Merge branch 'devel' into monitor_session

aristanetworks · Aug 21, 2024 · 6a995aa · 6a995aa
2 parents 19cc66f + 3cc0195
commit 6a995aa
Show file tree

Hide file tree

Showing 50 changed files with 811 additions and 207 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -75,7 +75,7 @@ repos:
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.5.7
+    rev: v0.6.1
     hooks:
       # Run the linter.
       - id: ruff

diff --git a/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md b/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md
@@ -204,6 +204,15 @@ It can be added if required by using `config_comment`:
 +config_comment: "RANCID-CONTENT-TYPE: arista"
 ```
 
+### Default value of `mlag_on_orphan_port_channel_downlink` is changed to `false`
+
+The default value `true` of data model `mlag_on_orphan_port_channel_downlink` has been changed to `false`, so it is now required to set `mlag_on_orphan_port_channel_downlink: true` to configure the MLAG ID on a downlink Port-Channel even if the downlink is only on one node in the MLAG pair.
+By default an MLAG ID will only be configured on Port-Channel downlinks dual-homed to two MLAG switches.
+
+```diff
++ mlag_on_orphan_port_channel_downlink: true
+```
+
 ## Changes to role `arista.avd.eos_cli_config_gen`
 
 TODO: Level 3 sections for each change with details on how to migrate

diff --git a/...ons/arista/avd/molecule/eos_cli_config_gen/documentation/devices/ip-security.md b/...ons/arista/avd/molecule/eos_cli_config_gen/documentation/devices/ip-security.md
@@ -62,6 +62,7 @@ interface Management1
 | SA-4 | md5 | 3des | - | - |
 | SA-5 | sha512 | - | - | - |
 | SA-6 | sha384 | - | - | - |
+| SA-7 | - | - | - | - |
 
 ### IPSec profiles
 
@@ -70,6 +71,7 @@ interface Management1
 | Profile-1 | IKE-1 | SA-1 | start | - | - | - | transport | - |
 | Profile-2 | - | SA-2 | start | - | - | - | tunnel | False |
 | Profile-3 | - | SA-3 | start | - | - | - | tunnel | True |
+| Profile-4 | - | - | - | - | - | - | - | - |
 
 ### Key controller
 
@@ -122,6 +124,8 @@ ip security
    sa policy SA-6
       esp integrity sha384
    !
+   sa policy SA-7
+   !
    profile Profile-1
       ike-policy IKE-1
       sa-policy SA-1
@@ -143,6 +147,8 @@ ip security
       flow parallelization encapsulation udp
       mode tunnel
    !
+   profile Profile-4
+   !
    key controller
       profile Profile-1
    hardware encryption disabled

diff --git a/...arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis-new.md b/...arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis-new.md
@@ -155,9 +155,9 @@ interface Loopback1
 
 ##### ISIS
 
-| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode |
-| --------- | ------------- | -------- | ----------- | ---- |
-| Vlan4093 | EVPN_UNDERLAY | - | 50 | point-to-point |
+| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Authentication Mode |
+| --------- | ------------- | -------- | ----------- | ---- | ------------------------ |
+| Vlan4093 | EVPN_UNDERLAY | - | 50 | point-to-point | - |
 
 #### VLAN Interfaces Device Configuration
 

diff --git a/...ons/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md b/...ons/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md
@@ -240,9 +240,9 @@ interface Loopback2
 
 ##### ISIS
 
-| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode |
-| --------- | ------------- | -------- | ----------- | ---- |
-| Vlan4093 | EVPN_UNDERLAY | - | 50 | point-to-point |
+| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Authentication Mode |
+| --------- | ------------- | -------- | ----------- | ---- | ------------------------ |
+| Vlan4093 | EVPN_UNDERLAY | - | 50 | point-to-point | - |
 
 #### VLAN Interfaces Device Configuration
 

diff --git a/...arista/avd/molecule/eos_cli_config_gen/documentation/devices/vlan-interfaces.md b/...arista/avd/molecule/eos_cli_config_gen/documentation/devices/vlan-interfaces.md
@@ -185,9 +185,20 @@ interface Management1
 
 ##### ISIS
 
-| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode |
-| --------- | ------------- | -------- | ----------- | ---- |
-| Vlan2002 | EVPN_UNDERLAY | True | - | - |
+| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Authentication Mode |
+| --------- | ------------- | -------- | ----------- | ---- | ------------------------ |
+| Vlan42 | EVPN_UNDERLAY | - | - | - | Level-1: sha |
+| Vlan83 | EVPN_UNDERLAY | - | - | - | md5 |
+| Vlan84 | EVPN_UNDERLAY | - | - | - | sha |
+| Vlan85 | EVPN_UNDERLAY | - | - | - | sha |
+| Vlan86 | EVPN_UNDERLAY | - | - | - | shared-secret |
+| Vlan87 | EVPN_UNDERLAY | - | - | - | shared-secret |
+| Vlan88 | EVPN_UNDERLAY | - | - | - | Level-1: md5<br>Level-2: text |
+| Vlan90 | EVPN_UNDERLAY | - | - | - | Level-1: shared-secret<br>Level-2: shared-secret |
+| Vlan91 | EVPN_UNDERLAY | - | - | - | Level-1: md5<br>Level-2: text |
+| Vlan92 | EVPN_UNDERLAY | - | - | - | Level-1: shared-secret<br>Level-2: shared-secret |
+| Vlan2002 | EVPN_UNDERLAY | True | - | - | md5 |
+| Vlan4094 | EVPN_UNDERLAY | - | - | - | Level-1: sha<br>Level-2: sha |
 
 ##### Multicast Routing
 
@@ -246,13 +257,22 @@ interface Vlan42
    ip helper-address 10.10.64.150 source-interface Loopback0
    ip helper-address 10.10.96.150 source-interface Loopback0
    ip helper-address 10.10.96.151 source-interface Loopback0
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 5 level-1
    ip address virtual 10.10.42.1/24
 !
 interface Vlan43
    description SVI Description
    no shutdown
    ipv6 dhcp relay destination a0::2 vrf TEST local-interface Loopback44 link-address a0::4
    ipv6 address a0::1/64
+   isis authentication key-id 2 algorithm sha-512 key 0 password
+   isis authentication key-id 3 algorithm sha-512 rfc-5310 key 0 password1
+   isis authentication key-id 1 algorithm sha-1 key 0 password level-1
+   isis authentication key-id 4 algorithm sha-1 rfc-5310 key 0 password level-1
+   isis authentication key-id 5 algorithm sha-1 key 0 password3 level-1
+   isis authentication key-id 1 algorithm sha-1 key 0 password level-2
+   isis authentication key-id 5 algorithm sha-1 rfc-5310 key 0 password level-2
 !
 interface Vlan44
    description SVI Description
@@ -267,6 +287,8 @@ interface Vlan50
    ip nat source dynamic access-list ACL2 pool POOL2
    ip nat destination static 1.0.0.1 2.0.0.1
    ip nat destination dynamic access-list ACL1 pool POOL1
+   isis authentication mode text rx-disabled level-2
+   isis authentication key 0 password level-2
 !
 interface Vlan75
    description SVI Description
@@ -294,6 +316,9 @@ interface Vlan81
 interface Vlan83
    description SVI Description
    no shutdown
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5
+   isis authentication key 0 password
    ip address virtual 10.10.83.1/24
    ip address virtual 10.11.83.1/24 secondary
    ip address virtual 10.11.84.1/24 secondary
@@ -303,19 +328,27 @@ interface Vlan84
    arp gratuitous accept
    arp monitor mac-address
    ip address 10.10.84.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 2 rx-disabled
+   isis authentication key 0 password
    ip virtual-router address 10.10.84.254
    ip virtual-router address 10.11.84.254/24
 !
 interface Vlan85
    description SVI Description
    arp cache dynamic capacity 50000
    ip address 10.10.84.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 2
+   isis authentication key 0 password
    bfd interval 500 min-rx 500 multiplier 5
    bfd echo
 !
 interface Vlan86
    description SVI Description
    ip address 10.10.83.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-1 rx-disabled
    ip attached-host route export 10
 !
 interface Vlan87
@@ -324,10 +357,17 @@ interface Vlan87
    ip address 10.10.87.1/24
    ip access-group ACL_IN in
    ip access-group ACL_OUT out
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-1
 !
 interface Vlan88
    description SVI Description
    shutdown
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5 rx-disabled level-1
+   isis authentication mode text rx-disabled level-2
+   isis authentication key 0 password level-1
+   isis authentication key 0 password level-2
    ip address virtual 10.10.87.1/23
 !
 interface Vlan89
@@ -354,18 +394,29 @@ interface Vlan89
 interface Vlan90
    description SVI Description
    ip address 10.10.83.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile2 algorithm sha-1 level-1
+   isis authentication mode shared-secret profile profile1 algorithm sha-256 level-2
    ip attached-host route export
 !
 interface Vlan91
    description PBR Description
    shutdown
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5 level-1
+   isis authentication mode text level-2
+   isis authentication key 0 password level-1
+   isis authentication key 0 password level-2
    service-policy type pbr input MyServicePolicy
 !
 interface Vlan92
    description SVI Description
    ip proxy-arp
    ip directed-broadcast
    ip address 10.10.92.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile2 algorithm sha-1 rx-disabled level-1
+   isis authentication mode shared-secret profile profile1 algorithm sha-256 rx-disabled level-2
 !
 interface Vlan110
    description PVLAN Primary with vlan mapping
@@ -493,6 +544,8 @@ interface Vlan2002
    ip verify unicast source reachable-via rx
    isis enable EVPN_UNDERLAY
    isis bfd
+   isis authentication mode md5 rx-disabled
+   isis authentication key 0 password
    ip address virtual 10.2.2.1/24
 !
 interface Vlan4094
@@ -506,6 +559,9 @@ interface Vlan4094
    pim ipv4 hello count 3.5
    pim ipv4 dr-priority 200
    pim ipv4 bfd
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 5 rx-disabled level-1
+   isis authentication mode sha key-id 10 rx-disabled level-2
 ```
 
 ## BFD

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/ip-security.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/ip-security.cfg
@@ -40,6 +40,8 @@ ip security
    sa policy SA-6
       esp integrity sha384
    !
+   sa policy SA-7
+   !
    profile Profile-1
       ike-policy IKE-1
       sa-policy SA-1
@@ -61,6 +63,8 @@ ip security
       flow parallelization encapsulation udp
       mode tunnel
    !
+   profile Profile-4
+   !
    key controller
       profile Profile-1
    hardware encryption disabled

diff --git a/...e_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/vlan-interfaces.cfg b/...e_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/vlan-interfaces.cfg
@@ -46,13 +46,22 @@ interface Vlan42
    ip helper-address 10.10.64.150 source-interface Loopback0
    ip helper-address 10.10.96.150 source-interface Loopback0
    ip helper-address 10.10.96.151 source-interface Loopback0
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 5 level-1
    ip address virtual 10.10.42.1/24
 !
 interface Vlan43
    description SVI Description
    no shutdown
    ipv6 dhcp relay destination a0::2 vrf TEST local-interface Loopback44 link-address a0::4
    ipv6 address a0::1/64
+   isis authentication key-id 2 algorithm sha-512 key 0 password
+   isis authentication key-id 3 algorithm sha-512 rfc-5310 key 0 password1
+   isis authentication key-id 1 algorithm sha-1 key 0 password level-1
+   isis authentication key-id 4 algorithm sha-1 rfc-5310 key 0 password level-1
+   isis authentication key-id 5 algorithm sha-1 key 0 password3 level-1
+   isis authentication key-id 1 algorithm sha-1 key 0 password level-2
+   isis authentication key-id 5 algorithm sha-1 rfc-5310 key 0 password level-2
 !
 interface Vlan44
    description SVI Description
@@ -67,6 +76,8 @@ interface Vlan50
    ip nat source dynamic access-list ACL2 pool POOL2
    ip nat destination static 1.0.0.1 2.0.0.1
    ip nat destination dynamic access-list ACL1 pool POOL1
+   isis authentication mode text rx-disabled level-2
+   isis authentication key 0 password level-2
 !
 interface Vlan75
    description SVI Description
@@ -94,6 +105,9 @@ interface Vlan81
 interface Vlan83
    description SVI Description
    no shutdown
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5
+   isis authentication key 0 password
    ip address virtual 10.10.83.1/24
    ip address virtual 10.11.83.1/24 secondary
    ip address virtual 10.11.84.1/24 secondary
@@ -103,19 +117,27 @@ interface Vlan84
    arp gratuitous accept
    arp monitor mac-address
    ip address 10.10.84.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 2 rx-disabled
+   isis authentication key 0 password
    ip virtual-router address 10.10.84.254
    ip virtual-router address 10.11.84.254/24
 !
 interface Vlan85
    description SVI Description
    arp cache dynamic capacity 50000
    ip address 10.10.84.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 2
+   isis authentication key 0 password
    bfd interval 500 min-rx 500 multiplier 5
    bfd echo
 !
 interface Vlan86
    description SVI Description
    ip address 10.10.83.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-1 rx-disabled
    ip attached-host route export 10
 !
 interface Vlan87
@@ -124,10 +146,17 @@ interface Vlan87
    ip address 10.10.87.1/24
    ip access-group ACL_IN in
    ip access-group ACL_OUT out
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-1
 !
 interface Vlan88
    description SVI Description
    shutdown
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5 rx-disabled level-1
+   isis authentication mode text rx-disabled level-2
+   isis authentication key 0 password level-1
+   isis authentication key 0 password level-2
    ip address virtual 10.10.87.1/23
 !
 interface Vlan89
@@ -154,18 +183,29 @@ interface Vlan89
 interface Vlan90
    description SVI Description
    ip address 10.10.83.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile2 algorithm sha-1 level-1
+   isis authentication mode shared-secret profile profile1 algorithm sha-256 level-2
    ip attached-host route export
 !
 interface Vlan91
    description PBR Description
    shutdown
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5 level-1
+   isis authentication mode text level-2
+   isis authentication key 0 password level-1
+   isis authentication key 0 password level-2
    service-policy type pbr input MyServicePolicy
 !
 interface Vlan92
    description SVI Description
    ip proxy-arp
    ip directed-broadcast
    ip address 10.10.92.1/24
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile2 algorithm sha-1 rx-disabled level-1
+   isis authentication mode shared-secret profile profile1 algorithm sha-256 rx-disabled level-2
 !
 interface Vlan110
    description PVLAN Primary with vlan mapping
@@ -293,6 +333,8 @@ interface Vlan2002
    ip verify unicast source reachable-via rx
    isis enable EVPN_UNDERLAY
    isis bfd
+   isis authentication mode md5 rx-disabled
+   isis authentication key 0 password
    ip address virtual 10.2.2.1/24
 !
 interface Vlan4094
@@ -306,3 +348,6 @@ interface Vlan4094
    pim ipv4 hello count 3.5
    pim ipv4 dr-priority 200
    pim ipv4 bfd
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 5 rx-disabled level-1
+   isis authentication mode sha key-id 10 rx-disabled level-2