlans }}" 76 | 77 | - name: Create VLAN interface 78 | aoscx_vlan_interface: 79 | vlan_id: "{{item.vlan_id}}" 80 | ipv4: "{{item.ipv4}}" 81 | active_gateway_ip: "{{item.active_gateway_ip}}" 82 | active_gateway_mac_v4: "{{item.active_gateway_mac}}" 83 | loop: "{{core_vlan_interfaces}}" 84 | 85 | - name: Create Downstream MCLAG to Access 86 | aoscx_lag_interface: 87 | state: create 88 | name: lag{{ vsx_pair_dict.mclag_id }} 89 | interfaces: "{{ vsx_pair_dict.access_mclag_downlink_ports }}" 90 | multi_chassis: true 91 | loop: "{{vsx_pair_mclags}}" 92 | loop_control: 93 | loop_var: vsx_pair_dict 94 | 95 | - name: Configure MCLAG L2 Interface 96 | aoscx_l2_interface: 97 | interface: lag{{ vsx_pair_dict.mclag_id }} 98 | vlan_mode: trunk 99 | vlan_trunks: "{{ vsx_pair_dict.trunk_vlans}}" 100 | loop: "{{vsx_pair_mclags}}" 101 | loop_control: 102 | loop_var: vsx_pair_dict 103 | 104 | - name: Enable MCLAG Interface 105 | aoscx_interface: 106 | name: lag{{ vsx_pair_dict.mclag_id }} 107 | enabled: true 108 | description: "{{vsx_pair_dict.mclag_description }}" 109 | loop: "{{vsx_pair_mclags}}" 110 | loop_control: 111 | loop_var: vsx_pair_dict 112 | 113 | - name: Create Core BGP Neighbor 114 | include: tasks/aoscx/bgp_neighbor.yml 115 | vars: 116 | bgp_asn: "{{asn}}" 117 | neighbor_ip: "{{core_vsx_neighbor_ip}}" 118 | ipv4_unicast: True 119 | nexthopself: True 120 | ebgp_hop_count: 1 121 | remote_as: "{{asn}}" 122 | 123 | - hosts: access 124 | gather_facts: False 125 | collections: 126 | - arubanetworks.aoscx 127 | tasks: 128 | - set_fact: 129 | is_primary: "{{ vsx_role == 'primary' }}" 130 | 131 | - name: Enable keepalive Interface 132 | aoscx_interface: 133 | name: "{{ vsx_keepalive_int }}" 134 | enabled: true 135 | description: "VSX KA" 136 | 137 | - name: Create VSX keepalive L3 interface 138 | aoscx_l3_interface: 139 | interface: "{{ vsx_keepalive_int }}" 140 | description: "VSX KA" 141 | ipv4: "{{ vsx_keepalive_ip_primary if is_primary else vsx_keepalive_ip_secondary}}/31" 142 | 143 | - name: Create ISL LAG for VSX 144 | aoscx_lag_interface: 145 | state: create 146 | name: lag{{ vsx_isl_lagid }} 147 | interfaces: "{{ vsx_isl_ports }}" 148 | 149 | - name: Enable ISL LAG for VSX 150 | aoscx_interface: 151 | name: lag{{ mclag_id }} 152 | enabled: true 153 | description: "VSX ISL" 154 | 155 | - name: Create VSX configuration 156 | aoscx_vsx: 157 | device_role: "{{ vsx_role }}" 158 | isl_port: lag"{{ vsx_isl_lagid }}" 159 | keepalive_peer_ip: "{{ vsx_keepalive_ip_secondary if is_primary else vsx_keepalive_ip_primary }}" 160 | keepalive_src_ip: "{{ vsx_keepalive_ip_primary if is_primary else vsx_keepalive_ip_secondary }}" 161 | system_mac: "{{ vsx_system_mac }}" 162 | 163 | - name: Create VLANs 164 | aoscx_vlan: 165 | vlan_id: "{{ item }}" 166 | with_items: "{{ server_vlans }}" 167 | 168 | - name: Create Upstream MCLAG to Cores 169 | aoscx_lag_interface: 170 | state: create 171 | name: lag{{ vsx_pair_dict.mclag_id }} 172 | interfaces: "{{ vsx_pair_dict.access_mclag_downlink_ports }}" 173 | multi_chassis: true 174 | loop: "{{vsx_pair_mclags}}" 175 | loop_control: 176 | loop_var: vsx_pair_dict 177 | 178 | - name: Configure MCLAG L2 Interface 179 | aoscx_l2_interface: 180 | interface: lag{{ vsx_pair_dict.mclag_id }} 181 | vlan_mode: trunk 182 | vlan_trunks: "{{ vsx_pair_dict.trunk_vlans}}" 183 | loop: "{{vsx_pair_mclags}}" 184 | loop_control: 185 | loop_var: vsx_pair_dict 186 | 187 | - name: Enable MCLAG Interface 188 | aoscx_interface: 189 | name: lag{{ vsx_pair_dict.mclag_id }} 190 | enabled: true 191 | description: "{{vsx_pair_dict.mclag_description }}" 192 | loop: "{{vsx_pair_mclags}}" 193 | loop_control: 194 | loop_var: vsx_pair_dict 195 | -------------------------------------------------------------------------------- /configs/sample_configs/arch4/rsvdc-access1-1.txt: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX LL.10.13.1000 3 | !export-password: default 4 | hostname RSVDC-ACCESS1-1 5 | user admin group administrators password ciphertext AQBapZRpKnrwhowLKU8YGDPVdJiDfEcMPKWy/gw91EpjEqmtYgAAADYrDMXx3U5lxTFmek0t9kNzAjQns2Sn4BrN9DgHXEGGp7H7FnqH6NHsP5jygGS2/ZPHRGo4ysgDcPqXDr5sB7q1TIVYmWKxqbPFQE0IwPCDIlfL0VKF972b5o/2jpZpaLU+ 6 | clock timezone america/los_angeles 7 | profile aggregation-leaf 8 | ntp server 10.2.120.98 9 | ntp server 10.2.120.99 10 | ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst 11 | ntp enable 12 | ntp vrf mgmt 13 | ! 14 | ! 15 | ! 16 | ! 17 | tacacs-server host 10.2.120.94 key ciphertext AQBapTMGmLBPD14dwIgtfKtG6BbiEjvtTBdL/mC3bEo91XegCQAAAFUz3moFw0EX0A== vrf mgmt 18 | tacacs-server host 10.2.120.95 key ciphertext AQBapTsQeZay/1Mw1ivHkhdC7MGDGFcUz0oUsSNzdQf+gUw0CQAAABFOhXhwqm+UpA== vrf mgmt 19 | ! 20 | ! 21 | ! 22 | ssh server vrf mgmt 23 | vlan 1 24 | vlan 101 25 | name PROD-WEB 26 | ip igmp snooping enable 27 | vlan 102 28 | name PROD-DB 29 | ip igmp snooping enable 30 | spanning-tree 31 | spanning-tree config-name RSVDC 32 | interface mgmt 33 | no shutdown 34 | ip dhcp 35 | system interface-group 1 speed 10g 36 | !interface group 1 contains ports 1/1/1-1/1/4 37 | interface lag 1 multi-chassis 38 | description ESXi-01 39 | no shutdown 40 | no routing 41 | vlan trunk native 1 42 | vlan trunk allowed 101-102 43 | lacp mode active 44 | spanning-tree root-guard 45 | interface lag 255 multi-chassis 46 | description DC-CORE 47 | no shutdown 48 | no routing 49 | vlan trunk native 1 50 | vlan trunk allowed all 51 | lacp mode active 52 | interface lag 256 53 | description VSX_ISL_LAG 54 | no shutdown 55 | no routing 56 | vlan trunk native 1 57 | vlan trunk allowed all 58 | lacp mode active 59 | interface 1/1/1 60 | no shutdown 61 | mtu 9198 62 | lag 1 63 | interface 1/1/2 64 | no shutdown 65 | no routing 66 | vlan access 1 67 | interface 1/1/3 68 | no shutdown 69 | no routing 70 | vlan access 1 71 | interface 1/1/4 72 | no shutdown 73 | no routing 74 | vlan access 1 75 | interface 1/1/5 76 | no shutdown 77 | no routing 78 | vlan access 1 79 | interface 1/1/6 80 | no shutdown 81 | no routing 82 | vlan access 1 83 | interface 1/1/7 84 | no shutdown 85 | no routing 86 | vlan access 1 87 | interface 1/1/8 88 | no shutdown 89 | no routing 90 | vlan access 1 91 | interface 1/1/9 92 | no shutdown 93 | no routing 94 | vlan access 1 95 | interface 1/1/10 96 | no shutdown 97 | no routing 98 | vlan access 1 99 | interface 1/1/11 100 | no shutdown 101 | no routing 102 | vlan access 1 103 | interface 1/1/12 104 | no shutdown 105 | no routing 106 | vlan access 1 107 | interface 1/1/13 108 | no shutdown 109 | no routing 110 | vlan access 1 111 | interface 1/1/14 112 | no shutdown 113 | no routing 114 | vlan access 1 115 | interface 1/1/15 116 | no shutdown 117 | no routing 118 | vlan access 1 119 | interface 1/1/16 120 | no shutdown 121 | no routing 122 | vlan access 1 123 | interface 1/1/17 124 | no shutdown 125 | no routing 126 | vlan access 1 127 | interface 1/1/18 128 | no shutdown 129 | no routing 130 | vlan access 1 131 | interface 1/1/19 132 | no shutdown 133 | no routing 134 | vlan access 1 135 | interface 1/1/20 136 | no shutdown 137 | no routing 138 | vlan access 1 139 | interface 1/1/21 140 | no shutdown 141 | no routing 142 | vlan access 1 143 | interface 1/1/22 144 | no shutdown 145 | no routing 146 | vlan access 1 147 | interface 1/1/23 148 | no shutdown 149 | no routing 150 | vlan access 1 151 | interface 1/1/24 152 | no shutdown 153 | no routing 154 | vlan access 1 155 | interface 1/1/25 156 | no shutdown 157 | no routing 158 | vlan access 1 159 | interface 1/1/26 160 | no shutdown 161 | no routing 162 | vlan access 1 163 | interface 1/1/27 164 | no shutdown 165 | no routing 166 | vlan access 1 167 | interface 1/1/28 168 | no shutdown 169 | no routing 170 | vlan access 1 171 | interface 1/1/29 172 | no shutdown 173 | no routing 174 | vlan access 1 175 | interface 1/1/30 176 | no shutdown 177 | no routing 178 | vlan access 1 179 | interface 1/1/31 180 | no shutdown 181 | no routing 182 | vlan access 1 183 | interface 1/1/32 184 | no shutdown 185 | no routing 186 | vlan access 1 187 | interface 1/1/33 188 | no shutdown 189 | no routing 190 | vlan access 1 191 | interface 1/1/34 192 | no shutdown 193 | no routing 194 | vlan access 1 195 | interface 1/1/35 196 | no shutdown 197 | no routing 198 | vlan access 1 199 | interface 1/1/36 200 | no shutdown 201 | no routing 202 | vlan access 1 203 | interface 1/1/37 204 | no shutdown 205 | no routing 206 | vlan access 1 207 | interface 1/1/38 208 | no shutdown 209 | no routing 210 | vlan access 1 211 | interface 1/1/39 212 | no shutdown 213 | no routing 214 | vlan access 1 215 | interface 1/1/40 216 | no shutdown 217 | no routing 218 | vlan access 1 219 | interface 1/1/41 220 | no shutdown 221 | no routing 222 | vlan access 1 223 | interface 1/1/42 224 | no shutdown 225 | no routing 226 | vlan access 1 227 | interface 1/1/43 228 | no shutdown 229 | no routing 230 | vlan access 1 231 | interface 1/1/44 232 | no shutdown 233 | no routing 234 | vlan access 1 235 | interface 1/1/45 236 | no shutdown 237 | no routing 238 | vlan access 1 239 | interface 1/1/46 240 | no shutdown 241 | no routing 242 | vlan access 1 243 | interface 1/1/47 244 | no shutdown 245 | no routing 246 | vlan access 1 247 | interface 1/1/48 248 | no shutdown 249 | no routing 250 | vlan access 1 251 | interface 1/1/49 252 | description VSX-ISL 253 | no shutdown 254 | mtu 9198 255 | lag 256 256 | interface 1/1/50 257 | description VSX-ISL 258 | no shutdown 259 | mtu 9198 260 | lag 256 261 | interface 1/1/51 262 | no shutdown 263 | no routing 264 | vlan access 1 265 | interface 1/1/52 266 | no shutdown 267 | no routing 268 | vlan access 1 269 | interface 1/1/53 270 | description RSVDC-CORE1-1 271 | no shutdown 272 | mtu 9198 273 | lag 255 274 | interface 1/1/54 275 | description RSVDC-CORE1-2 276 | no shutdown 277 | mtu 9198 278 | lag 255 279 | snmp-server system-location DC01, Roseville, CA 280 | snmp-server system-contact netadmin@orangetme.local 281 | vsx 282 | system-mac 02:00:00:00:10:01 283 | inter-switch-link lag 256 284 | role primary 285 | keepalive peer 172.16.104.104 source 172.16.104.103 vrf mgmt 286 | ip dns server-address 10.2.120.98 vrf mgmt 287 | ip dns server-address 10.2.120.99 vrf mgmt 288 | ! 289 | ! 290 | ! 291 | ! 292 | ! 293 | https-server vrf mgmt 294 | configuration-lockout central managed 295 | -------------------------------------------------------------------------------- /configs/sample_configs/arch4/rsvdc-access1-2.txt: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX LL.10.13.1000 3 | !export-password: default 4 | hostname RSVDC-ACCESS1-2 5 | user admin group administrators password ciphertext AQBapVWCfTLp/xnFhbnBYIBu8xwG1qHtgJnMDDT8flniOFSqYgAAAFY4/4mFH224J0rS2q7ANvxLoVPKI/ISE6wxG/OFEBkM5SUcVEwp4Q+E0rILTxwjBiXt+JGqaMDjK07Y3KGYsXoq3Pb/pzUS+gJoWx9JqEBANgHo07Wy2vXyo78h9ApZti4E 6 | clock timezone america/los_angeles 7 | profile aggregation-leaf 8 | ntp server 10.2.120.98 9 | ntp server 10.2.120.99 10 | ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst 11 | ntp enable 12 | ntp vrf mgmt 13 | ! 14 | ! 15 | ! 16 | ! 17 | tacacs-server host 10.2.120.94 key ciphertext AQBapZLrhPWbmu88TsNTBNljXj5FGHTrlVtUtSBHz0Y2EhoGCQAAAA2tPUOeGMrvzA== vrf mgmt 18 | tacacs-server host 10.2.120.95 key ciphertext AQBapX1QX1f8lCcu3s1WQOO0vhq9wRrU5Vlqc16DVJM9Wno/CQAAAEFGhSXk6UPDzQ== vrf mgmt 19 | ! 20 | ! 21 | ! 22 | ssh server vrf mgmt 23 | vlan 1 24 | vlan 101 25 | name PROD-WEB 26 | ip igmp snooping enable 27 | vlan 102 28 | name PROD-DB 29 | ip igmp snooping enable 30 | spanning-tree 31 | spanning-tree config-name RSVDC 32 | interface mgmt 33 | no shutdown 34 | ip dhcp 35 | system interface-group 1 speed 10g 36 | !interface group 1 contains ports 1/1/1-1/1/4 37 | interface lag 1 multi-chassis 38 | description ESXi-01 39 | no shutdown 40 | no routing 41 | vlan trunk native 1 42 | vlan trunk allowed 101-102 43 | lacp mode active 44 | spanning-tree root-guard 45 | interface lag 255 multi-chassis 46 | description DC-CORE 47 | no shutdown 48 | no routing 49 | vlan trunk native 1 50 | vlan trunk allowed all 51 | lacp mode active 52 | interface lag 256 53 | description VSX_ISL_LAG 54 | no shutdown 55 | no routing 56 | vlan trunk native 1 57 | vlan trunk allowed all 58 | lacp mode active 59 | interface 1/1/1 60 | no shutdown 61 | mtu 9198 62 | lag 1 63 | interface 1/1/2 64 | no shutdown 65 | no routing 66 | vlan access 1 67 | interface 1/1/3 68 | no shutdown 69 | no routing 70 | vlan access 1 71 | interface 1/1/4 72 | no shutdown 73 | no routing 74 | vlan access 1 75 | interface 1/1/5 76 | no shutdown 77 | no routing 78 | vlan access 1 79 | interface 1/1/6 80 | no shutdown 81 | no routing 82 | vlan access 1 83 | interface 1/1/7 84 | no shutdown 85 | no routing 86 | vlan access 1 87 | interface 1/1/8 88 | no shutdown 89 | no routing 90 | vlan access 1 91 | interface 1/1/9 92 | no shutdown 93 | no routing 94 | vlan access 1 95 | interface 1/1/10 96 | no shutdown 97 | no routing 98 | vlan access 1 99 | interface 1/1/11 100 | no shutdown 101 | no routing 102 | vlan access 1 103 | interface 1/1/12 104 | no shutdown 105 | no routing 106 | vlan access 1 107 | interface 1/1/13 108 | no shutdown 109 | no routing 110 | vlan access 1 111 | interface 1/1/14 112 | no shutdown 113 | no routing 114 | vlan access 1 115 | interface 1/1/15 116 | no shutdown 117 | no routing 118 | vlan access 1 119 | interface 1/1/16 120 | no shutdown 121 | no routing 122 | vlan access 1 123 | interface 1/1/17 124 | no shutdown 125 | no routing 126 | vlan access 1 127 | interface 1/1/18 128 | no shutdown 129 | no routing 130 | vlan access 1 131 | interface 1/1/19 132 | no shutdown 133 | no routing 134 | vlan access 1 135 | interface 1/1/20 136 | no shutdown 137 | no routing 138 | vlan access 1 139 | interface 1/1/21 140 | no shutdown 141 | no routing 142 | vlan access 1 143 | interface 1/1/22 144 | no shutdown 145 | no routing 146 | vlan access 1 147 | interface 1/1/23 148 | no shutdown 149 | no routing 150 | vlan access 1 151 | interface 1/1/24 152 | no shutdown 153 | no routing 154 | vlan access 1 155 | interface 1/1/25 156 | no shutdown 157 | no routing 158 | vlan access 1 159 | interface 1/1/26 160 | no shutdown 161 | no routing 162 | vlan access 1 163 | interface 1/1/27 164 | no shutdown 165 | no routing 166 | vlan access 1 167 | interface 1/1/28 168 | no shutdown 169 | no routing 170 | vlan access 1 171 | interface 1/1/29 172 | no shutdown 173 | no routing 174 | vlan access 1 175 | interface 1/1/30 176 | no shutdown 177 | no routing 178 | vlan access 1 179 | interface 1/1/31 180 | no shutdown 181 | no routing 182 | vlan access 1 183 | interface 1/1/32 184 | no shutdown 185 | no routing 186 | vlan access 1 187 | interface 1/1/33 188 | no shutdown 189 | no routing 190 | vlan access 1 191 | interface 1/1/34 192 | no shutdown 193 | no routing 194 | vlan access 1 195 | interface 1/1/35 196 | no shutdown 197 | no routing 198 | vlan access 1 199 | interface 1/1/36 200 | no shutdown 201 | no routing 202 | vlan access 1 203 | interface 1/1/37 204 | no shutdown 205 | no routing 206 | vlan access 1 207 | interface 1/1/38 208 | no shutdown 209 | no routing 210 | vlan access 1 211 | interface 1/1/39 212 | no shutdown 213 | no routing 214 | vlan access 1 215 | interface 1/1/40 216 | no shutdown 217 | no routing 218 | vlan access 1 219 | interface 1/1/41 220 | no shutdown 221 | no routing 222 | vlan access 1 223 | interface 1/1/42 224 | no shutdown 225 | no routing 226 | vlan access 1 227 | interface 1/1/43 228 | no shutdown 229 | no routing 230 | vlan access 1 231 | interface 1/1/44 232 | no shutdown 233 | no routing 234 | vlan access 1 235 | interface 1/1/45 236 | no shutdown 237 | no routing 238 | vlan access 1 239 | interface 1/1/46 240 | no shutdown 241 | no routing 242 | vlan access 1 243 | interface 1/1/47 244 | no shutdown 245 | no routing 246 | vlan access 1 247 | interface 1/1/48 248 | no shutdown 249 | no routing 250 | vlan access 1 251 | interface 1/1/49 252 | description VSX-ISL 253 | no shutdown 254 | mtu 9198 255 | lag 256 256 | interface 1/1/50 257 | description VSX-ISL 258 | no shutdown 259 | mtu 9198 260 | lag 256 261 | interface 1/1/51 262 | no shutdown 263 | no routing 264 | vlan access 1 265 | interface 1/1/52 266 | no shutdown 267 | no routing 268 | vlan access 1 269 | interface 1/1/53 270 | description RSVDC-CORE1-1 271 | no shutdown 272 | mtu 9198 273 | lag 255 274 | interface 1/1/54 275 | description RSVDC-CORE1-2 276 | no shutdown 277 | mtu 9198 278 | lag 255 279 | snmp-server system-location DC01, Roseville, CA 280 | snmp-server system-contact netadmin@orangetme.local 281 | vsx 282 | system-mac 02:00:00:00:10:01 283 | inter-switch-link lag 256 284 | role secondary 285 | keepalive peer 172.16.104.103 source 172.16.104.104 vrf mgmt 286 | ip dns server-address 10.2.120.98 vrf mgmt 287 | ip dns server-address 10.2.120.99 vrf mgmt 288 | ! 289 | ! 290 | ! 291 | ! 292 | ! 293 | https-server vrf mgmt 294 | configuration-lockout central managed 295 | -------------------------------------------------------------------------------- /configs/sample_configs/arch4/rsvdc-access2-1.txt: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX LL.10.13.1000 3 | !export-password: default 4 | hostname RSVDC-ACCESS2-1 5 | user admin group administrators password ciphertext AQBapTqmMEtHwD3pEfL+s5JTDRCJyu2XEkLfz7UJMiI1QCgjYgAAABb/IDa09KXeulf3jEXrJuTkecxbH0TGZ66GtUkU8c1qp+g6cugoiX8M2megXCgETtVozULZNEnbr6csEmCtW41DvFt0XjEOZohKICkr5aodq/1W8QzCprGud5XF6mjVUNDK 6 | clock timezone america/los_angeles 7 | profile aggregation-leaf 8 | ntp server 10.2.120.98 9 | ntp server 10.2.120.99 10 | ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst 11 | ntp enable 12 | ntp vrf mgmt 13 | ! 14 | ! 15 | ! 16 | ! 17 | tacacs-server host 10.2.120.94 key ciphertext AQBapaXuh5LfmhoL0Y7KGfuDSv0UUeLUrHzlE4T4CioP6eEfCQAAAKAFX/D2ZSHgyw== vrf mgmt 18 | tacacs-server host 10.2.120.95 key ciphertext AQBapa8lT2F0fFGqldnR/LNCOFBL5gSh0kDS9rBaWpLWAIPZCQAAAFnEC7aRS24ChQ== vrf mgmt 19 | ! 20 | ! 21 | ! 22 | ssh server vrf mgmt 23 | vlan 1 24 | vlan 101 25 | name PROD-WEB 26 | ip igmp snooping enable 27 | vlan 102 28 | name PROD-DB 29 | ip igmp snooping enable 30 | spanning-tree 31 | spanning-tree config-name RSVDC 32 | interface mgmt 33 | no shutdown 34 | ip dhcp 35 | system interface-group 1 speed 10g 36 | !interface group 1 contains ports 1/1/1-1/1/4 37 | interface lag 1 multi-chassis 38 | description ESXi-01 39 | no shutdown 40 | no routing 41 | vlan trunk native 1 42 | vlan trunk allowed 101-102 43 | lacp mode active 44 | spanning-tree root-guard 45 | interface lag 255 multi-chassis 46 | description DC-CORE 47 | no shutdown 48 | no routing 49 | vlan trunk native 1 50 | vlan trunk allowed all 51 | lacp mode active 52 | interface lag 256 53 | description VSX_ISL_LAG 54 | no shutdown 55 | no routing 56 | vlan trunk native 1 57 | vlan trunk allowed all 58 | lacp mode active 59 | interface 1/1/1 60 | no shutdown 61 | mtu 9198 62 | lag 1 63 | interface 1/1/2 64 | no shutdown 65 | no routing 66 | vlan access 1 67 | interface 1/1/3 68 | no shutdown 69 | no routing 70 | vlan access 1 71 | interface 1/1/4 72 | no shutdown 73 | no routing 74 | vlan access 1 75 | interface 1/1/5 76 | no shutdown 77 | no routing 78 | vlan access 1 79 | interface 1/1/6 80 | no shutdown 81 | no routing 82 | vlan access 1 83 | interface 1/1/7 84 | no shutdown 85 | no routing 86 | vlan access 1 87 | interface 1/1/8 88 | no shutdown 89 | no routing 90 | vlan access 1 91 | interface 1/1/9 92 | no shutdown 93 | no routing 94 | vlan access 1 95 | interface 1/1/10 96 | no shutdown 97 | no routing 98 | vlan access 1 99 | interface 1/1/11 100 | no shutdown 101 | no routing 102 | vlan access 1 103 | interface 1/1/12 104 | no shutdown 105 | no routing 106 | vlan access 1 107 | interface 1/1/13 108 | no shutdown 109 | no routing 110 | vlan access 1 111 | interface 1/1/14 112 | no shutdown 113 | no routing 114 | vlan access 1 115 | interface 1/1/15 116 | no shutdown 117 | no routing 118 | vlan access 1 119 | interface 1/1/16 120 | no shutdown 121 | no routing 122 | vlan access 1 123 | interface 1/1/17 124 | no shutdown 125 | no routing 126 | vlan access 1 127 | interface 1/1/18 128 | no shutdown 129 | no routing 130 | vlan access 1 131 | interface 1/1/19 132 | no shutdown 133 | no routing 134 | vlan access 1 135 | interface 1/1/20 136 | no shutdown 137 | no routing 138 | vlan access 1 139 | interface 1/1/21 140 | no shutdown 141 | no routing 142 | vlan access 1 143 | interface 1/1/22 144 | no shutdown 145 | no routing 146 | vlan access 1 147 | interface 1/1/23 148 | no shutdown 149 | no routing 150 | vlan access 1 151 | interface 1/1/24 152 | no shutdown 153 | no routing 154 | vlan access 1 155 | interface 1/1/25 156 | no shutdown 157 | no routing 158 | vlan access 1 159 | interface 1/1/26 160 | no shutdown 161 | no routing 162 | vlan access 1 163 | interface 1/1/27 164 | no shutdown 165 | no routing 166 | vlan access 1 167 | interface 1/1/28 168 | no shutdown 169 | no routing 170 | vlan access 1 171 | interface 1/1/29 172 | no shutdown 173 | no routing 174 | vlan access 1 175 | interface 1/1/30 176 | no shutdown 177 | no routing 178 | vlan access 1 179 | interface 1/1/31 180 | no shutdown 181 | no routing 182 | vlan access 1 183 | interface 1/1/32 184 | no shutdown 185 | no routing 186 | vlan access 1 187 | interface 1/1/33 188 | no shutdown 189 | no routing 190 | vlan access 1 191 | interface 1/1/34 192 | no shutdown 193 | no routing 194 | vlan access 1 195 | interface 1/1/35 196 | no shutdown 197 | no routing 198 | vlan access 1 199 | interface 1/1/36 200 | no shutdown 201 | no routing 202 | vlan access 1 203 | interface 1/1/37 204 | no shutdown 205 | no routing 206 | vlan access 1 207 | interface 1/1/38 208 | no shutdown 209 | no routing 210 | vlan access 1 211 | interface 1/1/39 212 | no shutdown 213 | no routing 214 | vlan access 1 215 | interface 1/1/40 216 | no shutdown 217 | no routing 218 | vlan access 1 219 | interface 1/1/41 220 | no shutdown 221 | no routing 222 | vlan access 1 223 | interface 1/1/42 224 | no shutdown 225 | no routing 226 | vlan access 1 227 | interface 1/1/43 228 | no shutdown 229 | no routing 230 | vlan access 1 231 | interface 1/1/44 232 | no shutdown 233 | no routing 234 | vlan access 1 235 | interface 1/1/45 236 | no shutdown 237 | no routing 238 | vlan access 1 239 | interface 1/1/46 240 | no shutdown 241 | no routing 242 | vlan access 1 243 | interface 1/1/47 244 | no shutdown 245 | no routing 246 | vlan access 1 247 | interface 1/1/48 248 | no shutdown 249 | no routing 250 | vlan access 1 251 | interface 1/1/49 252 | description VSX-ISL 253 | no shutdown 254 | mtu 9198 255 | lag 256 256 | interface 1/1/50 257 | description VSX-ISL 258 | no shutdown 259 | mtu 9198 260 | lag 256 261 | interface 1/1/51 262 | no shutdown 263 | no routing 264 | vlan access 1 265 | interface 1/1/52 266 | no shutdown 267 | no routing 268 | vlan access 1 269 | interface 1/1/53 270 | description RSVDC-CORE1-1 271 | no shutdown 272 | mtu 9198 273 | lag 255 274 | interface 1/1/54 275 | description RSVDC-CORE1-2 276 | no shutdown 277 | mtu 9198 278 | lag 255 279 | snmp-server system-location DC01, Roseville, CA 280 | snmp-server system-contact netadmin@orangetme.local 281 | vsx 282 | system-mac 02:00:00:00:10:02 283 | inter-switch-link lag 256 284 | role primary 285 | keepalive peer 172.16.104.106 source 172.16.104.105 vrf mgmt 286 | ip dns server-address 10.2.120.98 vrf mgmt 287 | ip dns server-address 10.2.120.99 vrf mgmt 288 | ! 289 | ! 290 | ! 291 | ! 292 | ! 293 | https-server vrf mgmt 294 | configuration-lockout central managed 295 | -------------------------------------------------------------------------------- /configs/sample_configs/arch4/rsvdc-access2-2.txt: -------------------------------------------------------------------------------- 1 | ! 2 | !Version ArubaOS-CX LL.10.13.1000 3 | !export-password: default 4 | hostname RSVDC-ACCESS2-2 5 | user admin group administrators password ciphertext AQBapfeVU0skJTPWLHw8JA4TThD9SyyWHFzRRtIjLRLbQ4A0YgAAAFivBLPYsSPTqJ5zXmvmiFN0VgaZaKJ6ii0Ckwg/4sZ66hHkSob8Qjh7VT1R6RcRwG5dBG1UEUchvXAUD9gwHqMs9QVjZE9RuxpaNF/xUj2OIw7RiuebreEzgXq3F3a4Rr3c 6 | clock timezone america/los_angeles 7 | profile aggregation-leaf 8 | ntp server 10.2.120.98 9 | ntp server 10.2.120.99 10 | ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst 11 | ntp enable 12 | ntp vrf mgmt 13 | ! 14 | ! 15 | ! 16 | ! 17 | tacacs-server host 10.2.120.94 key ciphertext AQBapRtfBSB54E5LYdC8y25slzCWL4nAz9nWi3xl5vn0N67MCQAAAACGskPHAcMS0A== vrf mgmt 18 | tacacs-server host 10.2.120.95 key ciphertext AQBapc8xsMkqExxd+BOWPfDfcspc8/eICIOtKCregEo0K101CQAAAJfR71sHRbdw8g== vrf mgmt 19 | ! 20 | ! 21 | ! 22 | ssh server vrf mgmt 23 | vlan 1 24 | vlan 101 25 | name PROD-WEB 26 | ip igmp snooping enable 27 | vlan 102 28 | name PROD-DB 29 | ip igmp snooping enable 30 | spanning-tree 31 | spanning-tree config-name RSVDC 32 | interface mgmt 33 | no shutdown 34 | ip dhcp 35 | system interface-group 1 speed 10g 36 | !interface group 1 contains ports 1/1/1-1/1/4 37 | interface lag 1 multi-chassis 38 | description ESXi-01 39 | no shutdown 40 | no routing 41 | vlan trunk native 1 42 | vlan trunk allowed 101-102 43 | lacp mode active 44 | spanning-tree root-guard 45 | interface lag 255 multi-chassis 46 | description DC-CORE 47 | no shutdown 48 | no routing 49 | vlan trunk native 1 50 | vlan trunk allowed all 51 | lacp mode active 52 | interface lag 256 53 | description VSX_ISL_LAG 54 | no shutdown 55 | no routing 56 | vlan trunk native 1 57 | vlan trunk allowed all 58 | lacp mode active 59 | interface 1/1/1 60 | no shutdown 61 | mtu 9198 62 | lag 1 63 | interface 1/1/2 64 | no shutdown 65 | no routing 66 | vlan access 1 67 | interface 1/1/3 68 | no shutdown 69 | no routing 70 | vlan access 1 71 | interface 1/1/4 72 | no shutdown 73 | no routing 74 | vlan access 1 75 | interface 1/1/5 76 | no shutdown 77 | no routing 78 | vlan access 1 79 | interface 1/1/6 80 | no shutdown 81 | no routing 82 | vlan access 1 83 | interface 1/1/7 84 | no shutdown 85 | no routing 86 | vlan access 1 87 | interface 1/1/8 88 | no shutdown 89 | no routing 90 | vlan access 1 91 | interface 1/1/9 92 | no shutdown 93 | no routing 94 | vlan access 1 95 | interface 1/1/10 96 | no shutdown 97 | no routing 98 | vlan access 1 99 | interface 1/1/11 100 | no shutdown 101 | no routing 102 | vlan access 1 103 | interface 1/1/12 104 | no shutdown 105 | no routing 106 | vlan access 1 107 | interface 1/1/13 108 | no shutdown 109 | no routing 110 | vlan access 1 111 | interface 1/1/14 112 | no shutdown 113 | no routing 114 | vlan access 1 115 | interface 1/1/15 116 | no shutdown 117 | no routing 118 | vlan access 1 119 | interface 1/1/16 120 | no shutdown 121 | no routing 122 | vlan access 1 123 | interface 1/1/17 124 | no shutdown 125 | no routing 126 | vlan access 1 127 | interface 1/1/18 128 | no shutdown 129 | no routing 130 | vlan access 1 131 | interface 1/1/19 132 | no shutdown 133 | no routing 134 | vlan access 1 135 | interface 1/1/20 136 | no shutdown 137 | no routing 138 | vlan access 1 139 | interface 1/1/21 140 | no shutdown 141 | no routing 142 | vlan access 1 143 | interface 1/1/22 144 | no shutdown 145 | no routing 146 | vlan access 1 147 | interface 1/1/23 148 | no shutdown 149 | no routing 150 | vlan access 1 151 | interface 1/1/24 152 | no shutdown 153 | no routing 154 | vlan access 1 155 | interface 1/1/25 156 | no shutdown 157 | no routing 158 | vlan access 1 159 | interface 1/1/26 160 | no shutdown 161 | no routing 162 | vlan access 1 163 | interface 1/1/27 164 | no shutdown 165 | no routing 166 | vlan access 1 167 | interface 1/1/28 168 | no shutdown 169 | no routing 170 | vlan access 1 171 | interface 1/1/29 172 | no shutdown 173 | no routing 174 | vlan access 1 175 | interface 1/1/30 176 | no shutdown 177 | no routing 178 | vlan access 1 179 | interface 1/1/31 180 | no shutdown 181 | no routing 182 | vlan access 1 183 | interface 1/1/32 184 | no shutdown 185 | no routing 186 | vlan access 1 187 | interface 1/1/33 188 | no shutdown 189 | no routing 190 | vlan access 1 191 | interface 1/1/34 192 | no shutdown 193 | no routing 194 | vlan access 1 195 | interface 1/1/35 196 | no shutdown 197 | no routing 198 | vlan access 1 199 | interface 1/1/36 200 | no shutdown 201 | no routing 202 | vlan access 1 203 | interface 1/1/37 204 | no shutdown 205 | no routing 206 | vlan access 1 207 | interface 1/1/38 208 | no shutdown 209 | no routing 210 | vlan access 1 211 | interface 1/1/39 212 | no shutdown 213 | no routing 214 | vlan access 1 215 | interface 1/1/40 216 | no shutdown 217 | no routing 218 | vlan access 1 219 | interface 1/1/41 220 | no shutdown 221 | no routing 222 | vlan access 1 223 | interface 1/1/42 224 | no shutdown 225 | no routing 226 | vlan access 1 227 | interface 1/1/43 228 | no shutdown 229 | no routing 230 | vlan access 1 231 | interface 1/1/44 232 | no shutdown 233 | no routing 234 | vlan access 1 235 | interface 1/1/45 236 | no shutdown 237 | no routing 238 | vlan access 1 239 | interface 1/1/46 240 | no shutdown 241 | no routing 242 | vlan access 1 243 | interface 1/1/47 244 | no shutdown 245 | no routing 246 | vlan access 1 247 | interface 1/1/48 248 | no shutdown 249 | no routing 250 | vlan access 1 251 | interface 1/1/49 252 | description VSX-ISL 253 | no shutdown 254 | mtu 9198 255 | lag 256 256 | interface 1/1/50 257 | description VSX-ISL 258 | no shutdown 259 | mtu 9198 260 | lag 256 261 | interface 1/1/51 262 | no shutdown 263 | no routing 264 | vlan access 1 265 | interface 1/1/52 266 | no shutdown 267 | no routing 268 | vlan access 1 269 | interface 1/1/53 270 | description RSVDC-CORE1-1 271 | no shutdown 272 | mtu 9198 273 | lag 255 274 | interface 1/1/54 275 | description RSVDC-CORE1-2 276 | no shutdown 277 | mtu 9198 278 | lag 255 279 | snmp-server system-location DC01, Roseville, CA 280 | snmp-server system-contact netadmin@orangetme.local 281 | vsx 282 | system-mac 02:00:00:00:10:02 283 | inter-switch-link lag 256 284 | role secondary 285 | keepalive peer 172.16.104.105 source 172.16.104.106 vrf mgmt 286 | ip dns server-address 10.2.120.98 vrf mgmt 287 | ip dns server-address 10.2.120.99 vrf mgmt 288 | ! 289 | ! 290 | ! 291 | ! 292 | ! 293 | https-server vrf mgmt 294 | configuration-lockout central managed 295 | -------------------------------------------------------------------------------- /inventory_2tier_dedicated_dc.yml: -------------------------------------------------------------------------------- 1 | ########################## 2 | # Aruba DCN Workflows 3 | # Example Inventory 4 | ########################## 5 | all: 6 | children: # Defining High Level Groups 7 | aoscx_switches: # Group for all necessary Ansible connection CX variables 8 | vars: 9 | ansible_user: admin # switch login user - used by aoscx Collection 10 | ansible_password: admin # switch login password - used by aoscx Collection 11 | ansible_connection: arubanetworks.aoscx.aoscx # DO NOT CHANGE 12 | ansible_network_os: arubanetworks.aoscx.aoscx # DO NOT CHANGE 13 | ansible_httpapi_use_ssl: True # DO NOT CHANGE 14 | ansible_httpapi_validate_certs: False # Will change depending on your environment 15 | ansible_acx_no_proxy: True # REMOVE 16 | ansible_aoscx_validate_certs: False 17 | ansible_aoscx_use_proxy: False 18 | children: 19 | Zone1: # Group for common variables within a specific DC Zone/Pod 20 | vars: 21 | hostname: "{{inventory_hostname}}" # hostname of the device is set to the device's inventory name 22 | mtu: 9198 23 | config_path: "configs/" # Destination directory for generated switch configurations 24 | ospf_area: 0.0.0.0 # OSPF is enabled to support iBGP peering between the “Zone1-Core” switches 25 | asn: 65101 # eBGP towards “DC-Core” switches 26 | ibgp_transit_vlan: 4000 # iBGP transit VLAN between “Zone1-Core” switches 27 | server_vlans: [11] # VLANs to be created on for server traffic 28 | # Spanning Tree 29 | stp_priority: 1 30 | stp_config_name: Zone1 31 | stp_rev_num: 1 32 | # VSX information 33 | vsx_keepalive_int: 1/1/31 34 | vsx_isl_ports: ['1/1/32'] 35 | vsx_isl_lagid: 1 36 | children: 37 | access: 38 | # Access devices are grouped by VSX pairs, 39 | # names of VSX pairs can be anything alphanumeric 40 | # each VSX group is a subgroup of 'access' 41 | children: 42 | rack1: 43 | vars: 44 | core_mclag_id: 11 # MCLAG ID for Core uplinks 45 | # VSX information 46 | vsx_system_mac: 00:00:00:00:01:11 47 | vsx_keepalive_ip_primary: 192.168.1.110 48 | vsx_keepalive_ip_secondary: 192.168.1.111 49 | hosts: 50 | Zone1-Rack1-Access1: 51 | ansible_host: 10.10.10.56 # IP address of the switch, change to match devices in your environment 52 | vsx_role: primary 53 | loopback0_ip: 192.168.1.1 54 | Zone1-Rack1-Access2: 55 | ansible_host: 10.10.10.57 # IP address of the switch, change to match devices in your environment 56 | vsx_role: secondary 57 | loopback0_ip: 192.168.1.2 58 | rack3: 59 | vars: 60 | core_mclag_id: 12 # MCLAG ID for Core uplinks 61 | # VSX information 62 | vsx_system_mac: 00:00:00:00:03:13 63 | vsx_keepalive_ip_primary: 192.168.1.112 64 | vsx_keepalive_ip_secondary: 192.168.1.113 65 | hosts: 66 | Zone1-Rack3-Access3: 67 | ansible_host: 10.10.10.60 # IP address of the switch, change to match devices in your environment 68 | vsx_role: primary 69 | loopback0_ip: 192.168.1.5 70 | Zone1-Rack3-Access4: 71 | ansible_host: 10.10.10.61 # IP address of the switch, change to match devices in your environment 72 | vsx_role: secondary 73 | loopback0_ip: 192.168.1.6 74 | vars: 75 | config_template: templates/2Tier/access.j2 76 | core_mclag_uplink_ports: ['1/1/49', '1/1/50'] # Interfaces that will be a part of the MCLAG connecting access device to core 77 | core_mclag_description: Zone1-Cores 78 | speed_interface_group_10g: [1,3] # Enables 10g speed on specified interface groups, remove variable if unused 79 | core: 80 | vars: 81 | config_template: templates/2Tier/core.j2 82 | # VSX information 83 | vsx_system_mac: 00:00:00:00:01:01 84 | vsx_keepalive_ip_primary: 192.168.1.100 85 | vsx_keepalive_ip_secondary: 192.168.1.101 86 | # Core MCLAG information for downlinks to each VSX pair and each access switch 87 | vsx_pair_mclags: 88 | - location: rack1 89 | access_mclag_downlink_ports: ['1/1/27', '1/1/28'] # Interfaces that will be a part of the MCLAG connecting the core devices to access 90 | mclag_id: 11 91 | mclag_description: Zone1-Rack1-Access1/2 92 | trunk_vlans: "{{server_vlans}}" 93 | - location: rack3 94 | access_mclag_downlink_ports: ['1/1/23', '1/1/24'] # Interfaces that will be a part of the MCLAG connecting the core devices to access 95 | mclag_id: 12 96 | mclag_description: Zone1-Rack3-Access3/4 97 | trunk_vlans: "{{server_vlans}}" 98 | hosts: 99 | Zone1-Core1a: 100 | ansible_host: 10.10.10.54 # IP address of the switch, change to match devices in your environment 101 | ibgp_transit_vlan_ip: 10.1.2.2 102 | core_vsx_neighbor_ip: "{{hostvars['Zone1-Core1b']['loopback0_ip']}}" # Used for iBGP between Zone core switches 103 | loopback0_ip: 192.168.1.11 104 | vsx_role: primary 105 | # For every VLAN in server_vlans there should exist an entry under core_vlan_interfaces 106 | # for server subnets 107 | core_vlan_interfaces: 108 | - vlan_id: 11 109 | ipv4: 11.1.1.3/24 110 | active_gateway_ip: 11.1.1.1 111 | active_gateway_mac: 00:00:00:00:01:01 112 | Zone1-Core1b: 113 | ansible_host: 10.10.10.55 # IP address of the switch, change to match devices in your environment 114 | ibgp_transit_vlan_ip: 10.1.2.3 115 | core_vsx_neighbor_ip: "{{hostvars['Zone1-Core1a']['loopback0_ip']}}" # Used for iBGP between Zone core switches 116 | loopback0_ip: 192.168.1.12 117 | vsx_role: secondary 118 | # For every VLAN in server_vlans there should exist an entry under core_vlan_interfaces 119 | # for server subnets 120 | core_vlan_interfaces: 121 | - vlan_id: 11 122 | ipv4: 11.1.1.4/24 123 | active_gateway_ip: 11.1.1.1 124 | active_gateway_mac: 00:00:00:00:01:01 125 | dc_tor: 126 | hosts: 127 | Zone1-Core1a: 128 | Zone1-Core1b: -------------------------------------------------------------------------------- /inventory_2tierv2_dcn.yml: -------------------------------------------------------------------------------- 1 | ########################## 2 | # Aruba DCN Workflows 3 | # Example Inventory 4 | ########################## 5 | all: 6 | children: # Defining High Level Groups 7 | aoscx_switches: # Group for all necessary Ansible connection CX variables 8 | vars: 9 | ansible_user: admin # switch login user - used by aoscx Collection 10 | ansible_password: admin # switch login password - used by aoscx Collection 11 | ansible_connection: arubanetworks.aoscx.aoscx # DO NOT CHANGE 12 | ansible_network_os: arubanetworks.aoscx.aoscx # DO NOT CHANGE 13 | ansible_httpapi_use_ssl: True # DO NOT CHANGE 14 | ansible_httpapi_validate_certs: False # Will change depending on your environment 15 | ansible_acx_no_proxy: True # REMOVE 16 | ansible_aoscx_validate_certs: False 17 | ansible_aoscx_use_proxy: False 18 | children: 19 | DC-RSV: # Group for common variables within a specific DC Zone/Pod 20 | vars: 21 | hostname: "{{inventory_hostname}}" # hostname of the device is set to the device's inventory name 22 | group: RSVDC 23 | config_path: "configs/" # Destination directory for generated switch configurations 24 | timezone: "america/los_angeles" 25 | mtu: 9198 26 | stp_config_name: "{{group}}" 27 | ntp_servers: [10.2.120.98, 10.2.120.99] 28 | ntp_vrf: mgmt 29 | dns_servers: [10.2.120.98, 10.2.120.99] 30 | dns_domain: example.local 31 | system_location: DC01, Roseville, CA 32 | system_contact: netadmin@orangetme.local 33 | ospf_area: 0.0.0.0 34 | tacacs_servers: 35 | - host: 10.2.120.94 36 | ciphertext: AQBapTMGmLBPD14dwIgtfKtG6BbiEjvtTBdL/mC3bEo91XegCQAAAFUz3moFw0EX0A== 37 | - host: 10.2.120.94 38 | ciphertext: AQBapTsQeZay/1Mw1ivHkhdC7MGDGFcUz0oUsSNzdQf+gUw0CQAAABFOhXhwqm+UpA== 39 | host_vlans: # VLANs to be created on devices for DC host traffic 40 | - id: 101 41 | name: PROD-WEB 42 | - id: 102 43 | name: PROD-DB 44 | # VSX information 45 | vsx_isl_lagid: 256 46 | vsx_keepalive_vrf: mgmt 47 | children: 48 | core: 49 | vars: 50 | config_template: templates/2TierV2/core.j2 51 | # VSX information 52 | vsx_system_mac: 02:00:00:00:10:00 53 | vsx_keepalive_ip_primary: 172.16.117.101 54 | vsx_keepalive_ip_secondary: 172.16.117.102 55 | vsx_isl_ports: [1/1/31, '1/1/32'] 56 | mclags: 57 | - id: 1 58 | interfaces: ['1/1/1', '1/1/2'] 59 | allowed_vlans: ['all'] 60 | mtu: 9198 61 | description: RACK-1 62 | - id: 2 63 | interfaces: ['1/1/3', '1/1/4'] 64 | allowed_vlans: ['all'] 65 | mtu: 9198 66 | description: RACK-2 67 | - id: 101 68 | interfaces: ['1/1/29'] 69 | allowed_vlans: [4000] 70 | mtu: 9198 71 | description: EXT-FW1-1 72 | - id: 102 73 | interfaces: ['1/1/30'] 74 | allowed_vlans: [4000] 75 | mtu: 9198 76 | description: EXT-FW1-2 77 | hosts: 78 | RSVDC-CORE1-1: 79 | ansible_host: 172.16.117.101 80 | vsx_role: primary 81 | loopback0_ip: 10.250.12.1 82 | routing_vlans: 83 | - id: 4000 84 | name: CORE-ROUTING-SVI 85 | ip_address: 10.255.12.1 86 | # SVI information for DC host VLANs - used in jinja2 template 87 | host_vlans: 88 | - id: 101 89 | name: PROD-WEB 90 | ip_address: 10.12.101.2 91 | active_gateway_mac: 02:00:0a:01:65:01 92 | active_gateway_ip: 10.12.101.1 93 | - id: 102 94 | name: PROD-DB 95 | ip_address: 10.12.102.2 96 | active_gateway_mac: 02:00:0a:01:65:01 97 | active_gateway_ip: 10.12.102.1 98 | RSVDC-CORE1-2: 99 | ansible_host: 172.16.117.102 100 | loopback0_ip: 10.250.12.2 101 | vsx_role: secondary 102 | routing_vlans: 103 | - id: 4000 104 | name: CORE-ROUTING-SVI 105 | ip_address: 10.255.12.2 106 | # SVI information for DC host VLANs - used in jinja2 template 107 | host_vlans: 108 | - id: 101 109 | name: PROD-WEB 110 | ip_address: 10.12.101.3 111 | active_gateway_mac: 02:00:0a:01:65:01 112 | active_gateway_ip: 10.12.101.1 113 | - id: 102 114 | name: PROD-DB 115 | ip_address: 10.12.102.3 116 | active_gateway_mac: 02:00:0a:01:65:01 117 | active_gateway_ip: 10.12.102.1 118 | access: 119 | vars: 120 | config_template: templates/2TierV2/access.j2 121 | speed_interface_group_10g: [1] # Enables 10g speed on specified interface groups, remove variable if unused 122 | vsx_isl_ports: ['1/1/49', '1/1/50'] 123 | vsx_system_mac: 02:00:00:00:10:01 124 | # Access devices are grouped by VSX pairs, 125 | # names of vsx_pairs can be anything alphanumeric 126 | # devices do not have to be physically in the same "vsx_pair" 127 | children: 128 | rack1: 129 | vars: 130 | # VSX information 131 | vsx_system_mac: 02:00:00:00:10:01 132 | vsx_keepalive_ip_primary: 172.16.117.103 133 | vsx_keepalive_ip_secondary: 172.16.117.104 134 | mclags: 135 | - id: 1 136 | interfaces: [1/1/1] 137 | allowed_vlans: ['all'] 138 | mtu: 9198 139 | description: ESXi-01 140 | - id: 255 141 | interfaces: [1/1/53, 1/1/54] 142 | allowed_vlans: ['all'] 143 | mtu: 9198 144 | description: DC-CORE 145 | hosts: 146 | RSVDC-ACCESS1-1: 147 | ansible_host: 172.16.117.103 # IP address of the switch, change to match 148 | vsx_role: primary 149 | RSVDC-ACCESS1-2: 150 | ansible_host: 172.16.117.104 # IP address of the switch, change to match 151 | vsx_role: secondary 152 | rack2: 153 | vars: 154 | # VSX information 155 | vsx_system_mac: 02:00:00:00:10:02 156 | vsx_keepalive_ip_primary: 172.16.117.105 # IP address of the switch, change to match 157 | vsx_keepalive_ip_secondary: 172.16.117.106 # IP address of the switch, change to match 158 | mclags: 159 | - id: 1 160 | interfaces: [1/1/1] 161 | allowed_vlans: ['all'] 162 | mtu: 9198 163 | description: ESXi-02 164 | - id: 255 165 | interfaces: [1/1/53, 1/1/54] 166 | allowed_vlans: ['all'] 167 | mtu: 9198 168 | description: DC-CORE 169 | hosts: 170 | RSVDC-ACCESS2-1: 171 | ansible_host: 172.16.117.105 # IP address of the switch, change to match 172 | vsx_role: primary 173 | RSVDC-ACCESS2-2: 174 | ansible_host: 172.16.117.106 # IP address of the switch, change to match 175 | vsx_role: secondary 176 | -------------------------------------------------------------------------------- /inventory_spine_leaf.yml: -------------------------------------------------------------------------------- 1 | ########################## 2 | # Aruba DCN Workflows 3 | # Example Inventory 4 | ########################## 5 | all: 6 | children: # Defining High Level Groups 7 | aoscx_switches: # Group for all necessary Ansible connection CX variables 8 | vars: 9 | ansible_user: admin # switch login user - used by aoscx Collection 10 | ansible_password: admin # switch login password - used by aoscx Collection 11 | ansible_connection: arubanetworks.aoscx.aoscx # DO NOT CHANGE 12 | ansible_network_os: arubanetworks.aoscx.aoscx # DO NOT CHANGE 13 | ansible_httpapi_use_ssl: True # DO NOT CHANGE 14 | ansible_httpapi_validate_certs: False # Will change depending on your environment 15 | ansible_acx_no_proxy: True # REMOVE 16 | ansible_aoscx_validate_certs: False 17 | ansible_aoscx_use_proxy: False 18 | children: 19 | Zone1: # Group for common variables within a specific DC Zone/Pod 20 | vars: 21 | hostname: "{{inventory_hostname}}" # hostname of the device is set to the device's inventory name 22 | config_path: "configs/" # Destination directory for generated switch configurations 23 | ospf_area: 0.0.0.0 # iBGP only, not necessary for eBGP fabric 24 | asn: 65101 # for eBGP this is used for the Spine BGP ASN, for iBGP this is the BGP ASN for the entire DC Zone/Pod 25 | mtu: 9198 26 | # Loopback0 IPs of each spine, used to populate BGP neighbors for Leafs 27 | spine_loopback0_ips: 28 | - '192.168.1.11' # Must match loopback IP of Spine1 29 | - '192.168.1.12' # Must match loopback IP of Spine2 30 | server_vlans: [11] # VLANs to be created on leafs for server traffic 31 | # VSX information 32 | vsx_keepalive_int: 1/1/31 33 | vsx_isl_ports: ['1/1/32'] 34 | vsx_isl_lagid: 1 35 | children: 36 | leaf: 37 | # Leafs devices are grouped by VSX pairs, 38 | # names of vsx_pairs can be anything alphanumeric 39 | # devices do not have to be physically in the same "vsx_pair" 40 | # Rack information such as loopback0_ip and vsx_pair_asn must be repeated in 41 | # spine group - see below 42 | children: 43 | rack1: 44 | vars: 45 | # eBGP only, not necessary for iBGP fabric 46 | vsx_pair_asn: 65001 47 | # eBGP only, Used to create BGP neighbors to Spines, must match IP addresses of the Spine interfaces connecting to the Leafs 48 | spine_L3fabric_ips: 49 | - 192.168.2.1 50 | - 192.168.2.3 51 | - 192.168.2.5 52 | - 192.168.2.7 53 | # VSX information 54 | vsx_system_mac: 00:00:00:00:01:11 55 | vsx_keepalive_ip_primary: 192.168.1.110 56 | vsx_keepalive_ip_secondary: 192.168.1.111 57 | hosts: 58 | Zone1-Rack1-Leaf1a: 59 | ansible_host: 10.10.10.56 60 | vsx_role: primary 61 | loopback0_ip: 192.168.1.1 62 | loopback1_ip: 192.168.100.1 63 | # L3 interfaces - Leaf uplinks to Spines 64 | vsx_pair_L3fabric_ips: 65 | - interface: 1/1/49 66 | ipv4: 192.168.2.0 67 | - interface: 1/1/50 68 | ipv4: 192.168.2.2 69 | Zone1-Rack1-Leaf1b: 70 | ansible_host: 10.10.10.57 71 | vsx_role: secondary 72 | loopback0_ip: 192.168.1.2 73 | loopback1_ip: 192.168.100.2 74 | # L3 interfaces - Leaf uplinks to Spines 75 | vsx_pair_L3fabric_ips: 76 | - interface: 1/1/49 77 | ipv4: 192.168.2.4 78 | - interface: 1/1/50 79 | ipv4: 192.168.2.6 80 | rack3: 81 | vars: 82 | vsx_pair_asn: 65003 83 | vsx_system_mac: 00:00:00:00:03:13 84 | vsx_keepalive_ip_primary: 192.168.1.112 85 | vsx_keepalive_ip_secondary: 192.168.1.113 86 | spine_L3fabric_ips: 87 | - 192.168.2.9 88 | - 192.168.2.11 89 | - 192.168.2.13 90 | - 192.168.2.15 91 | hosts: 92 | Zone1-Rack3-Leaf3a: 93 | ansible_host: 10.10.10.60 94 | vsx_role: primary 95 | loopback0_ip: 192.168.1.5 96 | loopback1_ip: 192.168.100.5 97 | # L3 interfaces for fabric - Leaf uplinks to Spines 98 | vsx_pair_L3fabric_ips: 99 | - interface: 1/1/49 100 | ipv4: 192.168.2.8 101 | - interface: 1/1/50 102 | ipv4: 192.168.2.10 103 | Zone1-Rack3-Leaf3b: 104 | ansible_host: 10.10.10.61 105 | vsx_role: secondary 106 | loopback0_ip: 192.168.1.6 107 | loopback1_ip: 192.168.100.6 108 | # L3 interfaces for fabric - Leaf uplinks to Spines 109 | vsx_pair_L3fabric_ips: 110 | - interface: 1/1/49 111 | ipv4: 192.168.2.12 112 | - interface: 1/1/50 113 | ipv4: 192.168.2.14 114 | vars: 115 | config_template: leaf.j2 116 | speed_interface_group_10g: [1,3] # Enables 10g speed on specified interface groups, remove variable if unused 117 | spine: 118 | vars: 119 | config_template: spine.j2 120 | vsx_system_mac: 00:00:00:00:01:01 121 | # Rack data structure used in playbooks 122 | vsx_pairs: 123 | - vsx_pair_asn: 65001 124 | loopback_ips: ['192.168.1.1', '192.168.1.2'] # Must match loopback0_ips of corresponding vsx_pair above in leaf group 125 | - vsx_pair_asn: 65003 126 | loopback_ips: ['192.168.1.5', '192.168.1.6'] # Must match loopback0_ips of corresponding vsx_pair above in leaf group 127 | hosts: 128 | Zone1-Spine1: 129 | ansible_host: 10.10.10.54 130 | loopback0_ip: 192.168.1.11 131 | # L3 Fabric information for Rack downlinks - used in jinja2 template 132 | vsx_pair_downlinks: 133 | rack1: 134 | - vsx_pair_asn: 65001 # Must match vsx_pair_asn of corresponding vsx_pair above in leaf group 135 | vsx_pair_downlink_int: 1/1/27 136 | vsx_pair_downlink_ip: 192.168.2.1 137 | vsx_pair_uplink_ip: 192.168.2.0 # Must match L3 address of connecting leaf interface in vsx_pair_L3fabric_ips 138 | - vsx_pair_asn: 65001 139 | vsx_pair_downlink_int: 1/1/28 140 | vsx_pair_downlink_ip: 192.168.2.5 141 | vsx_pair_uplink_ip: 192.168.2.4 142 | rack3: 143 | - vsx_pair_asn: 65003 # Must match vsx_pair_asn of corresponding vsx_pair above in leaf group 144 | vsx_pair_downlink_int: 1/1/24 145 | vsx_pair_downlink_ip: 192.168.2.9 146 | vsx_pair_uplink_ip: 192.168.2.8 147 | - vsx_pair_asn: 65003 148 | vsx_pair_downlink_int: 1/1/23 149 | vsx_pair_downlink_ip: 192.168.2.13 150 | vsx_pair_uplink_ip: 192.168.2.12 # Must match L3 address of connecting leaf interface in vsx_pair_L3fabric_ips 151 | Zone1-Spine2: 152 | ansible_host: 10.10.10.55 153 | loopback0_ip: 192.168.1.12 154 | # L3 Fabric information for Rack downlinks - used in jinja2 template 155 | vsx_pair_downlinks: 156 | rack1: 157 | - vsx_pair_asn: 65001 # Must match vsx_pair_asn of corresponding vsx_pair above in leaf group 158 | vsx_pair_downlink_int: 1/1/27 159 | vsx_pair_downlink_ip: 192.168.2.3 160 | vsx_pair_uplink_ip: 192.168.2.2 161 | - vsx_pair_asn: 65001 162 | vsx_pair_downlink_int: 1/1/28 163 | vsx_pair_downlink_ip: 192.168.2.7 164 | vsx_pair_uplink_ip: 192.168.2.6 # Must match L3 address of connecting leaf interface in vsx_pair_L3fabric_ips 165 | rack3: 166 | - vsx_pair_asn: 65003 # Must match vsx_pair_asn of corresponding vsx_pair above in leaf group 167 | vsx_pair_downlink_int: 1/1/24 168 | vsx_pair_downlink_ip: 192.168.2.11 169 | vsx_pair_uplink_ip: 192.168.2.10 170 | - vsx_pair_asn: 65003 171 | vsx_pair_downlink_int: 1/1/23 172 | vsx_pair_downlink_ip: 192.168.2.15 173 | vsx_pair_uplink_ip: 192.168.2.14 # Must match L3 address of connecting leaf interface in vsx_pair_L3fabric_ips -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright 2019 Hewlett Packard Enterprise Development LP 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. --------------------------------------------------------------------------------