Skip to content

Add support for static routes pointing to Null0 #332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add support for static routes pointing to Null0 #332

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
95448c9
Add support for static routes pointing to Null0
jmiguelhp Nov 5, 2025
720bff1
Move the logic from module to 'tenants.tf'
jmiguelhp Nov 13, 2025
9f4e60e
Add back the BGP peer in the example.
jmiguelhp Nov 13, 2025
f7ec969
Format corrected
jmiguelhp Nov 14, 2025
6884582
pre-commit run
jmiguelhp Nov 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion modules/terraform-aci-l3out-node-profile/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ locals {
next_hops = flatten([
for node in var.nodes : [
for sr in coalesce(node.static_routes, []) : [
for nh in coalesce(sr.next_hops, []) : {
for nh in length(coalesce(sr.next_hops, [])) > 0 ? coalesce(sr.next_hops, []) : [{ ip = "0.0.0.0/0", type = "none", description = null, preference = 0, ip_sla_policy = null, track_list = null }] : {
Copy link
Contributor

@juchowan juchowan Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

im pretty sure this will not work because it doesnt have a key so resource should fail
could we maybe move this logic to aci_tenants.tf and pass the values there?

Copy link
Contributor Author

@jmiguelhp jmiguelhp Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was tested using static routes and they were pushed properly into APIC because key are defined using 0.0.0.0/0 as next hop.

Data model:

apic:
  tenants:
    - name: ABC
      l3outs:
        - name: L3OUT1
          vrf: VRF1
          domain: ROUTED1
          nodes:
            - node_id: 1001
              router_id: 5.5.5.5
              static_routes:
                - prefix: 2.2.2.0/24
                  next_hops:
                    - ip: 6.6.6.6
                - prefix: 1.1.1.1/32
                - prefix: 1.1.1.2/32

Terraform plan:

Terraform will perform the following actions:

  # module.aci.module.aci_l3out_node_profile_auto["ABC/L3OUT1"].aci_rest_managed.ipNexthopP["1001/1.1.1.1/32/0.0.0.0/0"] will be created
  + resource "aci_rest_managed" "ipNexthopP" {
      + annotation  = "orchestrator:terraform"
      + class_name  = "ipNexthopP"
      + content     = {
          + "descr"  = null
          + "nhAddr" = "0.0.0.0/0"
          + "pref"   = "unspecified"
          + "type"   = "none"
        }
      + dn          = "uni/tn-ABC/out-L3OUT1/lnodep-L3OUT1/rsnodeL3OutAtt-[topology/pod-1/node-1001]/rt-[1.1.1.1/32]/nh-[0.0.0.0/0]"
      + escape_html = true
      + id          = (known after apply)
    }

  # module.aci.module.aci_l3out_node_profile_auto["ABC/L3OUT1"].aci_rest_managed.ipNexthopP["1001/1.1.1.2/32/0.0.0.0/0"] will be created
  + resource "aci_rest_managed" "ipNexthopP" {
      + annotation  = "orchestrator:terraform"
      + class_name  = "ipNexthopP"
      + content     = {
          + "descr"  = null
          + "nhAddr" = "0.0.0.0/0"
          + "pref"   = "unspecified"
          + "type"   = "none"
        }
      + dn          = "uni/tn-ABC/out-L3OUT1/lnodep-L3OUT1/rsnodeL3OutAtt-[topology/pod-1/node-1001]/rt-[1.1.1.2/32]/nh-[0.0.0.0/0]"
      + escape_html = true
      + id          = (known after apply)
    }

Terraform apply:

Screenshot 2025-11-06 at 5 18 57 p m

Please note 0.0.0.0/0 as next hop cannot be set manually, so this creates a unique key for routes without next hop defined.

Screenshot 2025-11-06 at 5 20 33 p m

Copy link
Contributor

@ogorczow ogorczow Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code from PR works and key value will be set up correctly:

    for node in var.nodes : [
      for sr in coalesce(node.static_routes, []) : [
        for nh in length(coalesce(sr.next_hops, [])) > 0 ? coalesce(sr.next_hops, []) : [{ ip = "0.0.0.0/0", type = "none", description = null, preference = 0, ip_sla_policy = null, track_list = null }] : {
          key = "${node.node_id}/${sr.prefix}/${nh.ip}"

we get key based on node, static route and IP. we add missing IP in "new code".
However, I am not a big fan of adding config to an resource in main.tf. Cannot we manage it on locals level just with 0.0.0.0/0 as default value in next_hops loop?

Copy link
Contributor

@juchowan juchowan Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, i looked in the wrong line, however still i don't like having this in the module, where we can pass this data more safely from tenants.tf file

Copy link
Contributor Author

@jmiguelhp jmiguelhp Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider that this special 0.0.0.0/0 next hop does NOT use the default values set in default file. Putting this in tenant.tf will require not only the attribute value definitions, but also conditionals to check if next_hop is 0.0.0.0/0 so that default values are not applied but hard coded.

Please confirm your preference to this approach.

Copy link
Contributor

@juchowan juchowan Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make a conditional in tenants.tf to check if next hop exists, if it does pass the old code with default values, if it doesnt exist, pass these hardcoded values
to reiterate - do not do that in the main.tf

key = "${node.node_id}/${sr.prefix}/${nh.ip}"
value = {
static_route = "${node.node_id}/${sr.prefix}"
Expand Down