-
Notifications
You must be signed in to change notification settings - Fork 0
/
ubiquiti-edge-router.j2
167 lines (138 loc) · 6.18 KB
/
ubiquiti-edge-router.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
{# j2lint: disable=jinja-statements-delimiter #}
{# j2lint: disable=jinja-statements-indentation #}
{# j2lint: disable=single-statement-per-line #}
{% if device is not defined and device_id is defined %}
{% set device = dcim.Device.objects.get(pk=device_id) %}
{% endif %}
{%- set description_slugifier = {
'lower': False,
'spaces': True,
'only_ascii': True,
'extra_chars': '()._',
} %}
{%- set rip_interfaces = [] %}
{%- set ripng_interfaces = [] %}
{%- for intf in device.interfaces.all() %}
{%- set ifpath = intf.name %}
{#- Analyse tags #}
{%- for tag in intf.tags.all() %}
{%- if tag.name == 'protocol:rip' %}{{ rip_interfaces.append(intf.name) or "" }}{% endif %}
{%- if tag.name == 'protocol:ripng' %}{{ ripng_interfaces.append(intf.name) or "" }}{% endif %}
{%- endfor %}
{#- Loopback #}
{%- if intf.name == "lo" %}{% set iftype = "loopback" %}{% endif %}
{#- Ethernet #}
{%- if intf.type not in ["virtual", "other", "bridge", "lag"] %}
{%- set iftype = "ethernet" %}
{%- endif %}
{#- VLANs #}
{%- if intf.type == 'virtual' and intf.parent and intf.mode == 'access' and intf.untagged_vlan is not none %}
{%- if intf.parent.type not in ["virtual", "other", "bridge", "lag"] %}{% set iftype = "ethernet" %}{% endif %}
{#- TODO: add other iftypes #}
{%- set ifpath = "%s vif %d" % (intf.parent.name, intf.untagged_vlan.vid) %}
{%- endif %}
{#- Tunnels #}
{%- set term = intf.tunnel_terminations.first() %}
{%- if term %}
{%- set remote = term.tunnel.terminations.exclude(termination_id=intf.id).first() %}
{%- if remote %}
{%- set iftype = "tunnel" %}
set interfaces tunnel {{ intf.name }} encapsulation {{ term.tunnel.encapsulation }}
set interfaces tunnel {{ intf.name }} multicast disable
set interfaces tunnel {{ intf.name }} local-ip {{ term.outside_ip.address.ip }}
{%- with remote_ip = ipam.IPAddress.objects.filter(nat_inside_id=remote.outside_ip.id).first() or remote.outside_ip %}
set interfaces tunnel {{ intf.name }} remote-ip {{ remote_ip.address.ip }}
{%- endwith %}
{%- endif %}
{%- endif %}
{#- Generic interface config #}
{%- if iftype %}
{%- if intf.description != '' %}
set interfaces {{ iftype }} {{ ifpath }} description "{{ intf.description | slugify(**description_slugifier) }}"
{%- endif %}
{%- for addr in intf.ip_addresses.all() %}
{%- if addr.status == 'dhcp' %}
set interfaces {{ iftype }} {{ ifpath }} address dhcp
{%- elif addr.status == 'slaac' %}
set interfaces {{ iftype }} {{ ifpath }} ipv6 address autoconf
{%- else %}
set interfaces {{ iftype }} {{ ifpath }} address {{ addr.address }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endfor %}{# /Interfaces #}
{# static interface routes #}
delete protocols static interface-route
{%- for intf in device.interfaces.filter(untagged_vlan__isnull=False) %}
{%- for pfx in ipam.Prefix.objects.filter(vlan_id=intf.untagged_vlan_id) %}
{%- if pfx.custom_field_data.get('use_interface_route', False) %}
set protocols static interface-route {{ pfx.prefix }} next-hop-interface {{ intf.name }}
{%- if pfx.description %} description "{{ pfx.description | slugify(**description_slugifier) }}"{% endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- set prefix_list_used = [] %}
{# BGP sessions #}
{%- for sess in netbox_bgp.BGPSession.objects.filter(device_id=device.id) %}
{%- set neighbor = sess.remote_address.address.ip %}
{%- set asn = sess.local_as.asn %}
{%- set is_v6 = sess.local_address.address.ip.version == 6 %}
{%- if sess.description != '' %}
set protocols bgp {{ asn }} neighbor {{ neighbor }} description {{ sess.description | slugify(**description_slugifier) }}
{%- endif %}
set protocols bgp {{ asn }} neighbor {{ neighbor }} remote-as {{ sess.remote_as.asn }}
{%- if sess.peer_group %}
set protocols bgp {{ asn }} neighbor {{ neighbor }} peer-group {{ sess.peer_group.name }}
{%- endif %}
set protocols bgp {{ asn }} neighbor {{ neighbor }} update-source {{ sess.local_address.address.ip }}
{%- if is_v6 %}
set protocols bgp {{ asn }} neighbor {{ neighbor }} no-activate
{%- if sess.peer_group %}
set protocols bgp {{ asn }} neighbor {{ neighbor }} address-family ipv6-unicast peer-group {{ sess.peer_group.name }}
{%- endif %}
{%- if sess.prefix_list_in %}
{{- prefix_list_used.append(sess.prefix_list_in) or "" }}
set protocols bgp {{ asn }} neighbor {{ neighbor }} address-family ipv6-unicast prefix-list import {{ sess.prefix_list_in.name }}
{%- endif %}
{%- if sess.prefix_list_out %}
{{- prefix_list_used.append(sess.prefix_list_out) or "" }}
set protocols bgp {{ asn }} neighbor {{ neighbor }} address-family ipv6-unicast prefix-list export {{ sess.prefix_list_in.name }}
{%- endif %}
{%- else %}
{%- if sess.prefix_list_in %}
{{- prefix_list_used.append(sess.prefix_list_in) or "" }}
set protocols bgp {{ asn }} neighbor {{ neighbor }} prefix-list import {{ sess.prefix_list_in.name }}
{%- endif %}
{%- if sess.prefix_list_out %}
{{- prefix_list_used.append(sess.prefix_list_out) or "" }}
set protocols bgp {{ asn }} neighbor {{ neighbor }} prefix-list export {{ sess.prefix_list_in.name }}
{%- endif %}
{%- endif %}
{%- endfor %}
{# RIP #}
{%- for intf in rip_interfaces %}
set protocols rip interface {{ intf }}
{%- endfor %}
{%- for intf in ripng_interfaces %}
set protocols ripng interface {{ intf }}
{%- endfor %}
{# Policy #}
{%- for pfxlist in prefix_list_used | unique %}
{%- set policytype = 'prefix-list6' if pfxlist.family == 'ipv6' else 'prefix-list' %}
{%- if pfxlist.description != '' %}
set policy {{ policytype }} {{ pfxlist.name }} description "{{ pfxlist.description | slugify(**description_slugifier) }}"
{%- endif %}
{%- for rule in pfxlist.prefrules.all() %}
{%- if rule.description != '' %}
set policy {{ policytype }} {{ pfxlist.name }} rule {{ rule.index }} description "{{ rule.description | slugify(**description_slugifier) }}"
{%- endif %}
set policy {{ policytype }} {{ pfxlist.name }} rule {{ rule.index }} action {{ rule.action }}
set policy {{ policytype }} {{ pfxlist.name }} rule {{ rule.index }} prefix {{ rule.prefix.prefix if rule.prefix else rule.prefix_custom }}
{%- if rule.ge is not none %}
set policy {{ policytype }} {{ pfxlist.name }} rule {{ rule.index }} ge {{ rule.ge }}
{%- endif %}
{%- if rule.le is not none %}
set policy {{ policytype }} {{ pfxlist.name }} rule {{ rule.index }} ge {{ rule.le }}
{%- endif %}
{%- endfor %}
{%- endfor %}