fortinet-solutions-cse / sdwan-advpn-reference

Jinja Orchestrator for Fortinet SD-WAN/ADVPN
53 stars 12 forks source link

Loopback hub IP in project and inventory templates #16

Closed Gubleduk closed 11 months ago

Gubleduk commented 11 months ago

Hey.

Thank you for your work.

What's the difference between these IPs in project and inventory template?

Project-Template-examples-·-fortinet-solutions-cse-sdwan-advpn-reference-Wiki

dmitryperets commented 11 months ago

Hi,

The values will always be the same, but they are used in two different contexts during the rendering.

The values from the inventory file are used when rendering the configuration of the Hub itself. So, just like with any other device, when the Hub is rendered, we generate its Loopback interface, using the loopback variable - that's the one from the inventory. For example, in 01-Hub-Underlay.j2 we have:

  {# Main Loopback #}
  edit "Lo"
    set vdom "root"
    set type loopback
    set ip {{ loopback|ipaddr('address') }}/32
    set allowaccess ping
  next

The values from the Hubs structure in the Project Template are used when rendering the configuration of the Edges (Spokes). Each Edge must configure a BGP session towards the Hub's loopback IP - that's why the Edge must know that IP. For example, in 03-Edge-Routing.j2:

  config neighbor
    {% for h in project.regions[region].hubs %}
    edit {{ project.hubs[h].lo_bgp }}

Note that when we render the Edge, we don't have access to the inventory variables of the Hubs. That's why we have to put the necessary values in some location accessible at any stage of the rendering - and that location is the Project Template.

I hope it clarifies things =) Thanks for your interest!

Gubleduk commented 11 months ago

Thank you for providing such a detailed explanation.