diff options
Diffstat (limited to 'data/templates/frr')
| -rw-r--r-- | data/templates/frr/bgpd.frr.j2 | 12 | ||||
| -rw-r--r-- | data/templates/frr/daemons.frr.tmpl | 3 | ||||
| -rw-r--r-- | data/templates/frr/ldpd.frr.j2 | 10 | ||||
| -rw-r--r-- | data/templates/frr/nhrpd.frr.j2 | 60 | ||||
| -rw-r--r-- | data/templates/frr/nhrpd_nftables.conf.j2 | 46 | ||||
| -rw-r--r-- | data/templates/frr/ospfd.frr.j2 | 2 | ||||
| -rw-r--r-- | data/templates/frr/policy.frr.j2 | 3 | ||||
| -rw-r--r-- | data/templates/frr/rpki.frr.j2 | 32 | ||||
| -rw-r--r-- | data/templates/frr/staticd.frr.j2 | 4 | ||||
| -rw-r--r-- | data/templates/frr/zebra.route-map.frr.j2 | 6 | ||||
| -rw-r--r-- | data/templates/frr/zebra.segment_routing.frr.j2 | 3 |
11 files changed, 162 insertions, 19 deletions
diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2 index 51a3f2564..e5a75090f 100644 --- a/data/templates/frr/bgpd.frr.j2 +++ b/data/templates/frr/bgpd.frr.j2 @@ -98,6 +98,8 @@ {% endif %} {% if config.enforce_first_as is vyos_defined %} neighbor {{ neighbor }} enforce-first-as +{% else %} + no neighbor {{ neighbor }} enforce-first-as {% endif %} {% if config.strict_capability_match is vyos_defined %} neighbor {{ neighbor }} strict-capability-match @@ -310,7 +312,9 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% if afi_config.redistribute is vyos_defined %} {% for protocol, protocol_config in afi_config.redistribute.items() %} {% if protocol == 'table' %} - redistribute table {{ protocol_config.table }} +{% for table, table_config in protocol_config.items() %} + redistribute table-direct {{ table }} {{ 'metric ' ~ table_config.metric if table_config.metric is vyos_defined }} {{ 'route-map ' ~ table_config.route_map if table_config.route_map is vyos_defined }} +{% endfor %} {% else %} {% set redistribution_protocol = protocol %} {% if protocol == 'ospfv3' %} @@ -355,6 +359,9 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }} import vrf {{ vrf }} {% endfor %} {% endif %} +{% if afi_config.route_map.vrf.import is vyos_defined %} + import vrf route-map {{ afi_config.route_map.vrf.import }} +{% endif %} {% if afi_config.label.vpn.export is vyos_defined %} label vpn export {{ afi_config.label.vpn.export }} {% endif %} @@ -631,6 +638,9 @@ bgp route-reflector allow-outbound-policy {% if parameters.no_fast_external_failover is vyos_defined %} no bgp fast-external-failover {% endif %} +{% if parameters.no_ipv6_auto_ra is vyos_defined %} + no bgp ipv6-auto-ra +{% endif %} {% if parameters.no_suppress_duplicates is vyos_defined %} no bgp suppress-duplicates {% endif %} diff --git a/data/templates/frr/daemons.frr.tmpl b/data/templates/frr/daemons.frr.tmpl index 3506528d2..afd888122 100644 --- a/data/templates/frr/daemons.frr.tmpl +++ b/data/templates/frr/daemons.frr.tmpl @@ -4,7 +4,6 @@ # Note: The following FRR-services must be kept disabled because they are replaced by other packages in VyOS: # # pimd Replaced by package igmpproxy. -# nhrpd Replaced by package opennhrp. # pbrd Replaced by PBR in nftables. # vrrpd Replaced by package keepalived. # @@ -30,7 +29,7 @@ isisd=yes pimd=no pim6d=yes ldpd=yes -nhrpd=no +nhrpd=yes eigrpd=no babeld=yes sharpd=no diff --git a/data/templates/frr/ldpd.frr.j2 b/data/templates/frr/ldpd.frr.j2 index 9a893cc55..b8fb0cfc7 100644 --- a/data/templates/frr/ldpd.frr.j2 +++ b/data/templates/frr/ldpd.frr.j2 @@ -82,8 +82,11 @@ mpls ldp {% endfor %} {% endif %} {% if ldp.interface is vyos_defined %} -{% for interface in ldp.interface %} +{% for interface, iface_config in ldp.interface.items() %} interface {{ interface }} +{% if iface_config.disable_establish_hello is vyos_defined %} + disable-establish-hello +{% endif %} exit {% endfor %} {% endif %} @@ -135,8 +138,11 @@ mpls ldp {% endfor %} {% endif %} {% if ldp.interface is vyos_defined %} -{% for interface in ldp.interface %} +{% for interface, iface_config in ldp.interface.items() %} interface {{ interface }} +{% if iface_config.disable_establish_hello is vyos_defined %} + disable-establish-hello +{% endif %} {% endfor %} {% endif %} exit-address-family diff --git a/data/templates/frr/nhrpd.frr.j2 b/data/templates/frr/nhrpd.frr.j2 new file mode 100644 index 000000000..813a9384b --- /dev/null +++ b/data/templates/frr/nhrpd.frr.j2 @@ -0,0 +1,60 @@ +! +{% if redirect is vyos_defined %} +nhrp nflog-group {{ redirect }} +{% endif %} +{% if multicast is vyos_defined %} +nhrp multicast-nflog-group {{ multicast }} +{% endif %} +{% if tunnel is vyos_defined %} +{% for iface, iface_config in tunnel.items() %} +interface {{ iface }} +{% if iface_config.authentication is vyos_defined %} + ip nhrp authentication {{ iface_config.authentication }} +{% endif %} +{% if iface_config.holdtime is vyos_defined %} + ip nhrp holdtime {{ iface_config.holdtime }} +{% endif %} +{% if iface_config.map.tunnel_ip is vyos_defined %} +{% for tunip, tunip_config in iface_config.map.tunnel_ip.items() %} +{% if tunip_config.nbma is vyos_defined %} + ip nhrp map {{ tunip }} {{ tunip_config.nbma }} +{% endif %} +{% endfor %} +{% endif %} +{% if iface_config.mtu is vyos_defined %} + ip nhrp mtu {{ iface_config.mtu }} +{% endif %} +{% if iface_config.multicast is vyos_defined %} +{% for multicast_ip in iface_config.multicast %} + ip nhrp map multicast {{ multicast_ip }} +{% endfor %} +{% endif %} +{% if iface_config.nhs.tunnel_ip is vyos_defined %} +{% for tunip, tunip_config in iface_config.nhs.tunnel_ip.items() %} +{% if tunip_config.nbma is vyos_defined %} +{% for nbmaip in tunip_config.nbma %} + ip nhrp nhs {{ tunip }} nbma {{ nbmaip }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +{% if iface_config.network_id is vyos_defined %} + ip nhrp network-id {{ iface_config.network_id }} +{% endif %} +{% if iface_config.redirect is vyos_defined %} + ip nhrp redirect +{% endif %} +{% if iface_config.registration_no_unique is vyos_defined %} + ip nhrp registration no-unique +{% endif %} +{% if iface_config.shortcut is vyos_defined %} + ip nhrp shortcut +{% endif %} +{% if iface_config.security_profile is vyos_defined %} + tunnel protection vici profile dmvpn-{{ iface_config.security_profile }}-{{ iface }}-child +{% endif %} +exit +! +{% endfor %} +{% endif %} +! diff --git a/data/templates/frr/nhrpd_nftables.conf.j2 b/data/templates/frr/nhrpd_nftables.conf.j2 new file mode 100644 index 000000000..6ae35ef52 --- /dev/null +++ b/data/templates/frr/nhrpd_nftables.conf.j2 @@ -0,0 +1,46 @@ +#!/usr/sbin/nft -f + +table ip vyos_nhrp_multicast +table ip vyos_nhrp_redirect +delete table ip vyos_nhrp_multicast +delete table ip vyos_nhrp_redirect +{% if multicast is vyos_defined %} +table ip vyos_nhrp_multicast { + chain VYOS_NHRP_MULTICAST_OUTPUT { + type filter hook output priority filter+10; policy accept; +{% if tunnel is vyos_defined %} +{% for tun, tunnel_conf in tunnel.items() %} +{% if tunnel_conf.multicast is vyos_defined %} + oifname "{{ tun }}" ip daddr 224.0.0.0/24 counter log group {{ multicast }} + oifname "{{ tun }}" ip daddr 224.0.0.0/24 counter drop +{% endif %} +{% endfor %} +{% endif %} + } + chain VYOS_NHRP_MULTICAST_FORWARD { + type filter hook forward priority filter+10; policy accept; +{% if tunnel is vyos_defined %} +{% for tun, tunnel_conf in tunnel.items() %} +{% if tunnel_conf.multicast is vyos_defined %} + oifname "{{ tun }}" ip daddr 224.0.0.0/4 counter log group {{ multicast }} + oifname "{{ tun }}" ip daddr 224.0.0.0/4 counter drop +{% endif %} +{% endfor %} +{% endif %} + } +} +{% endif %} +{% if redirect is vyos_defined %} +table ip vyos_nhrp_redirect { + chain VYOS_NHRP_REDIRECT_FORWARD { + type filter hook forward priority filter+10; policy accept; +{% if tunnel is vyos_defined %} +{% for tun, tunnel_conf in tunnel.items() %} +{% if tunnel_conf.redirect is vyos_defined %} + iifname "{{ tun }}" oifname "{{ tun }}" meter loglimit-0 size 65535 { ip daddr & 255.255.255.0 . ip saddr & 255.255.255.0 timeout 1m limit rate 4/minute burst 1 packets } counter log group {{ redirect }} +{% endif %} +{% endfor %} +{% endif %} + } +} +{% endif %} diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2 index bc2c74b10..79824fb64 100644 --- a/data/templates/frr/ospfd.frr.j2 +++ b/data/templates/frr/ospfd.frr.j2 @@ -82,7 +82,7 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% for area_id, area_config in area.items() %} {% if area_config.area_type is vyos_defined %} {% for type, type_config in area_config.area_type.items() if type != 'normal' %} - area {{ area_id }} {{ type }} {{ 'no-summary' if type_config.no_summary is vyos_defined }} + area {{ area_id }} {{ type }} {{ 'translate-' + type_config.translate if type_config.translate is vyos_defined }} {{ 'no-summary' if type_config.no_summary is vyos_defined }} {% if type_config.default_cost is vyos_defined %} area {{ area_id }} default-cost {{ type_config.default_cost }} {% endif %} diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2 index ed5876ae9..c28633f6f 100644 --- a/data/templates/frr/policy.frr.j2 +++ b/data/templates/frr/policy.frr.j2 @@ -252,6 +252,9 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }} {% if rule_config.match.rpki is vyos_defined %} match rpki {{ rule_config.match.rpki }} {% endif %} +{% if rule_config.match.source_vrf is vyos_defined %} + match source-vrf {{ rule_config.match.source_vrf }} +{% endif %} {% if rule_config.match.tag is vyos_defined %} match tag {{ rule_config.match.tag }} {% endif %} diff --git a/data/templates/frr/rpki.frr.j2 b/data/templates/frr/rpki.frr.j2 index 59d5bf0ac..e35f99766 100644 --- a/data/templates/frr/rpki.frr.j2 +++ b/data/templates/frr/rpki.frr.j2 @@ -1,24 +1,34 @@ -! +{% macro rpki_config(rpki) %} {# as FRR does not support deleting the entire rpki section we leave it in place even when it's empty #} rpki -{% if cache is vyos_defined %} -{% for peer, peer_config in cache.items() %} +{% if rpki.cache is vyos_defined %} +{% for peer, peer_config in rpki.cache.items() %} {# port is mandatory and preference uses a default value #} {% if peer_config.ssh.username is vyos_defined %} - rpki cache ssh {{ peer | replace('_', '-') }} {{ peer_config.port }} {{ peer_config.ssh.username }} {{ peer_config.ssh.private_key_file }} {{ peer_config.ssh.public_key_file }} preference {{ peer_config.preference }} + rpki cache ssh {{ peer | replace('_', '-') }} {{ peer_config.port }} {{ peer_config.ssh.username }} {{ peer_config.ssh.private_key_file }} {{ peer_config.ssh.public_key_file }}{{ ' source ' ~ peer_config.source_address if peer_config.source_address is vyos_defined }} preference {{ peer_config.preference }} {% else %} - rpki cache tcp {{ peer | replace('_', '-') }} {{ peer_config.port }} preference {{ peer_config.preference }} + rpki cache tcp {{ peer | replace('_', '-') }} {{ peer_config.port }}{{ ' source ' ~ peer_config.source_address if peer_config.source_address is vyos_defined }} preference {{ peer_config.preference }} {% endif %} {% endfor %} {% endif %} -{% if expire_interval is vyos_defined %} - rpki expire_interval {{ expire_interval }} +{% if rpki.expire_interval is vyos_defined %} + rpki expire_interval {{ rpki.expire_interval }} {% endif %} -{% if polling_period is vyos_defined %} - rpki polling_period {{ polling_period }} +{% if rpki.polling_period is vyos_defined %} + rpki polling_period {{ rpki.polling_period }} {% endif %} -{% if retry_interval is vyos_defined %} - rpki retry_interval {{ retry_interval }} +{% if rpki.retry_interval is vyos_defined %} + rpki retry_interval {{ rpki.retry_interval }} {% endif %} exit +{# j2lint: disable=jinja-statements-delimeter #} +{%- endmacro -%} +! +{% if rpki.vrf is vyos_defined %} +vrf {{ rpki.vrf }} + {{ rpki_config(rpki) | indent(width=1) }} +exit-vrf +{% else %} +{{ rpki_config(rpki) }} +{% endif %} ! diff --git a/data/templates/frr/staticd.frr.j2 b/data/templates/frr/staticd.frr.j2 index 90d17ec14..18d300dae 100644 --- a/data/templates/frr/staticd.frr.j2 +++ b/data/templates/frr/staticd.frr.j2 @@ -94,14 +94,14 @@ vrf {{ vrf }} {% if pppoe is vyos_defined %} {% for interface, interface_config in pppoe.items() if interface_config.no_default_route is not vyos_defined %} {{ ip_prefix }} route 0.0.0.0/0 {{ interface }} tag 210 {{ interface_config.default_route_distance if interface_config.default_route_distance is vyos_defined }} -{%- endfor %} +{% endfor %} {% endif %} {# IPv6 routing #} {% if route6 is vyos_defined %} {% for prefix, prefix_config in route6.items() %} {{ static_routes(ipv6_prefix, prefix, prefix_config) }} {# j2lint: disable=jinja-statements-delimeter #} -{%- endfor %} +{% endfor %} {% endif %} {% if vrf is vyos_defined %} exit-vrf diff --git a/data/templates/frr/zebra.route-map.frr.j2 b/data/templates/frr/zebra.route-map.frr.j2 index 70a810f43..0d6d01930 100644 --- a/data/templates/frr/zebra.route-map.frr.j2 +++ b/data/templates/frr/zebra.route-map.frr.j2 @@ -1,6 +1,12 @@ ! {{ 'no ' if disable_forwarding is vyos_defined }}{{ afi }} forwarding ! +{% if import_table is vyos_defined %} +{% for table_num, table_config in import_table.items() %} +ip import-table {{ table_num }} {{ 'distance ' ~ table_config.distance if table_config.distance is vyos_defined }} {{ 'route-map ' ~ table_config.route_map if table_config.route_map is vyos_defined }} +{% endfor %} +{% endif %} +! {% if nht.no_resolve_via_default is vyos_defined %} no {{ afi }} nht resolve-via-default {% endif %} diff --git a/data/templates/frr/zebra.segment_routing.frr.j2 b/data/templates/frr/zebra.segment_routing.frr.j2 index 7b12fcdd0..718d47d8f 100644 --- a/data/templates/frr/zebra.segment_routing.frr.j2 +++ b/data/templates/frr/zebra.segment_routing.frr.j2 @@ -11,6 +11,9 @@ segment-routing {% if locator_config.behavior_usid is vyos_defined %} behavior usid {% endif %} +{% if locator_config.format is vyos_defined %} + format {{ locator_config.format }} +{% endif %} exit ! {% endfor %} |