first commit

2020-07-30 17:36:21 +09:30
commit de1878ad73
11 changed files with 715 additions and 0 deletions
@@ -0,0 +1,42 @@
+# /etc/sysctl.d/99frr_defaults.conf
+# Place this file at the location above and reload the device.
+# or run the sysctl -p /etc/sysctl.d/99frr_defaults.conf
+# Enables IPv4/IPv6 Routing
+net.ipv4.ip_forward = 1
+net.ipv6.conf.all.forwarding=1
+# Routing
+net.ipv6.route.max_size=131072
+net.ipv4.conf.all.ignore_routes_with_linkdown=1
+net.ipv6.conf.all.ignore_routes_with_linkdown=1
+# Best Settings for Peering w/ BGP Unnumbered and OSPF Neighbors
+net.ipv4.conf.all.rp_filter = 0
+net.ipv4.conf.default.rp_filter = 0
+net.ipv4.conf.lo.rp_filter = 0
+net.ipv4.conf.all.forwarding = 1
+net.ipv4.conf.default.forwarding = 1
+net.ipv4.conf.default.arp_announce = 2
+net.ipv4.conf.default.arp_notify = 1
+net.ipv4.conf.default.arp_ignore=1
+net.ipv4.conf.all.arp_announce = 2
+net.ipv4.conf.all.arp_notify = 1
+net.ipv4.conf.all.arp_ignore=1
+net.ipv4.icmp_errors_use_inbound_ifaddr=1
+# Miscellaneous Settings
+# Keep ipv6 permanent addresses on an admin down
+net.ipv6.conf.all.keep_addr_on_down=1
+# igmp
+net.ipv4.igmp_max_memberships=1000
+net.ipv4.neigh.default.mcast_solicit = 10
+# MLD
+net.ipv6.mld_max_msf=512
+# Garbage Collection Settings for ARP and Neighbors
+net.ipv4.neigh.default.gc_thresh2=7168
+net.ipv4.neigh.default.gc_thresh3=8192
+net.ipv4.neigh.default.base_reachable_time_ms=14400000
+net.ipv6.neigh.default.gc_thresh2=3584
+net.ipv6.neigh.default.gc_thresh3=4096
+net.ipv6.neigh.default.base_reachable_time_ms=14400000
+# Use neigh information on selection of nexthop for multipath hops
+net.ipv4.fib_multipath_use_neigh=1
+# Allows Apps to Work with VRF
+net.ipv4.tcp_l3mdev_accept=1
@@ -0,0 +1,20 @@
+
+[Unit]
+Description=Cumulus Frr Container
+After=docker.service network-online.target
+Requires=docker.service
+ 
+ 
+[Service]
+Restart=always
+TimeoutStartSec=0
+#One ExecStart/ExecStop line to prevent hitting bugs in certain systemd versions
+ExecStart=/bin/sh -c 'docker rm -f frr; \
+          docker pull registry.acs2.lan:5000/frrouting/frr; \
+          docker run -t --net=host --privileged --name frr -v /etc/frr/frr.conf:/etc/frr/frr.conf -v /etc/frr/daemons:/etc/frr/daemons -v /etc/frr/bgpd.conf:/etc/frr/bgpd.conf -v /etc/frr/bfdd.conf:/etc/frr/bfdd.conf  -v /var/log/frr/frr.log:/var/log/frr/frr.log registry.acs2.lan:5000/frrouting/frr'
+ExecStop=-/bin/sh -c '/usr/bin/docker stop frr; \
+          /usr/bin/docker rm -f frr'
+ 
+ 
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,96 @@
+frr defaults datacenter
+hostname {{ansible_hostname}}
+!
+service integrated-vtysh-config
+!
+log syslog informational
+!
+{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
+{%   for item in autobgp_interfaces %}
+interface {{ item['name'] }}
+  ipv6 nd ra-interval 10
+  no ipv6 nd suppress-ra
+!
+{%   endfor %}
+{%   endif  %}
+
+
+router bgp {{host_ASN}}
+ bgp router-id {{host_loopback_IP}}
+ bgp bestpath as-path multipath-relax
+ bgp bestpath compare-routerid
+{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
+ neighbor fabric peer-group
+ neighbor fabric remote-as external
+ neighbor fabric description Internal Fabric Network
+ neighbor fabric capability extended-nexthop
+{% endif  %}
+{% if addressed_interfaces is defined and addressed_interfaces != [] %}
+{%   for item in addressed_interfaces %}
+{%     if item['bgpPeerIP'] is defined %}
+ neighbor {{ item['bgpPeerIP'] }} remote-as {{ item['bgpPeerASN'] }} 
+{%     endif  %}
+{%   endfor %}
+{% endif  %}
+{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
+{%   for item in autobgp_interfaces %}
+ neighbor {{ item['name'] }} interface peer-group fabric
+{%   endfor %}
+{%   endif  %}
+{% if frr_other_peers is defined and frr_other_peers != [] %} 
+{%   for item in frr_other_peers %}
+ neighbor {{ item['ip'] }} remote-as {{ item['remote_ASN'] }}
+{%   endfor %}
+{%  endif   %}
+ !
+ address-family ipv4 unicast
+  network {{host_loopback_IP}}/32
+{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
+  neighbor fabric activate
+  neighbor fabric prefix-list AS{{host_ASN}}-OUT out
+{%  endif   %}  
+{% if frr_other_peers is defined and frr_other_peers != [] %} 
+{%   for item in frr_other_peers %}
+ neighbor {{ item['ip'] }} remote-as {{ item['remote_ASN'] }}  prefix-list AS{{host_ASN}}-OUT out
+{%   endfor %}
+{%  endif   %} 
+{% if addressed_interfaces is defined and addressed_interfaces != [] %}
+{%   for item in addressed_interfaces %}
+{%     if item['bgpPeerIP'] is defined %}
+ neighbor {{ item['bgpPeerIP'] }} prefix-list AS{{host_ASN}}-OUT out
+{%     endif  %}
+{%   endfor %}
+{% endif  %} 
+  exit-address-family
+ !
+ address-family ipv6 unicast
+  network {{host_loopback_IP_v6}}/128
+{% if frr_other_peers is defined and frr_other_peers != [] %} 
+{%   for item in frr_other_peers %}
+ neighbor {{ item['ip'] }} prefix-list AS{{host_ASN}}-OUT out
+{%   endfor %}
+{%  endif   %}    
+{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
+  neighbor fabric activate
+  neighbor fabric prefix-list AS{{host_ASN}}-OUT out
+{%  endif   %}  
+{% if addressed_interfaces is defined and addressed_interfaces != [] %}
+{%   for item in addressed_interfaces %}
+{%     if item['bgpPeerIP'] is defined %}
+ neighbor {{ item['bgpPeerIP'] }} prefix-list AS{{host_ASN}}-OUT out
+{%     endif  %}
+{%   endfor %}
+{% endif  %}
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  neighbor fabric activate
+  advertise-all-vni
+  advertise-default-gw
+ exit-address-family
+!
+ip prefix-list AS{{host_ASN}}-OUT seq 5 permit {{host_loopback_IP}}/32
+!
+ipv6 prefix-list AS{{host_ASN}}-OUT seq 5 permit {{host_loopback_IP_v6}}/128
+line vty
+!