Quality | Security |
---|---|
Project to automatically deploy L3VPN in a multivendor environment, with the ability to send notifications to WebexTeams through a Bot. Plataforms iosxr
, ios
, huawei_vrp
, junos
Python 3.8+ or higher, Nornir 3.3.0 and Napalm 4.1.0 and WebexTeamsBot.
There is only one version that has been tested and validated in an emulated environment (EVE-NG with a multivendor ISP topology).
Currently, the project has the ability to send notifications to WebexTeams once a registered command has been completed.
The idempotence of the system will depend on the 'dry run' manually sent by the user. The user will handle the Napalm system for commits.
This complete procedure is available for Huawei
, Cisco IOS XE
, and Junos
.
If we remember, Cisco IOS XR
currently does not have a Napalm Commit Confirm
process in its system. However, CiberC has created a process to provide partial DIFF support and allow for partial idempotence support with Commit Confirm
, based on dry run
.
https://napalm.readthedocs.io/en/latest/support/index.html#configuration-support-matrix
Huawei
, Cisco IOS XE
, Junos
Cisco IOS XR
Service providers who wish to implement L3VPN services in an automated way, with support for multi-vendor environments, can generate a standard model for service deployment using this tool. Additionally, this tool is useful for companies that already have this service and require automated configuration for multiple devices, saving time in implementation and validation. An important process in this platform is the notification system in Webex Teams.
python3 -m pip install ciberc-l3vpn-notify
git clone https://github.com/dev-ciberc/ciberc_l3vpn_notify.git
cd ciberc_l3vpn_notify
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install -r requirements.txt
bash build.sh
export WEBEX_ACCESS_TOKEN=xxxxxxx
export LIST_USER_NOTIFY=xxxxxxx
WEBEX_ACCESS_TOKEN
: Token generated when registering a Bot in WebexTeams Cisco.
LIST_USER_NOTIFY
: Each email will be separated by ,
For the correct configuration of the inventory, we rely on two Nornir files, specifically hosts.yaml
and defaults.yaml
, which will be located in the root directory where the CLI program will be executed.
Example of the only variables needed for the L3VPN configuration for each file
defaults.yaml
---
data:
local_bgp_as: "64512"
vpn_name: "VPN-A"
vpn_rd: "64512:65512"
vpn_rt: "64512:65512"
neighbor_remote_as: "65512"
hosts.yaml
---
REFLECTOR:
hostname: 192.168.10.77
port: 22
username: user1
password: passexample1
platform: ios
data:
-
PE1:
hostname: 192.168.10.11
port: 22
username: user1
password: passexample1
platform: iosxr
data:
vpn_int_ip: "192.168.10.2"
vpn_int_mask: "/30"
interface_connect_CE: "GigabitEthernet0/0/0/0"
vpn_bpg_ce_neighbor_ip: "192.168.10.1"
PE4:
hostname: 192.168.10.44
port: 22
username: user1
password: passexample1
platform: ios
data:
vpn_int_ip: "192.168.40.2"
vpn_int_mask: "255.255.255.252"
interface_connect_CE: "GigabitEthernet2"
vpn_bpg_ce_neighbor_ip: "192.168.40.1"
PE5:
hostname: 192.168.10.55
port: 22
username: user1
password: passexample1
platform: junos
data:
vpn_int_ip: "192.168.50.2"
vpn_int_mask: "/30"
interface_connect_CE: "em1"
vpn_bpg_ce_neighbor_ip: "192.168.50.1"
PE6:
hostname: 192.168.10.66
port: 22
username: user2
password: passexample2
platform: huawei_vrp
data:
vpn_int_ip: "192.168.60.2"
vpn_int_mask: "255.255.255.252"
interface_connect_CE: "Ethernet1/0/2"
vpn_bpg_ce_neighbor_ip: "192.168.60.1"
iosxr
ios
huawei_vrp
junos
This command configures L3VPN for one or all devices.
Example for specific devices:
ciberc-l3vpn configure --device=PE1
(.venv) ➜ ciberc_l3vpn_notify git:(main) ✗ ciberc-l3vpn configure --device=PE1
Configuring L3VPN
---- PE1: Diff, =>PARTIAL support<= for IOS-XR ** changed : False -------------- INFO
+ 64512:65512
+ 64512:65512
+ ipv4 address 192.168.10.2/30
+ no shutdown
+ router bgp 64512
+ address-family vpnv4 unicast
+ vrf VPN-A
+ rd 64512:65512
+ address-family ipv4 unicast
+ !
+ neighbor 192.168.10.1
+ remote-as 65512
+ address-family ipv4 unicast
+ route-policy Policy-PASS in
+ route-policy Policy-PASS out
+ as-override
+ commit
+ !
+ !
+ !
Example for all devices all
:
ciberc-l3vpn configure --device=all
ciberc-l3vpn rollback --device=PE1,PE2
(.venv) ➜ ciberc_l3vpn_notify git:(main) ciberc-l3vpn rollback --device=PE1
Configuring L3VPN
2it [00:11, 5.57s/it]
The reflector will show us which devices are being announced and which are not, validating which devices have been configured correctly.
ciberc-l3vpn reflector
Reflector L3VPN
---- REFLECTOR: _report_bgp_neighbors ** changed : False ----------------------- INFO
[ ('1.1.1.1', '4', '64512', '47186', '52292', '1010', '0', '0', '4w4d', '4'),
('2.2.2.2', '4', '64512', '47235', '52533', '1010', '0', '0', '4w4d', '0'),
('3.3.3.3', '4', '64512', '47177', '52249', '1010', '0', '0', '4w4d', '4'),
('4.4.4.4', '4', '64512', '45754', '46067', '1010', '0', '0', '4w0d', '5'),
('5.5.5.5', '4', '64512', '86221', '84691', '1010', '0', '0', '3w5d', '4'),
('6.6.6.6', '4', '64512', '35473', '34121', '1010', '0', '0', '3w0d', '4')]
├── ciberc_l3vpn_notify
│ ├── configure.py
│ ├── core.py
│ ├── __init__.py
│ ├── main.py
│ ├── notify.py
│ ├── reflector.py
│ ├── rollback.py
│ └── templates
│ ├── config-templates
│ │ ├── huawei_vrp.j2
│ │ ├── ios.j2
│ │ ├── iosxr.j2
│ │ └── junos.j2
│ └── rollback-templates
│ ├── huawei_vrp.j2
│ ├── ios.j2
│ ├── iosxr.j2
│ └── junos.j2
To configure these variables, you would need to modify the values in the defaults.yaml
and hosts.yaml
files.
In defaults.yaml
, you can change the values of the following variables:
local_bgp_as
: This is the local BGP AS number.vpn_name
: This is the name of the VPN.vpn_rd
: This is the VPN Route Distinguisher.vpn_rt
: This is the VPN Route Target.neighbor_remote_as
: This is the remote BGP AS number.
In hosts.yaml
, you can change the values of the following variables for each host:
hostname
: This is the IP address or hostname of the device.port
: This is the SSH port number.username
: This is the SSH username.password
: This is the SSH password.platform
: This is the platform of the device.vpn_int_ip
: This is the IP address of the VPN interface.vpn_int_mask
: This is the subnet mask of the VPN interface.interface_connect_CE
: This is the interface that connects to the CE device.vpn_bpg_ce_neighbor_ip
: This is the IP address of the BGP neighbor on the CE device.
After modifying these variables, you can use the tool to deploy the L3VPN service with the updated configuration.
defaults.yaml
data:
local_bgp_as: "64512"
vpn_name: "VPN-A"
vpn_rd: "64512:65512"
vpn_rt: "64512:65512"
neighbor_remote_as: "65512"
hosts.yaml
PE8:
hostname: 192.168.10.88
port: 22
username: user2
password: passexample2
platform: huawei_vrp
data:
vpn_int_ip: "192.168.60.2"
vpn_int_mask: "255.255.255.252"
interface_connect_CE: "Ethernet1/0/2"
vpn_bpg_ce_neighbor_ip: "192.168.60.1"
you can check the configuration in the devices in the generated report.
This command has the ability to view the route reflector, it will display a report of the devices, and will also send a report notification WebexTeams
.
ciberc-l3vpn reflector
If you have questions, concerns, bug reports, etc., please create an issue against this repository, or send me an email to: [email protected]