Skip to content

Remote leaf bgp infra peering feature #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Remote leaf bgp infra peering feature #276

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
4762524
updated l3outs with infraBGPpeerP if tenant is infra
ogorczow Aug 1, 2025
33c682b
updated bgp_infra_peers for l3out nodes
ogorczow Aug 1, 2025
2c03884
updated missing name_suffix
ogorczow Aug 4, 2025
4946d97
forbidden bgpPeerP to be created in infra tenant
ogorczow Aug 4, 2025
f7ec4e4
updated peer_type enum by removing sr-mpls
ogorczow Aug 6, 2025
7396e31
updated choices for peer_type to allow sr-mpls
ogorczow Aug 8, 2025
525072d
added Node's intersite Loopback support
ogorczow Sep 1, 2025
37733bb
added l3out.vrf check for intersite loopback
ogorczow Sep 1, 2025
25041b2
updated bgpInfraPeerP with source_interface_type and data_plane_address
ogorczow Oct 1, 2025
db23e2b
added lifecycle limitation for peer_type and source_interface_type
ogorczow Oct 2, 2025
9a80226
added bgpInfraPeerP peer_prefix_policy support
ogorczow Oct 2, 2025
98284e7
bgpInfraPeerP to be created only if its sr-mpls l3out or infra l3out …
ogorczow Oct 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 51 additions & 2 deletions aci_tenants.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -995,6 +995,7 @@ locals {
router_id = node.router_id
router_id_as_loopback = try(node.router_id_as_loopback, local.defaults.apic.tenants.l3outs.node_profiles.nodes.router_id_as_loopback)
loopbacks = try(node.loopbacks, [])
intersite_loopback = l3out.vrf == "overlay-1" ? try(node.intersite_loopback, null) : null
static_routes = [for sr in try(node.static_routes, []) : {
description = try(sr.description, "")
prefix = sr.prefix
Expand Down Expand Up @@ -1038,7 +1039,28 @@ locals {
peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null)
export_route_control = try("${peer.export_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null)
import_route_control = try("${peer.import_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null)
}]
} if tenant.name != "infra"]
bgp_infra_peers = [for peer in try(np.bgp_infra_peers, []) : {
ip = peer.ip
remote_as = peer.remote_as
admin_state = try(peer.admin_state, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.admin_state)
description = try(peer.description, "")
allow_self_as = try(peer.allow_self_as, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.allow_self_as)
disable_peer_as_check = try(peer.disable_peer_as_check, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.disable_peer_as_check)
as_override = try(peer.as_override, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.as_override)
next_hop_self = try(peer.next_hop_self, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.next_hop_self)
send_community = try(peer.send_community, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.send_community)
send_ext_community = try(peer.send_ext_community, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.send_ext_community)
peer_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type)
bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.bfd)
password = try(peer.password, null)
ttl = try(peer.ttl, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.ttl)
local_as = try(peer.local_as, null)
as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.as_propagate)
source_interface_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) == "wan" ? try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.source_interface_type) : null
data_plane_address = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) == "wan" && try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.source_interface_type) == "routable-loopback" ? try(peer.data_plane_address, null) : null
peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null)
} if tenant.name == "infra"]
}
]
]
Expand All @@ -1059,6 +1081,7 @@ module "aci_l3out_node_profile_manual" {
bgp_as_path_policy = each.value.bgp_as_path_policy
nodes = each.value.nodes
bgp_peers = each.value.bgp_peers
bgp_infra_peers = each.value.bgp_infra_peers

depends_on = [
module.aci_tenant,
Expand Down Expand Up @@ -1086,6 +1109,7 @@ locals {
router_id = node.router_id
router_id_as_loopback = try(node.router_id_as_loopback, local.defaults.apic.tenants.l3outs.nodes.router_id_as_loopback)
loopbacks = try(node.loopbacks, [])
intersite_loopback = l3out.vrf == "overlay-1" ? try(node.intersite_loopback, null) : null
static_routes = [for sr in try(node.static_routes, []) : {
description = try(sr.description, "")
prefix = sr.prefix
Expand Down Expand Up @@ -1129,7 +1153,28 @@ locals {
peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null)
export_route_control = try("${peer.export_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null)
import_route_control = try("${peer.import_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null)
}]
} if tenant.name != "infra"]
bgp_infra_peers = [for peer in try(l3out.bgp_infra_peers, []) : {
ip = peer.ip
remote_as = peer.remote_as
admin_state = try(peer.admin_state, local.defaults.apic.tenants.l3outs.bgp_infra_peers.admin_state)
description = try(peer.description, "")
allow_self_as = try(peer.allow_self_as, local.defaults.apic.tenants.l3outs.bgp_infra_peers.allow_self_as)
disable_peer_as_check = try(peer.disable_peer_as_check, local.defaults.apic.tenants.l3outs.bgp_infra_peers.disable_peer_as_check)
as_override = try(peer.as_override, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_override)
next_hop_self = try(peer.next_hop_self, local.defaults.apic.tenants.l3outs.bgp_infra_peers.next_hop_self)
send_community = try(peer.send_community, local.defaults.apic.tenants.l3outs.bgp_infra_peers.send_community)
send_ext_community = try(peer.send_ext_community, local.defaults.apic.tenants.l3outs.bgp_infra_peers.send_ext_community)
peer_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type)
bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.bgp_infra_peers.bfd)
password = try(peer.password, null)
ttl = try(peer.ttl, local.defaults.apic.tenants.l3outs.bgp_infra_peers.ttl)
local_as = try(peer.local_as, null)
as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_propagate)
source_interface_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) == "wan" ? try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.source_interface_type) : null
data_plane_address = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) == "wan" && try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.source_interface_type) == "routable-loopback" ? try(peer.data_plane_address, null) : null
peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null)
} if tenant.name == "infra"]
} if length(try(l3out.nodes, [])) != 0
]
])
Expand All @@ -1149,6 +1194,7 @@ module "aci_l3out_node_profile_auto" {
bgp_as_path_policy = each.value.bgp_as_path_policy
nodes = each.value.nodes
bgp_peers = each.value.bgp_peers
bgp_infra_peers = each.value.bgp_infra_peers

depends_on = [
module.aci_tenant,
Expand Down Expand Up @@ -1664,6 +1710,9 @@ locals {
local_as = try(peer.local_as, null)
as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.sr_mpls_l3outs.node_profiles.evpn_connectivity.as_propagate)
peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null)
peer_type = "sr-mpls"
send_community = true
send_ext_community = true
}]
}
]
Expand Down
28 changes: 28 additions & 0 deletions defaults/defaults.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -897,6 +897,20 @@ defaults:
multicast_address_family: true
admin_state: true
as_propagate: none
bgp_infra_peers:
name_suffix: ""
peer_type: wan
allow_self_as: false
disable_peer_as_check: false
send_community: false
send_ext_community: false
next_hop_self: false
as_override: false
ttl: 2
bfd: false
admin_state: true
as_propagate: none
source_interface_type: l3out-loopback
redistribution_route_maps:
source: static
dhcp_labels:
Expand Down Expand Up @@ -965,6 +979,20 @@ defaults:
multicast_address_family: true
admin_state: true
as_propagate: none
bgp_infra_peers:
name_suffix: ""
peer_type: wan
allow_self_as: false
disable_peer_as_check: false
send_community: false
send_ext_community: false
next_hop_self: false
as_override: false
ttl: 2
bfd: false
admin_state: true
as_propagate: none
source_interface_type: l3out-loopback
nodes:
pod: 1
router_id_as_loopback: true
Expand Down
Loading
Loading