push(@{$config->{frr}->{''}}, "ip prefix-list loopbacks_ips seq 10 permit 0.0.0.0/0 le 32");
push(@{$config->{frr}->{''}}, "ip protocol bgp route-map correct_src");
- my $routemap_config = [];
+ my $routemap_config = ();
push @{$routemap_config}, "match ip address prefix-list loopbacks_ips";
push @{$routemap_config}, "set src $ifaceip";
- push(@{$config->{frr_routemap}->{'correct_src'}}, $routemap_config);
+ my $routemap = { rule => $routemap_config, action => "permit" };
+ push(@{$config->{frr_routemap}->{'correct_src'}}, $routemap);
}
return $config;
# address-family l2vpn
@controller_config = ();
+ push @controller_config, "neighbor VTEP route-map MAP_VTEP_IN in";
push @controller_config, "neighbor VTEP route-map MAP_VTEP_OUT out";
push @controller_config, "neighbor VTEP activate";
push @controller_config, "advertise-all-vni";
push @controller_config, "autort as $autortas" if $autortas;
push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
- push(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, []);
+ my $routemap = { rule => undef, action => "permit" };
+ push(@{$config->{frr_routemap}->{'MAP_VTEP_IN'}}, $routemap );
+ push(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap );
return $config;
}
if ($is_gateway) {
- if($exitnodes_primary && $exitnodes_primary ne $local_node) {
+ if(!$exitnodes_primary || $exitnodes_primary eq $local_node) {
+ #filter default type5 route coming from other exit nodes on primary node or both nodes if no primary is defined.
+ my $routemap_config = ();
+ push @{$routemap_config}, "match evpn route-type prefix";
+ my $routemap = { rule => $routemap_config, action => "deny" };
+ unshift(@{$config->{frr_routemap}->{'MAP_VTEP_IN'}}, $routemap);
+ } elsif ($exitnodes_primary ne $local_node) {
my $routemap_config = ();
push @{$routemap_config}, "match evpn vni $vrfvxlan";
push @{$routemap_config}, "match evpn route-type prefix";
push @{$routemap_config}, "set metric 200";
- unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap_config);
+ my $routemap = { rule => $routemap_config, action => "permit" };
+ unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap);
}
+
if (!$exitnodes_local_routing) {
@controller_config = ();
#import /32 routes of evpn network from vrf1 to default vrf (for packet return)
my $order = 0;
foreach my $seq (@$routemap) {
$order++;
+ next if !defined($seq->{action});
my @config = ();
push @config, "!";
- push @config, "route-map $id permit $order";
- push @config, map { " $_" } @$seq;
+ push @config, "route-map $id $seq->{action} $order";
+ my $rule = $seq->{rule};
+ push @config, map { " $_" } @$rule;
push @{$final_config}, @config;
}
}
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
advertise ipv6 unicast
exit-address-family
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
router bgp 65000 vrf vrf_myzone
bgp router-id 192.168.0.1
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
exit-address-family
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
route-target export 65000:1000
exit-address-family
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
exit-address-family
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
route-target export 65000:1000
exit-address-family
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
route-map correct_src permit 1
exit-address-family
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
default-originate ipv6
exit-address-family
!
+route-map MAP_VTEP_IN deny 1
+ match evpn route-type prefix
+!
+route-map MAP_VTEP_IN permit 2
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
default-originate ipv6
exit-address-family
!
+route-map MAP_VTEP_IN deny 1
+ match evpn route-type prefix
+!
+route-map MAP_VTEP_IN permit 2
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
exit-address-family
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
default-originate ipv6
exit-address-family
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
match evpn vni 1000
match evpn route-type prefix
exit-address-family
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
default-originate ipv6
exit-address-family
!
+route-map MAP_VTEP_IN deny 1
+ match evpn route-type prefix
+!
+route-map MAP_VTEP_IN permit 2
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
router bgp 65000 vrf vrf_myzone
bgp router-id 192.168.0.1
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
router bgp 65000 vrf vrf_myzone
bgp router-id 192.168.0.1
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
router bgp 65000 vrf vrf_myzone
bgp router-id 192.168.0.1
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
router bgp 65000 vrf vrf_myzone
bgp router-id 192.168.0.1
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
exit-address-family
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
router bgp 65000 vrf vrf_myzone
bgp router-id 192.168.0.1
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
+ neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
route-target import 65003:1000
exit-address-family
!
+route-map MAP_VTEP_IN permit 1
+!
route-map MAP_VTEP_OUT permit 1
!
line vty
projects / pve-network.git / commitdiff