From 47625248f51bab3fa0bdfba8e0f1ade37bb8f0de Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Fri, 1 Aug 2025 14:43:54 +0200 Subject: [PATCH 01/14] updated l3outs with infraBGPpeerP if tenant is infra --- aci_tenants.tf | 32 +++++++++++++++++++ defaults/defaults.yaml | 16 ++++++++++ .../README.md | 2 +- .../terraform-aci-l3out-node-profile/main.tf | 2 +- .../variables.tf | 6 ++-- 5 files changed, 53 insertions(+), 5 deletions(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index 05059404..4f9e9be0 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -1039,6 +1039,20 @@ locals { export_route_control = try("${peer.export_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null) import_route_control = try("${peer.import_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null) }] + bgp_infra_peers = [for peer in try(np.bgp_infra_peers, []) : { + ip = peer.ip + remote_as = peer.remote_as + admin_state = try(peer.admin_state, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.admin_state) + description = try(peer.description, "") + allow_self_as = try(peer.allow_self_as, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.allow_self_as) + disable_peer_as_check = try(peer.disable_peer_as_check, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.disable_peer_as_check) + peer_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) + bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.bfd) + password = try(peer.password, null) + ttl = try(peer.ttl, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.ttl) + peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.name_suffix}", null) + local_as = try(peer.local_as, null) + } if tenant.name == "infra"] } ] ] @@ -1059,6 +1073,7 @@ module "aci_l3out_node_profile_manual" { bgp_as_path_policy = each.value.bgp_as_path_policy nodes = each.value.nodes bgp_peers = each.value.bgp_peers + bgp_infra_peers = each.value.bgp_infra_peers depends_on = [ module.aci_tenant, @@ -1130,6 +1145,21 @@ locals { export_route_control = try("${peer.export_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null) import_route_control = try("${peer.import_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null) }] + bgp_infra_peers = [for peer in try(l3out.bgp_infra_peers, []) : { + ip = peer.ip + remote_as = peer.remote_as + admin_state = try(peer.admin_state, local.defaults.apic.tenants.l3outs.bgp_infra_peers.admin_state) + description = try(peer.description, "") + allow_self_as = try(peer.allow_self_as, local.defaults.apic.tenants.l3outs.bgp_infra_peers.allow_self_as) + disable_peer_as_check = try(peer.disable_peer_as_check, local.defaults.apic.tenants.l3outs.bgp_infra_peers.disable_peer_as_check) + peer_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) + bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.bgp_infra_peers.bfd) + password = try(peer.password, null) + ttl = try(peer.ttl, local.defaults.apic.tenants.l3outs.bgp_infra_peers.ttl) + as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_propagate) + peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.l3outs.bgp_infra_peers.name_suffix}", null) + local_as = try(peer.local_as, null) + } if tenant.name == "infra"] } if length(try(l3out.nodes, [])) != 0 ] ]) @@ -1149,6 +1179,7 @@ module "aci_l3out_node_profile_auto" { bgp_as_path_policy = each.value.bgp_as_path_policy nodes = each.value.nodes bgp_peers = each.value.bgp_peers + bgp_infra_peers = each.value.bgp_infra_peers depends_on = [ module.aci_tenant, @@ -1664,6 +1695,7 @@ locals { local_as = try(peer.local_as, null) as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.sr_mpls_l3outs.node_profiles.evpn_connectivity.as_propagate) peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null) + peer_type = "sr-mpls" }] } ] diff --git a/defaults/defaults.yaml b/defaults/defaults.yaml index 5e478045..007e9b6a 100644 --- a/defaults/defaults.yaml +++ b/defaults/defaults.yaml @@ -897,6 +897,14 @@ defaults: multicast_address_family: true admin_state: true as_propagate: none + bgp_infra_peers: + peer_type: wan + allow_self_as: false + disable_peer_as_check: false + ttl: 2 + bfd: false + admin_state: true + as_propagate: none redistribution_route_maps: source: static dhcp_labels: @@ -965,6 +973,14 @@ defaults: multicast_address_family: true admin_state: true as_propagate: none + bgp_infra_peers: + peer_type: wan + allow_self_as: false + disable_peer_as_check: false + ttl: 2 + bfd: false + admin_state: true + as_propagate: none nodes: pod: 1 router_id_as_loopback: true diff --git a/modules/terraform-aci-l3out-node-profile/README.md b/modules/terraform-aci-l3out-node-profile/README.md index a67b8da5..bda1ed7e 100644 --- a/modules/terraform-aci-l3out-node-profile/README.md +++ b/modules/terraform-aci-l3out-node-profile/README.md @@ -104,7 +104,7 @@ module "aci_l3out_node_profile" { | [multipod](#input\_multipod) | Multipod L3out flag. | `bool` | `false` | no | | [remote\_leaf](#input\_remote\_leaf) | Remote leaf L3out flag. | `bool` | `false` | no | | [sr\_mpls](#input\_sr\_mpls) | SR MPLS L3out flag. | `bool` | `false` | no | -| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP EVPN peers for SR MPLS L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    as_propagate          = optional(string, "none")
    peer_prefix_policy    = optional(string)
  }))
| `[]` | no | +| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP EVPN peers for SR MPLS L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
  }))
| `[]` | no | | [mpls\_custom\_qos\_policy](#input\_mpls\_custom\_qos\_policy) | MPLS Customer QoS Policy | `string` | `""` | no | | [bfd\_multihop\_node\_policy](#input\_bfd\_multihop\_node\_policy) | BFD Multihop Node Policy | `string` | `""` | no | | [bgp\_protocol\_profile\_name](#input\_bgp\_protocol\_profile\_name) | BGP Protocol Name. | `string` | `""` | no | diff --git a/modules/terraform-aci-l3out-node-profile/main.tf b/modules/terraform-aci-l3out-node-profile/main.tf index e9cc89c7..44e84fbe 100644 --- a/modules/terraform-aci-l3out-node-profile/main.tf +++ b/modules/terraform-aci-l3out-node-profile/main.tf @@ -231,7 +231,7 @@ resource "aci_rest_managed" "bgpInfraPeerP" { ctrl = join(",", concat(each.value.allow_self_as == true ? ["allow-self-as"] : [], each.value.disable_peer_as_check == true ? ["dis-peer-as-check"] : [], ["send-com"], ["send-ext-com"])) password = sensitive(each.value.password) peerCtrl = join(",", concat(each.value.bfd == true ? ["bfd"] : [])) - peerT = "sr-mpls" + peerT = each.value.peer_type ttl = each.value.ttl adminSt = each.value.admin_state == true ? "enabled" : "disabled" } diff --git a/modules/terraform-aci-l3out-node-profile/variables.tf b/modules/terraform-aci-l3out-node-profile/variables.tf index 7ab165bf..4eda744b 100644 --- a/modules/terraform-aci-l3out-node-profile/variables.tf +++ b/modules/terraform-aci-l3out-node-profile/variables.tf @@ -227,8 +227,8 @@ variable "bgp_infra_peers" { ttl = optional(number, 1) admin_state = optional(bool, true) local_as = optional(number) - as_propagate = optional(string, "none") peer_prefix_policy = optional(string) + peer_type = optional(string) })) default = [] @@ -262,9 +262,9 @@ variable "bgp_infra_peers" { validation { condition = alltrue([ - for b in var.bgp_infra_peers : b.as_propagate == null || try(contains(["none", "no-prepend", "replace-as", "dual-as"], b.as_propagate), false) + for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["sr-mpls", "wan", "mdp-wan", "intersite"], b.peer_type), false) ]) - error_message = "`as_propagate`: Allowed value are: `none`, `no-prepend`, `replace-as` or `dual-as`." + error_message = "`as_propagate`: Allowed value are: `sr-mpls`, `wan`, `mdp-wan` or `intersite`." } } From 33c682b616f17bdbe66cb6a81a0e2ae399ac41f2 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Fri, 1 Aug 2025 15:01:24 +0200 Subject: [PATCH 02/14] updated bgp_infra_peers for l3out nodes --- aci_tenants.tf | 3 ++- modules/terraform-aci-l3out-node-profile/README.md | 2 +- modules/terraform-aci-l3out-node-profile/variables.tf | 10 +++++++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index 4f9e9be0..e48b6dea 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -1052,6 +1052,7 @@ locals { ttl = try(peer.ttl, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.ttl) peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.name_suffix}", null) local_as = try(peer.local_as, null) + as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.as_propagate) } if tenant.name == "infra"] } ] @@ -1156,9 +1157,9 @@ locals { bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.bgp_infra_peers.bfd) password = try(peer.password, null) ttl = try(peer.ttl, local.defaults.apic.tenants.l3outs.bgp_infra_peers.ttl) - as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_propagate) peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.l3outs.bgp_infra_peers.name_suffix}", null) local_as = try(peer.local_as, null) + as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_propagate) } if tenant.name == "infra"] } if length(try(l3out.nodes, [])) != 0 ] diff --git a/modules/terraform-aci-l3out-node-profile/README.md b/modules/terraform-aci-l3out-node-profile/README.md index bda1ed7e..7f6be98b 100644 --- a/modules/terraform-aci-l3out-node-profile/README.md +++ b/modules/terraform-aci-l3out-node-profile/README.md @@ -104,7 +104,7 @@ module "aci_l3out_node_profile" { | [multipod](#input\_multipod) | Multipod L3out flag. | `bool` | `false` | no | | [remote\_leaf](#input\_remote\_leaf) | Remote leaf L3out flag. | `bool` | `false` | no | | [sr\_mpls](#input\_sr\_mpls) | SR MPLS L3out flag. | `bool` | `false` | no | -| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP EVPN peers for SR MPLS L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
  }))
| `[]` | no | +| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `sr-mpls`, `wan`, `mdp-wan` or `intersite` | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    as_propagate          = optional(string, "none")
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
  }))
| `[]` | no | | [mpls\_custom\_qos\_policy](#input\_mpls\_custom\_qos\_policy) | MPLS Customer QoS Policy | `string` | `""` | no | | [bfd\_multihop\_node\_policy](#input\_bfd\_multihop\_node\_policy) | BFD Multihop Node Policy | `string` | `""` | no | | [bgp\_protocol\_profile\_name](#input\_bgp\_protocol\_profile\_name) | BGP Protocol Name. | `string` | `""` | no | diff --git a/modules/terraform-aci-l3out-node-profile/variables.tf b/modules/terraform-aci-l3out-node-profile/variables.tf index 4eda744b..fdaa85bf 100644 --- a/modules/terraform-aci-l3out-node-profile/variables.tf +++ b/modules/terraform-aci-l3out-node-profile/variables.tf @@ -215,7 +215,7 @@ variable "sr_mpls" { } variable "bgp_infra_peers" { - description = "List of BGP EVPN peers for SR MPLS L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`." + description = "List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `sr-mpls`, `wan`, `mdp-wan` or `intersite`" type = list(object({ ip = string remote_as = string @@ -227,6 +227,7 @@ variable "bgp_infra_peers" { ttl = optional(number, 1) admin_state = optional(bool, true) local_as = optional(number) + as_propagate = optional(string, "none") peer_prefix_policy = optional(string) peer_type = optional(string) })) @@ -260,6 +261,13 @@ variable "bgp_infra_peers" { error_message = "`local_as`: Minimum value: `0`. Maximum value: `4294967295`." } + validation { + condition = alltrue([ + for b in var.bgp_infra_peers : b.as_propagate == null || try(contains(["none", "no-prepend", "replace-as", "dual-as"], b.as_propagate), false) + ]) + error_message = "`as_propagate`: Allowed value are: `none`, `no-prepend`, `replace-as` or `dual-as`." + } + validation { condition = alltrue([ for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["sr-mpls", "wan", "mdp-wan", "intersite"], b.peer_type), false) From 2c0388410681e0e3ac64cb5bd2f0c9dc0fbab63b Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Mon, 4 Aug 2025 11:10:58 +0200 Subject: [PATCH 03/14] updated missing name_suffix --- defaults/defaults.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/defaults/defaults.yaml b/defaults/defaults.yaml index 007e9b6a..b24deb5f 100644 --- a/defaults/defaults.yaml +++ b/defaults/defaults.yaml @@ -898,6 +898,7 @@ defaults: admin_state: true as_propagate: none bgp_infra_peers: + name_suffix: "" peer_type: wan allow_self_as: false disable_peer_as_check: false @@ -974,6 +975,7 @@ defaults: admin_state: true as_propagate: none bgp_infra_peers: + name_suffix: "" peer_type: wan allow_self_as: false disable_peer_as_check: false From 4946d97fb26762a8dfa45efe9e104d157a8b6ef1 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Mon, 4 Aug 2025 16:03:14 +0200 Subject: [PATCH 04/14] forbidden bgpPeerP to be created in infra tenant --- aci_tenants.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index e48b6dea..c28a7003 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -1038,7 +1038,7 @@ locals { peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null) export_route_control = try("${peer.export_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null) import_route_control = try("${peer.import_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null) - }] + } if tenant.name != "infra"] bgp_infra_peers = [for peer in try(np.bgp_infra_peers, []) : { ip = peer.ip remote_as = peer.remote_as @@ -1145,7 +1145,7 @@ locals { peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null) export_route_control = try("${peer.export_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null) import_route_control = try("${peer.import_route_control}${local.defaults.apic.tenants.policies.route_control_route_maps.name_suffix}", null) - }] + } if tenant.name != "infra"] bgp_infra_peers = [for peer in try(l3out.bgp_infra_peers, []) : { ip = peer.ip remote_as = peer.remote_as From f7ec4e4a8b77bc92099fed293c9e527b92742511 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Wed, 6 Aug 2025 14:59:54 +0200 Subject: [PATCH 05/14] updated peer_type enum by removing sr-mpls --- modules/terraform-aci-l3out-node-profile/README.md | 2 +- modules/terraform-aci-l3out-node-profile/variables.tf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/terraform-aci-l3out-node-profile/README.md b/modules/terraform-aci-l3out-node-profile/README.md index 7f6be98b..7e40abd2 100644 --- a/modules/terraform-aci-l3out-node-profile/README.md +++ b/modules/terraform-aci-l3out-node-profile/README.md @@ -104,7 +104,7 @@ module "aci_l3out_node_profile" { | [multipod](#input\_multipod) | Multipod L3out flag. | `bool` | `false` | no | | [remote\_leaf](#input\_remote\_leaf) | Remote leaf L3out flag. | `bool` | `false` | no | | [sr\_mpls](#input\_sr\_mpls) | SR MPLS L3out flag. | `bool` | `false` | no | -| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `sr-mpls`, `wan`, `mdp-wan` or `intersite` | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    as_propagate          = optional(string, "none")
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
  }))
| `[]` | no | +| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `wan`, `mdp-wan` or `intersite` | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    as_propagate          = optional(string, "none")
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
  }))
| `[]` | no | | [mpls\_custom\_qos\_policy](#input\_mpls\_custom\_qos\_policy) | MPLS Customer QoS Policy | `string` | `""` | no | | [bfd\_multihop\_node\_policy](#input\_bfd\_multihop\_node\_policy) | BFD Multihop Node Policy | `string` | `""` | no | | [bgp\_protocol\_profile\_name](#input\_bgp\_protocol\_profile\_name) | BGP Protocol Name. | `string` | `""` | no | diff --git a/modules/terraform-aci-l3out-node-profile/variables.tf b/modules/terraform-aci-l3out-node-profile/variables.tf index fdaa85bf..c0a60351 100644 --- a/modules/terraform-aci-l3out-node-profile/variables.tf +++ b/modules/terraform-aci-l3out-node-profile/variables.tf @@ -215,7 +215,7 @@ variable "sr_mpls" { } variable "bgp_infra_peers" { - description = "List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `sr-mpls`, `wan`, `mdp-wan` or `intersite`" + description = "List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `wan`, `mdp-wan` or `intersite`" type = list(object({ ip = string remote_as = string @@ -270,9 +270,9 @@ variable "bgp_infra_peers" { validation { condition = alltrue([ - for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["sr-mpls", "wan", "mdp-wan", "intersite"], b.peer_type), false) + for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["wan", "mdp-wan", "intersite"], b.peer_type), false) ]) - error_message = "`as_propagate`: Allowed value are: `sr-mpls`, `wan`, `mdp-wan` or `intersite`." + error_message = "`as_propagate`: Allowed value are: `wan`, `mdp-wan` or `intersite`." } } From 7396e31ca243d17008c10e2c7893a49fe69ce260 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Fri, 8 Aug 2025 12:31:20 +0200 Subject: [PATCH 06/14] updated choices for peer_type to allow sr-mpls --- modules/terraform-aci-l3out-node-profile/README.md | 2 +- modules/terraform-aci-l3out-node-profile/variables.tf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/terraform-aci-l3out-node-profile/README.md b/modules/terraform-aci-l3out-node-profile/README.md index 7e40abd2..7f6be98b 100644 --- a/modules/terraform-aci-l3out-node-profile/README.md +++ b/modules/terraform-aci-l3out-node-profile/README.md @@ -104,7 +104,7 @@ module "aci_l3out_node_profile" { | [multipod](#input\_multipod) | Multipod L3out flag. | `bool` | `false` | no | | [remote\_leaf](#input\_remote\_leaf) | Remote leaf L3out flag. | `bool` | `false` | no | | [sr\_mpls](#input\_sr\_mpls) | SR MPLS L3out flag. | `bool` | `false` | no | -| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `wan`, `mdp-wan` or `intersite` | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    as_propagate          = optional(string, "none")
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
  }))
| `[]` | no | +| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `sr-mpls`, `wan`, `mdp-wan` or `intersite` | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    as_propagate          = optional(string, "none")
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
  }))
| `[]` | no | | [mpls\_custom\_qos\_policy](#input\_mpls\_custom\_qos\_policy) | MPLS Customer QoS Policy | `string` | `""` | no | | [bfd\_multihop\_node\_policy](#input\_bfd\_multihop\_node\_policy) | BFD Multihop Node Policy | `string` | `""` | no | | [bgp\_protocol\_profile\_name](#input\_bgp\_protocol\_profile\_name) | BGP Protocol Name. | `string` | `""` | no | diff --git a/modules/terraform-aci-l3out-node-profile/variables.tf b/modules/terraform-aci-l3out-node-profile/variables.tf index c0a60351..fdaa85bf 100644 --- a/modules/terraform-aci-l3out-node-profile/variables.tf +++ b/modules/terraform-aci-l3out-node-profile/variables.tf @@ -215,7 +215,7 @@ variable "sr_mpls" { } variable "bgp_infra_peers" { - description = "List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `wan`, `mdp-wan` or `intersite`" + description = "List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `sr-mpls`, `wan`, `mdp-wan` or `intersite`" type = list(object({ ip = string remote_as = string @@ -270,9 +270,9 @@ variable "bgp_infra_peers" { validation { condition = alltrue([ - for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["wan", "mdp-wan", "intersite"], b.peer_type), false) + for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["sr-mpls", "wan", "mdp-wan", "intersite"], b.peer_type), false) ]) - error_message = "`as_propagate`: Allowed value are: `wan`, `mdp-wan` or `intersite`." + error_message = "`as_propagate`: Allowed value are: `sr-mpls`, `wan`, `mdp-wan` or `intersite`." } } From 525072d0d3113b5ee4af6dc84d6bc618c1a6d7d8 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Mon, 1 Sep 2025 16:00:07 +0200 Subject: [PATCH 07/14] added Node's intersite Loopback support --- aci_tenants.tf | 2 ++ modules/terraform-aci-l3out-node-profile/README.md | 3 ++- modules/terraform-aci-l3out-node-profile/main.tf | 9 +++++++++ modules/terraform-aci-l3out-node-profile/variables.tf | 1 + 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index c28a7003..c9279444 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -995,6 +995,7 @@ locals { router_id = node.router_id router_id_as_loopback = try(node.router_id_as_loopback, local.defaults.apic.tenants.l3outs.node_profiles.nodes.router_id_as_loopback) loopbacks = try(node.loopbacks, []) + intersite_loopback = try(node.intersite_loopback, null) static_routes = [for sr in try(node.static_routes, []) : { description = try(sr.description, "") prefix = sr.prefix @@ -1102,6 +1103,7 @@ locals { router_id = node.router_id router_id_as_loopback = try(node.router_id_as_loopback, local.defaults.apic.tenants.l3outs.nodes.router_id_as_loopback) loopbacks = try(node.loopbacks, []) + intersite_loopback = try(node.intersite_loopback, null) static_routes = [for sr in try(node.static_routes, []) : { description = try(sr.description, "") prefix = sr.prefix diff --git a/modules/terraform-aci-l3out-node-profile/README.md b/modules/terraform-aci-l3out-node-profile/README.md index 7f6be98b..42114b9d 100644 --- a/modules/terraform-aci-l3out-node-profile/README.md +++ b/modules/terraform-aci-l3out-node-profile/README.md @@ -99,7 +99,7 @@ module "aci_l3out_node_profile" { | [tenant](#input\_tenant) | Tenant name. | `string` | n/a | yes | | [l3out](#input\_l3out) | L3out name. | `string` | n/a | yes | | [name](#input\_name) | Node profile name. | `string` | n/a | yes | -| [nodes](#input\_nodes) | List of nodes. Allowed values `node_id`: 1-4000. Allowed values `pod_id`: 1-255. Default value `pod_id`: 1. Default value `router_id_as_loopback`: true. Allowed values `static_routes.preference`: 1-255. Default value `static_routes.preference`: 1. Default value `static_routes.bfd`: false. Allowed values `static_routes.next_hops.preference`: 0-255. Default value `static_routes.next_hops.preference`: 1. Choices `type`: `prefix`, `none`. Default value `type`: `prefix`. | 
list(object({
    node_id                 = number
    pod_id                  = optional(number, 1)
    router_id               = string
    router_id_as_loopback   = optional(bool, true)
    loopbacks               = optional(list(string))
    mpls_transport_loopback = optional(string)
    segment_id              = optional(number)
    static_routes = optional(list(object({
      prefix      = string
      description = optional(string, "")
      preference  = optional(number, 1)
      bfd         = optional(bool, false)
      track_list  = optional(string)
      next_hops = optional(list(object({
        ip            = string
        description   = optional(string, "")
        preference    = optional(number, 1)
        type          = optional(string, "prefix")
        ip_sla_policy = optional(string)
        track_list    = optional(string)
      })), [])
    })), [])
  }))
| `[]` | no | +| [nodes](#input\_nodes) | List of nodes. Allowed values `node_id`: 1-4000. Allowed values `pod_id`: 1-255. Default value `pod_id`: 1. Default value `router_id_as_loopback`: true. Allowed values `static_routes.preference`: 1-255. Default value `static_routes.preference`: 1. Default value `static_routes.bfd`: false. Allowed values `static_routes.next_hops.preference`: 0-255. Default value `static_routes.next_hops.preference`: 1. Choices `type`: `prefix`, `none`. Default value `type`: `prefix`. | 
list(object({
    node_id                 = number
    pod_id                  = optional(number, 1)
    router_id               = string
    router_id_as_loopback   = optional(bool, true)
    loopbacks               = optional(list(string))
    intersite_loopback      = optional(string)
    mpls_transport_loopback = optional(string)
    segment_id              = optional(number)
    static_routes = optional(list(object({
      prefix      = string
      description = optional(string, "")
      preference  = optional(number, 1)
      bfd         = optional(bool, false)
      track_list  = optional(string)
      next_hops = optional(list(object({
        ip            = string
        description   = optional(string, "")
        preference    = optional(number, 1)
        type          = optional(string, "prefix")
        ip_sla_policy = optional(string)
        track_list    = optional(string)
      })), [])
    })), [])
  }))
| `[]` | no | | [bgp\_peers](#input\_bgp\_peers) | List of BGP peers. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `as_override`: false. Default value `disable_peer_as_check`: false. Default value `next_hop_self`: false. Default value `send_community`: false. Default value `send_ext_community`: false. Allowed values `allowed_self_as_count`: 1-10. Default value `allowed_self_as_count`: 3. Default value `bfd`: false. Default value `disable_connected_check`: false. Allowed values `ttl`: 1-255. Default value `ttl`: 1. Allowed values `weight`: 0-65535. Default value `weight`: 0. Default value `remove_all_private_as`: false. Default value `remove_private_as`: false. Default value `replace_private_as_with_local_as`: false. Default value `unicast_address_family`: true. Default value `multicast_address_family`: true. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. | 
list(object({
    ip                               = string
    remote_as                        = string
    description                      = optional(string, "")
    allow_self_as                    = optional(bool, false)
    as_override                      = optional(bool, false)
    disable_peer_as_check            = optional(bool, false)
    next_hop_self                    = optional(bool, false)
    send_community                   = optional(bool, false)
    send_ext_community               = optional(bool, false)
    password                         = optional(string)
    allowed_self_as_count            = optional(number, 3)
    bfd                              = optional(bool, false)
    disable_connected_check          = optional(bool, false)
    ttl                              = optional(number, 1)
    weight                           = optional(number, 0)
    remove_all_private_as            = optional(bool, false)
    remove_private_as                = optional(bool, false)
    replace_private_as_with_local_as = optional(bool, false)
    unicast_address_family           = optional(bool, true)
    multicast_address_family         = optional(bool, true)
    admin_state                      = optional(bool, true)
    local_as                         = optional(number)
    as_propagate                     = optional(string, "none")
    peer_prefix_policy               = optional(string)
    export_route_control             = optional(string)
    import_route_control             = optional(string)
  }))
| `[]` | no | | [multipod](#input\_multipod) | Multipod L3out flag. | `bool` | `false` | no | | [remote\_leaf](#input\_remote\_leaf) | Remote leaf L3out flag. | `bool` | `false` | no | @@ -143,6 +143,7 @@ module "aci_l3out_node_profile" { | [aci_rest_managed.ipRsNexthopRouteTrack](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.ipRsRouteTrack](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extInfraNodeP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.l3extIntersiteLoopBackIfP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extLNodeP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extLoopBackIfP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extRsLNodePMplsCustQosPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | diff --git a/modules/terraform-aci-l3out-node-profile/main.tf b/modules/terraform-aci-l3out-node-profile/main.tf index 44e84fbe..60b69025 100644 --- a/modules/terraform-aci-l3out-node-profile/main.tf +++ b/modules/terraform-aci-l3out-node-profile/main.tf @@ -72,6 +72,15 @@ resource "aci_rest_managed" "l3extLoopBackIfP" { } } +resource "aci_rest_managed" "l3extIntersiteLoopBackIfP" { + for_each = { for node in var.nodes : node.node_id => node if var.tenant == "infra" && node.intersite_loopback != null } + dn = "${aci_rest_managed.l3extRsNodeL3OutAtt[each.key].dn}/sitelbp-[${each.value.intersite_loopback}]" + class_name = "l3extIntersiteLoopBackIfP" + content = { + addr = each.value.intersite_loopback + } +} + resource "aci_rest_managed" "ipRouteP" { for_each = { for item in local.static_routes : item.key => item.value } dn = "${aci_rest_managed.l3extRsNodeL3OutAtt[each.value.node].dn}/rt-[${each.value.prefix}]" diff --git a/modules/terraform-aci-l3out-node-profile/variables.tf b/modules/terraform-aci-l3out-node-profile/variables.tf index fdaa85bf..7e425b92 100644 --- a/modules/terraform-aci-l3out-node-profile/variables.tf +++ b/modules/terraform-aci-l3out-node-profile/variables.tf @@ -36,6 +36,7 @@ variable "nodes" { router_id = string router_id_as_loopback = optional(bool, true) loopbacks = optional(list(string)) + intersite_loopback = optional(string) mpls_transport_loopback = optional(string) segment_id = optional(number) static_routes = optional(list(object({ From 37733bbc3dfbf08b28dfda156543502b24d8bb13 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Mon, 1 Sep 2025 17:15:43 +0200 Subject: [PATCH 08/14] added l3out.vrf check for intersite loopback --- aci_tenants.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index c9279444..a4b6700e 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -995,7 +995,7 @@ locals { router_id = node.router_id router_id_as_loopback = try(node.router_id_as_loopback, local.defaults.apic.tenants.l3outs.node_profiles.nodes.router_id_as_loopback) loopbacks = try(node.loopbacks, []) - intersite_loopback = try(node.intersite_loopback, null) + intersite_loopback = l3out.vrf == "overlay-1" ? try(node.intersite_loopback, null) : null static_routes = [for sr in try(node.static_routes, []) : { description = try(sr.description, "") prefix = sr.prefix @@ -1103,7 +1103,7 @@ locals { router_id = node.router_id router_id_as_loopback = try(node.router_id_as_loopback, local.defaults.apic.tenants.l3outs.nodes.router_id_as_loopback) loopbacks = try(node.loopbacks, []) - intersite_loopback = try(node.intersite_loopback, null) + intersite_loopback = l3out.vrf == "overlay-1" ? try(node.intersite_loopback, null) : null static_routes = [for sr in try(node.static_routes, []) : { description = try(sr.description, "") prefix = sr.prefix From 25041b2c8a07123a618c931031a117feccac12fa Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Wed, 1 Oct 2025 13:30:33 +0200 Subject: [PATCH 09/14] updated bgpInfraPeerP with source_interface_type and data_plane_address --- aci_tenants.tf | 14 ++++++++++++ defaults/defaults.yaml | 10 +++++++++ .../README.md | 2 +- .../terraform-aci-l3out-node-profile/main.tf | 18 ++++++++------- .../variables.tf | 22 +++++++++++++++++-- 5 files changed, 55 insertions(+), 11 deletions(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index a4b6700e..67263917 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -1047,6 +1047,10 @@ locals { description = try(peer.description, "") allow_self_as = try(peer.allow_self_as, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.allow_self_as) disable_peer_as_check = try(peer.disable_peer_as_check, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.disable_peer_as_check) + as_override = try(peer.as_override, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.as_override) + next_hop_self = try(peer.next_hop_self, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.next_hop_self) + send_community = try(peer.send_community, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.send_community) + send_ext_community = try(peer.send_ext_community, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.send_ext_community) peer_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.bfd) password = try(peer.password, null) @@ -1054,6 +1058,8 @@ locals { peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.name_suffix}", null) local_as = try(peer.local_as, null) as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.as_propagate) + source_interface_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) == "wan" ? try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.source_interface_type) : null + data_plane_address = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) == "wan" && try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.source_interface_type) == "routable-loopback" ? try(peer.data_plane_address, null) : null } if tenant.name == "infra"] } ] @@ -1155,6 +1161,10 @@ locals { description = try(peer.description, "") allow_self_as = try(peer.allow_self_as, local.defaults.apic.tenants.l3outs.bgp_infra_peers.allow_self_as) disable_peer_as_check = try(peer.disable_peer_as_check, local.defaults.apic.tenants.l3outs.bgp_infra_peers.disable_peer_as_check) + as_override = try(peer.as_override, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_override) + next_hop_self = try(peer.next_hop_self, local.defaults.apic.tenants.l3outs.bgp_infra_peers.next_hop_self) + send_community = try(peer.send_community, local.defaults.apic.tenants.l3outs.bgp_infra_peers.send_community) + send_ext_community = try(peer.send_ext_community, local.defaults.apic.tenants.l3outs.bgp_infra_peers.send_ext_community) peer_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.bgp_infra_peers.bfd) password = try(peer.password, null) @@ -1162,6 +1172,8 @@ locals { peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.l3outs.bgp_infra_peers.name_suffix}", null) local_as = try(peer.local_as, null) as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_propagate) + source_interface_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) == "wan" ? try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.source_interface_type) : null + data_plane_address = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) == "wan" && try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.source_interface_type) == "routable-loopback" ? try(peer.data_plane_address, null) : null } if tenant.name == "infra"] } if length(try(l3out.nodes, [])) != 0 ] @@ -1699,6 +1711,8 @@ locals { as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.sr_mpls_l3outs.node_profiles.evpn_connectivity.as_propagate) peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null) peer_type = "sr-mpls" + send_community = true + send_ext_community = true }] } ] diff --git a/defaults/defaults.yaml b/defaults/defaults.yaml index b24deb5f..a3ca2eab 100644 --- a/defaults/defaults.yaml +++ b/defaults/defaults.yaml @@ -902,10 +902,15 @@ defaults: peer_type: wan allow_self_as: false disable_peer_as_check: false + send_community: false + send_ext_community: false + next_hop_self: false + as_override: false ttl: 2 bfd: false admin_state: true as_propagate: none + source_interface_type: l3out-loopback redistribution_route_maps: source: static dhcp_labels: @@ -979,10 +984,15 @@ defaults: peer_type: wan allow_self_as: false disable_peer_as_check: false + send_community: false + send_ext_community: false + next_hop_self: false + as_override: false ttl: 2 bfd: false admin_state: true as_propagate: none + source_interface_type: l3out-loopback nodes: pod: 1 router_id_as_loopback: true diff --git a/modules/terraform-aci-l3out-node-profile/README.md b/modules/terraform-aci-l3out-node-profile/README.md index 42114b9d..9002e21a 100644 --- a/modules/terraform-aci-l3out-node-profile/README.md +++ b/modules/terraform-aci-l3out-node-profile/README.md @@ -104,7 +104,7 @@ module "aci_l3out_node_profile" { | [multipod](#input\_multipod) | Multipod L3out flag. | `bool` | `false` | no | | [remote\_leaf](#input\_remote\_leaf) | Remote leaf L3out flag. | `bool` | `false` | no | | [sr\_mpls](#input\_sr\_mpls) | SR MPLS L3out flag. | `bool` | `false` | no | -| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `sr-mpls`, `wan`, `mdp-wan` or `intersite` | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    as_propagate          = optional(string, "none")
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
  }))
| `[]` | no | +| [bgp\_infra\_peers](#input\_bgp\_infra\_peers) | List of BGP peers for Infra L3out. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `disable_peer_as_check`: false. Default value `bfd`: false. Default value `ttl`: 2. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. Choices `peer_type`: `sr-mpls`, `wan`, `mdp-wan` or `intersite` | 
list(object({
    ip                    = string
    remote_as             = string
    description           = optional(string, "")
    allow_self_as         = optional(bool, false)
    disable_peer_as_check = optional(bool, false)
    as_override           = optional(bool, false)
    next_hop_self         = optional(bool, false)
    send_community        = optional(bool, false)
    send_ext_community    = optional(bool, false)
    password              = optional(string)
    bfd                   = optional(bool, false)
    ttl                   = optional(number, 1)
    admin_state           = optional(bool, true)
    local_as              = optional(number)
    as_propagate          = optional(string, "none")
    peer_prefix_policy    = optional(string)
    peer_type             = optional(string)
    source_interface_type = optional(string, "l3out-loopback")
    data_plane_address    = optional(string, null)
  }))
| `[]` | no | | [mpls\_custom\_qos\_policy](#input\_mpls\_custom\_qos\_policy) | MPLS Customer QoS Policy | `string` | `""` | no | | [bfd\_multihop\_node\_policy](#input\_bfd\_multihop\_node\_policy) | BFD Multihop Node Policy | `string` | `""` | no | | [bgp\_protocol\_profile\_name](#input\_bgp\_protocol\_profile\_name) | BGP Protocol Name. | `string` | `""` | no | diff --git a/modules/terraform-aci-l3out-node-profile/main.tf b/modules/terraform-aci-l3out-node-profile/main.tf index 60b69025..7daf5901 100644 --- a/modules/terraform-aci-l3out-node-profile/main.tf +++ b/modules/terraform-aci-l3out-node-profile/main.tf @@ -235,14 +235,16 @@ resource "aci_rest_managed" "bgpInfraPeerP" { class_name = "bgpInfraPeerP" escape_html = false content = { - addr = each.value.ip - descr = each.value.description - ctrl = join(",", concat(each.value.allow_self_as == true ? ["allow-self-as"] : [], each.value.disable_peer_as_check == true ? ["dis-peer-as-check"] : [], ["send-com"], ["send-ext-com"])) - password = sensitive(each.value.password) - peerCtrl = join(",", concat(each.value.bfd == true ? ["bfd"] : [])) - peerT = each.value.peer_type - ttl = each.value.ttl - adminSt = each.value.admin_state == true ? "enabled" : "disabled" + addr = each.value.ip + descr = each.value.description + ctrl = join(",", concat(each.value.allow_self_as == true ? ["allow-self-as"] : [], each.value.as_override == true ? ["as-override"] : [], each.value.disable_peer_as_check == true ? ["dis-peer-as-check"] : [], each.value.next_hop_self == true ? ["nh-self"] : [], each.value.send_community == true ? ["send-com"] : [], each.value.send_ext_community == true ? ["send-ext-com"] : [])) + password = sensitive(each.value.password) + peerCtrl = join(",", concat(each.value.bfd == true ? ["bfd"] : [])) + peerT = each.value.peer_type + ttl = each.value.ttl + adminSt = each.value.admin_state == true ? "enabled" : "disabled" + srcIfT = each.value.source_interface_type + dataPlaneAddr = each.value.data_plane_address } lifecycle { diff --git a/modules/terraform-aci-l3out-node-profile/variables.tf b/modules/terraform-aci-l3out-node-profile/variables.tf index 7e425b92..5b7da73d 100644 --- a/modules/terraform-aci-l3out-node-profile/variables.tf +++ b/modules/terraform-aci-l3out-node-profile/variables.tf @@ -223,6 +223,10 @@ variable "bgp_infra_peers" { description = optional(string, "") allow_self_as = optional(bool, false) disable_peer_as_check = optional(bool, false) + as_override = optional(bool, false) + next_hop_self = optional(bool, false) + send_community = optional(bool, false) + send_ext_community = optional(bool, false) password = optional(string) bfd = optional(bool, false) ttl = optional(number, 1) @@ -231,6 +235,8 @@ variable "bgp_infra_peers" { as_propagate = optional(string, "none") peer_prefix_policy = optional(string) peer_type = optional(string) + source_interface_type = optional(string, "l3out-loopback") + data_plane_address = optional(string, null) })) default = [] @@ -271,9 +277,21 @@ variable "bgp_infra_peers" { validation { condition = alltrue([ - for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["sr-mpls", "wan", "mdp-wan", "intersite"], b.peer_type), false) + for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["sr-mpls", "wan", "mdp-wan", "vxlan-bgw", "intersite"], b.peer_type), false) ]) - error_message = "`as_propagate`: Allowed value are: `sr-mpls`, `wan`, `mdp-wan` or `intersite`." + error_message = "`peer_type`: Allowed value are: `sr-mpls`, `wan`, `mdp-wan`, 'vxlan-bgw' or `intersite`." + } + validation { + condition = alltrue([ + for b in var.bgp_infra_peers : try(contains(["l3out-loopback", "routable-loopback"], b.source_interface_type), false) + ]) + error_message = "`source_interface_type`: Allowed value are: `l3out-loopback` or `routable-loopback`." + } + validation { + condition = alltrue([ + for b in var.bgp_infra_peers : (b.data_plane_address == null && b.source_interface_type != "routable-loopback") || b.data_plane_address != null + ]) + error_message = "`data_plane_address`: Must be set if `source_interface_type` is `routable-loopback`." } } From db23e2b1810c369b0f64915a870e07234a8da159 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Thu, 2 Oct 2025 09:55:15 +0200 Subject: [PATCH 10/14] added lifecycle limitation for peer_type and source_interface_type --- modules/terraform-aci-l3out-node-profile/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/terraform-aci-l3out-node-profile/main.tf b/modules/terraform-aci-l3out-node-profile/main.tf index 7daf5901..6d4968dd 100644 --- a/modules/terraform-aci-l3out-node-profile/main.tf +++ b/modules/terraform-aci-l3out-node-profile/main.tf @@ -248,7 +248,7 @@ resource "aci_rest_managed" "bgpInfraPeerP" { } lifecycle { - ignore_changes = [content["password"]] + ignore_changes = [content["password"], content["srcIfT"], content["peerT"]] } } From 9a802268231943077c41145a81ed10ef88c81afd Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Thu, 2 Oct 2025 11:15:39 +0200 Subject: [PATCH 11/14] added bgpInfraPeerP peer_prefix_policy support --- aci_tenants.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aci_tenants.tf b/aci_tenants.tf index 67263917..5350ea11 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -1060,6 +1060,7 @@ locals { as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.as_propagate) source_interface_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) == "wan" ? try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.source_interface_type) : null data_plane_address = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) == "wan" && try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.source_interface_type) == "routable-loopback" ? try(peer.data_plane_address, null) : null + peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null) } if tenant.name == "infra"] } ] @@ -1174,6 +1175,7 @@ locals { as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_propagate) source_interface_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) == "wan" ? try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.source_interface_type) : null data_plane_address = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) == "wan" && try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.source_interface_type) == "routable-loopback" ? try(peer.data_plane_address, null) : null + peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null) } if tenant.name == "infra"] } if length(try(l3out.nodes, [])) != 0 ] From 98284e76d8a2ea9b60e1df306f5226c6af4788da Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Thu, 2 Oct 2025 14:45:25 +0200 Subject: [PATCH 12/14] bgpInfraPeerP to be created only if its sr-mpls l3out or infra l3out that isn't sr-mpls or vxlan-bgw peer_type --- aci_tenants.tf | 4 +--- modules/terraform-aci-l3out-node-profile/main.tf | 14 +++++++------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index 5350ea11..0bb5def4 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -1055,7 +1055,6 @@ locals { bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.bfd) password = try(peer.password, null) ttl = try(peer.ttl, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.ttl) - peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.name_suffix}", null) local_as = try(peer.local_as, null) as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.as_propagate) source_interface_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.peer_type) == "wan" ? try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.node_profiles.bgp_infra_peers.source_interface_type) : null @@ -1170,12 +1169,11 @@ locals { bfd = try(peer.bfd, local.defaults.apic.tenants.l3outs.bgp_infra_peers.bfd) password = try(peer.password, null) ttl = try(peer.ttl, local.defaults.apic.tenants.l3outs.bgp_infra_peers.ttl) - peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.l3outs.bgp_infra_peers.name_suffix}", null) local_as = try(peer.local_as, null) as_propagate = try(peer.as_propagate, local.defaults.apic.tenants.l3outs.bgp_infra_peers.as_propagate) source_interface_type = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) == "wan" ? try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.source_interface_type) : null data_plane_address = try(peer.peer_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.peer_type) == "wan" && try(peer.source_interface_type, local.defaults.apic.tenants.l3outs.bgp_infra_peers.source_interface_type) == "routable-loopback" ? try(peer.data_plane_address, null) : null - peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null) + peer_prefix_policy = try("${peer.peer_prefix_policy}${local.defaults.apic.tenants.policies.bgp_peer_prefix_policies.name_suffix}", null) } if tenant.name == "infra"] } if length(try(l3out.nodes, [])) != 0 ] diff --git a/modules/terraform-aci-l3out-node-profile/main.tf b/modules/terraform-aci-l3out-node-profile/main.tf index 6d4968dd..b1235897 100644 --- a/modules/terraform-aci-l3out-node-profile/main.tf +++ b/modules/terraform-aci-l3out-node-profile/main.tf @@ -230,19 +230,19 @@ resource "aci_rest_managed" "bfdRsMhNodePol" { } resource "aci_rest_managed" "bgpInfraPeerP" { - for_each = { for peer in var.bgp_infra_peers : peer.ip => peer } + for_each = { for peer in var.bgp_infra_peers : peer.ip => peer if var.sr_mpls == true || (var.sr_mpls == false && peer.peer_type != "sr-mpls" && peer.peer_type != "vxlan-bgw") } dn = "${aci_rest_managed.l3extLNodeP.dn}/infraPeerP-[${each.value.ip}]" class_name = "bgpInfraPeerP" escape_html = false content = { addr = each.value.ip descr = each.value.description - ctrl = join(",", concat(each.value.allow_self_as == true ? ["allow-self-as"] : [], each.value.as_override == true ? ["as-override"] : [], each.value.disable_peer_as_check == true ? ["dis-peer-as-check"] : [], each.value.next_hop_self == true ? ["nh-self"] : [], each.value.send_community == true ? ["send-com"] : [], each.value.send_ext_community == true ? ["send-ext-com"] : [])) - password = sensitive(each.value.password) + ctrl = join(",", concat(each.value.allow_self_as && each.value.peer_type != "intersite" == true ? ["allow-self-as"] : [], each.value.as_override && each.value.peer_type != "intersite" == true ? ["as-override"] : [], each.value.disable_peer_as_check && each.value.peer_type != "intersite" == true ? ["dis-peer-as-check"] : [], each.value.next_hop_self && each.value.peer_type != "intersite" == true ? ["nh-self"] : [], each.value.send_community == true ? ["send-com"] : [], each.value.send_ext_community == true ? ["send-ext-com"] : [])) + password = each.value.peer_type != "intersite" ? sensitive(each.value.password) : "" peerCtrl = join(",", concat(each.value.bfd == true ? ["bfd"] : [])) peerT = each.value.peer_type ttl = each.value.ttl - adminSt = each.value.admin_state == true ? "enabled" : "disabled" + adminSt = each.value.admin_state == true || each.value.peer_type == "intersite" ? "enabled" : "disabled" srcIfT = each.value.source_interface_type dataPlaneAddr = each.value.data_plane_address } @@ -253,7 +253,7 @@ resource "aci_rest_managed" "bgpInfraPeerP" { } resource "aci_rest_managed" "bgpAsP-bgpInfraPeerP" { - for_each = { for peer in var.bgp_infra_peers : peer.ip => peer } + for_each = { for peer in var.bgp_infra_peers : peer.ip => peer if var.sr_mpls || (var.sr_mpls == false && peer.peer_type != "sr-mpls" && peer.peer_type != "vxlan-bgw") } dn = "${aci_rest_managed.bgpInfraPeerP[each.key].dn}/as" class_name = "bgpAsP" content = { @@ -262,7 +262,7 @@ resource "aci_rest_managed" "bgpAsP-bgpInfraPeerP" { } resource "aci_rest_managed" "bgpLocalAsnP-bgpInfraPeerP" { - for_each = { for peer in var.bgp_infra_peers : peer.ip => peer if peer.local_as != null } + for_each = { for peer in var.bgp_infra_peers : peer.ip => peer if(var.sr_mpls || (var.sr_mpls == false && peer.peer_type != "sr-mpls" && peer.peer_type != "vxlan-bgw")) && peer.local_as != null } dn = "${aci_rest_managed.bgpInfraPeerP[each.key].dn}/localasn" class_name = "bgpLocalAsnP" content = { @@ -272,7 +272,7 @@ resource "aci_rest_managed" "bgpLocalAsnP-bgpInfraPeerP" { } resource "aci_rest_managed" "bgpRsPeerPfxPol-bgpInfraPeerP" { - for_each = { for peer in var.bgp_infra_peers : peer.ip => peer if peer.peer_prefix_policy != null } + for_each = { for peer in var.bgp_infra_peers : peer.ip => peer if(var.sr_mpls || (var.sr_mpls == false && peer.peer_type != "sr-mpls" && peer.peer_type != "vxlan-bgw")) && peer.peer_prefix_policy != null } dn = "${aci_rest_managed.bgpInfraPeerP[each.key].dn}/rspeerPfxPol" class_name = "bgpRsPeerPfxPol" content = { From e32d431bacc43393ebb78e6eb205dcc4c8a7fd38 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Mon, 6 Oct 2025 15:15:09 +0200 Subject: [PATCH 13/14] bgp_infra_peers remove intersite option --- .../terraform-aci-l3out-node-profile/README.md | 1 - modules/terraform-aci-l3out-node-profile/main.tf | 15 +++------------ .../terraform-aci-l3out-node-profile/variables.tf | 4 ++-- 3 files changed, 5 insertions(+), 15 deletions(-) diff --git a/modules/terraform-aci-l3out-node-profile/README.md b/modules/terraform-aci-l3out-node-profile/README.md index 9002e21a..7e14a4ae 100644 --- a/modules/terraform-aci-l3out-node-profile/README.md +++ b/modules/terraform-aci-l3out-node-profile/README.md @@ -143,7 +143,6 @@ module "aci_l3out_node_profile" { | [aci_rest_managed.ipRsNexthopRouteTrack](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.ipRsRouteTrack](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extInfraNodeP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | -| [aci_rest_managed.l3extIntersiteLoopBackIfP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extLNodeP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extLoopBackIfP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extRsLNodePMplsCustQosPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | diff --git a/modules/terraform-aci-l3out-node-profile/main.tf b/modules/terraform-aci-l3out-node-profile/main.tf index b1235897..d30691c2 100644 --- a/modules/terraform-aci-l3out-node-profile/main.tf +++ b/modules/terraform-aci-l3out-node-profile/main.tf @@ -72,15 +72,6 @@ resource "aci_rest_managed" "l3extLoopBackIfP" { } } -resource "aci_rest_managed" "l3extIntersiteLoopBackIfP" { - for_each = { for node in var.nodes : node.node_id => node if var.tenant == "infra" && node.intersite_loopback != null } - dn = "${aci_rest_managed.l3extRsNodeL3OutAtt[each.key].dn}/sitelbp-[${each.value.intersite_loopback}]" - class_name = "l3extIntersiteLoopBackIfP" - content = { - addr = each.value.intersite_loopback - } -} - resource "aci_rest_managed" "ipRouteP" { for_each = { for item in local.static_routes : item.key => item.value } dn = "${aci_rest_managed.l3extRsNodeL3OutAtt[each.value.node].dn}/rt-[${each.value.prefix}]" @@ -237,12 +228,12 @@ resource "aci_rest_managed" "bgpInfraPeerP" { content = { addr = each.value.ip descr = each.value.description - ctrl = join(",", concat(each.value.allow_self_as && each.value.peer_type != "intersite" == true ? ["allow-self-as"] : [], each.value.as_override && each.value.peer_type != "intersite" == true ? ["as-override"] : [], each.value.disable_peer_as_check && each.value.peer_type != "intersite" == true ? ["dis-peer-as-check"] : [], each.value.next_hop_self && each.value.peer_type != "intersite" == true ? ["nh-self"] : [], each.value.send_community == true ? ["send-com"] : [], each.value.send_ext_community == true ? ["send-ext-com"] : [])) - password = each.value.peer_type != "intersite" ? sensitive(each.value.password) : "" + ctrl = join(",", concat(each.value.allow_self_as == true ? ["allow-self-as"] : [], each.value.as_override == true ? ["as-override"] : [], each.value.disable_peer_as_check == true ? ["dis-peer-as-check"] : [], each.value.next_hop_self == true ? ["nh-self"] : [], each.value.send_community == true ? ["send-com"] : [], each.value.send_ext_community == true ? ["send-ext-com"] : [])) + password = sensitive(each.value.password) peerCtrl = join(",", concat(each.value.bfd == true ? ["bfd"] : [])) peerT = each.value.peer_type ttl = each.value.ttl - adminSt = each.value.admin_state == true || each.value.peer_type == "intersite" ? "enabled" : "disabled" + adminSt = each.value.admin_state == true ? "enabled" : "disabled" srcIfT = each.value.source_interface_type dataPlaneAddr = each.value.data_plane_address } diff --git a/modules/terraform-aci-l3out-node-profile/variables.tf b/modules/terraform-aci-l3out-node-profile/variables.tf index 5b7da73d..f1bc19dd 100644 --- a/modules/terraform-aci-l3out-node-profile/variables.tf +++ b/modules/terraform-aci-l3out-node-profile/variables.tf @@ -277,9 +277,9 @@ variable "bgp_infra_peers" { validation { condition = alltrue([ - for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["sr-mpls", "wan", "mdp-wan", "vxlan-bgw", "intersite"], b.peer_type), false) + for b in var.bgp_infra_peers : b.peer_type == null || try(contains(["sr-mpls", "wan", "mdp-wan", "vxlan-bgw"], b.peer_type), false) ]) - error_message = "`peer_type`: Allowed value are: `sr-mpls`, `wan`, `mdp-wan`, 'vxlan-bgw' or `intersite`." + error_message = "`peer_type`: Allowed value are: `sr-mpls`, `wan`, `mdp-wan` or 'vxlan-bgw'." } validation { condition = alltrue([ From 10f7c68d9d6c8bbbac82e413cbd71b4525674b79 Mon Sep 17 00:00:00 2001 From: Oskar Gorczowski Date: Tue, 7 Oct 2025 11:05:21 +0200 Subject: [PATCH 14/14] remove intersite_loopback from PR --- aci_tenants.tf | 2 -- modules/terraform-aci-l3out-node-profile/README.md | 2 +- modules/terraform-aci-l3out-node-profile/variables.tf | 1 - 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index 0bb5def4..7e05e339 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -995,7 +995,6 @@ locals { router_id = node.router_id router_id_as_loopback = try(node.router_id_as_loopback, local.defaults.apic.tenants.l3outs.node_profiles.nodes.router_id_as_loopback) loopbacks = try(node.loopbacks, []) - intersite_loopback = l3out.vrf == "overlay-1" ? try(node.intersite_loopback, null) : null static_routes = [for sr in try(node.static_routes, []) : { description = try(sr.description, "") prefix = sr.prefix @@ -1109,7 +1108,6 @@ locals { router_id = node.router_id router_id_as_loopback = try(node.router_id_as_loopback, local.defaults.apic.tenants.l3outs.nodes.router_id_as_loopback) loopbacks = try(node.loopbacks, []) - intersite_loopback = l3out.vrf == "overlay-1" ? try(node.intersite_loopback, null) : null static_routes = [for sr in try(node.static_routes, []) : { description = try(sr.description, "") prefix = sr.prefix diff --git a/modules/terraform-aci-l3out-node-profile/README.md b/modules/terraform-aci-l3out-node-profile/README.md index 7e14a4ae..05399cea 100644 --- a/modules/terraform-aci-l3out-node-profile/README.md +++ b/modules/terraform-aci-l3out-node-profile/README.md @@ -99,7 +99,7 @@ module "aci_l3out_node_profile" { | [tenant](#input\_tenant) | Tenant name. | `string` | n/a | yes | | [l3out](#input\_l3out) | L3out name. | `string` | n/a | yes | | [name](#input\_name) | Node profile name. | `string` | n/a | yes | -| [nodes](#input\_nodes) | List of nodes. Allowed values `node_id`: 1-4000. Allowed values `pod_id`: 1-255. Default value `pod_id`: 1. Default value `router_id_as_loopback`: true. Allowed values `static_routes.preference`: 1-255. Default value `static_routes.preference`: 1. Default value `static_routes.bfd`: false. Allowed values `static_routes.next_hops.preference`: 0-255. Default value `static_routes.next_hops.preference`: 1. Choices `type`: `prefix`, `none`. Default value `type`: `prefix`. | 
list(object({
    node_id                 = number
    pod_id                  = optional(number, 1)
    router_id               = string
    router_id_as_loopback   = optional(bool, true)
    loopbacks               = optional(list(string))
    intersite_loopback      = optional(string)
    mpls_transport_loopback = optional(string)
    segment_id              = optional(number)
    static_routes = optional(list(object({
      prefix      = string
      description = optional(string, "")
      preference  = optional(number, 1)
      bfd         = optional(bool, false)
      track_list  = optional(string)
      next_hops = optional(list(object({
        ip            = string
        description   = optional(string, "")
        preference    = optional(number, 1)
        type          = optional(string, "prefix")
        ip_sla_policy = optional(string)
        track_list    = optional(string)
      })), [])
    })), [])
  }))
| `[]` | no | +| [nodes](#input\_nodes) | List of nodes. Allowed values `node_id`: 1-4000. Allowed values `pod_id`: 1-255. Default value `pod_id`: 1. Default value `router_id_as_loopback`: true. Allowed values `static_routes.preference`: 1-255. Default value `static_routes.preference`: 1. Default value `static_routes.bfd`: false. Allowed values `static_routes.next_hops.preference`: 0-255. Default value `static_routes.next_hops.preference`: 1. Choices `type`: `prefix`, `none`. Default value `type`: `prefix`. | 
list(object({
    node_id                 = number
    pod_id                  = optional(number, 1)
    router_id               = string
    router_id_as_loopback   = optional(bool, true)
    loopbacks               = optional(list(string))
    mpls_transport_loopback = optional(string)
    segment_id              = optional(number)
    static_routes = optional(list(object({
      prefix      = string
      description = optional(string, "")
      preference  = optional(number, 1)
      bfd         = optional(bool, false)
      track_list  = optional(string)
      next_hops = optional(list(object({
        ip            = string
        description   = optional(string, "")
        preference    = optional(number, 1)
        type          = optional(string, "prefix")
        ip_sla_policy = optional(string)
        track_list    = optional(string)
      })), [])
    })), [])
  }))
| `[]` | no | | [bgp\_peers](#input\_bgp\_peers) | List of BGP peers. Allowed values `remote_as`: 0-4294967295. Default value `allow_self_as`: false. Default value `as_override`: false. Default value `disable_peer_as_check`: false. Default value `next_hop_self`: false. Default value `send_community`: false. Default value `send_ext_community`: false. Allowed values `allowed_self_as_count`: 1-10. Default value `allowed_self_as_count`: 3. Default value `bfd`: false. Default value `disable_connected_check`: false. Allowed values `ttl`: 1-255. Default value `ttl`: 1. Allowed values `weight`: 0-65535. Default value `weight`: 0. Default value `remove_all_private_as`: false. Default value `remove_private_as`: false. Default value `replace_private_as_with_local_as`: false. Default value `unicast_address_family`: true. Default value `multicast_address_family`: true. Default value `admin_state`: true. Allowed values `local_as`: 0-4294967295. Choices `as_propagate`: `none`, `no-prepend`, `replace-as`, `dual-as`. Default value `as_propagate`: `none`. | 
list(object({
    ip                               = string
    remote_as                        = string
    description                      = optional(string, "")
    allow_self_as                    = optional(bool, false)
    as_override                      = optional(bool, false)
    disable_peer_as_check            = optional(bool, false)
    next_hop_self                    = optional(bool, false)
    send_community                   = optional(bool, false)
    send_ext_community               = optional(bool, false)
    password                         = optional(string)
    allowed_self_as_count            = optional(number, 3)
    bfd                              = optional(bool, false)
    disable_connected_check          = optional(bool, false)
    ttl                              = optional(number, 1)
    weight                           = optional(number, 0)
    remove_all_private_as            = optional(bool, false)
    remove_private_as                = optional(bool, false)
    replace_private_as_with_local_as = optional(bool, false)
    unicast_address_family           = optional(bool, true)
    multicast_address_family         = optional(bool, true)
    admin_state                      = optional(bool, true)
    local_as                         = optional(number)
    as_propagate                     = optional(string, "none")
    peer_prefix_policy               = optional(string)
    export_route_control             = optional(string)
    import_route_control             = optional(string)
  }))
| `[]` | no | | [multipod](#input\_multipod) | Multipod L3out flag. | `bool` | `false` | no | | [remote\_leaf](#input\_remote\_leaf) | Remote leaf L3out flag. | `bool` | `false` | no | diff --git a/modules/terraform-aci-l3out-node-profile/variables.tf b/modules/terraform-aci-l3out-node-profile/variables.tf index f1bc19dd..bcecdf52 100644 --- a/modules/terraform-aci-l3out-node-profile/variables.tf +++ b/modules/terraform-aci-l3out-node-profile/variables.tf @@ -36,7 +36,6 @@ variable "nodes" { router_id = string router_id_as_loopback = optional(bool, true) loopbacks = optional(list(string)) - intersite_loopback = optional(string) mpls_transport_loopback = optional(string) segment_id = optional(number) static_routes = optional(list(object({