Support for BGP authentication and route_map_out for BGP peers in l3_edge

spangoli-arista commented 1 year ago

Enhancement summary

I would need a way to configure BGP authentication and route_map_out for a BGP speaker using the l3_edge model.

Right now (avd-4.3.0), the only BGP paramenter you can set is the peer AS; the new peer is then placed into the underlay peer group.

       ---
        l3_edge:
        p2p_links_ip_pools:
            - name: dci_links
            ipv4_pool: 192.168.3.0/24
        p2p_links:
            - id: 1
            ip_pool: dci_links
            nodes: [lef501-a3-virtual-dc1, DCI-ROUTER]
            interfaces: [Ethernet27/1, Ethernet1]
            as: ["65000.1", "65000.65000"]
            include_in_underlay_protocol: true

I would need to be able to configure BGP authentication and route_map_out for this specific edge peer.

There are several scenarios where this could be useful:

whenever the edge device and the fabric are managed by different entities (authentication keys are different, and need to be rotated independently)
when you need to filter out pod-specific prefixes on a DCI connection

(It might be worth using different peer groups for these edge peering points).

Which component of AVD is impacted

eos_designs

Use case example

Two DCs with a DCI managed by a third party; the authentication and BGP settings on the DCI link may be different from the BGP settings in the fabric underlay. Would need a way to model this type of situation.

Describe the solution you would like

in the l3_edge model, at the p2p_link level, I would like to be able to define a key for the BGP authentication password, and two keys for inbound and outbound route maps; something like this:

---
l3_edge:
  p2p_links_ip_pools:
    - name: dci_links
      ipv4_pool: 192.168.3.0/24
  p2p_links:
    - id: 1
      # speed: 10g
      ip_pool: dci_links
      nodes: [lef501-a3-virtual-dc1, DCI-ROUTER]
      interfaces: [Ethernet27/1, Ethernet1]
      as: ["65000.1", "65000.65000"]
    > password: "aaaabbbbbccc12842894=="
    > route_map_out: to_DC3
    > route_map_in: from_DC3
      include_in_underlay_protocol: true

Describe alternatives you have considered

It is still possible to use custom structured configs, but - since this is a common scenario - it would be really good to have it covered in l3_edge natively.

Additional context

No response

Contributing Guide

[X] I agree to follow this project's Code of Conduct

github-actions[bot] commented 11 months ago

This issue is stale because it has been open 90 days with no activity. The issue will be reviewed by a maintainer and may be closed

msimonneau-dev commented 5 months ago

I'm also interested in this functionality. Another way to do it would be the ability to create a BGP peer-group and use it in the p2p_link configuration (and in p2p_links_profile). Route_map would be very helpful too.

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 90 days with no activity. The issue will be reviewed by a maintainer and may be closed

aristanetworks / avd