From 77df7e847804486e12708ec80176ba068adc1207 Mon Sep 17 00:00:00 2001 From: mwiebe Date: Fri, 27 Mar 2026 12:12:19 -0400 Subject: [PATCH 1/4] Fabric modules for ibgp,ebgp,external fabrics --- .../endpoints/v1/manage/manage_fabrics.py | 525 +++++++ .../models/manage_fabric/enums.py | 251 +++ .../manage_fabric/manage_fabric_ebgp.py | 838 ++++++++++ .../manage_fabric/manage_fabric_external.py | 833 ++++++++++ .../manage_fabric/manage_fabric_ibgp.py | 1317 ++++++++++++++++ .../orchestrators/manage_fabric_ebgp.py | 46 + .../orchestrators/manage_fabric_external.py | 46 + .../orchestrators/manage_fabric_ibgp.py | 47 + plugins/modules/nd_manage_fabric_ebgp.py | 1179 ++++++++++++++ plugins/modules/nd_manage_fabric_external.py | 524 +++++++ plugins/modules/nd_manage_fabric_ibgp.py | 1393 +++++++++++++++++ .../nd_manage_fabric/tasks/fabric_ebgp.yaml | 1209 ++++++++++++++ .../tasks/fabric_external.yaml | 700 +++++++++ .../nd_manage_fabric/tasks/fabric_ibgp.yaml | 1172 ++++++++++++++ .../targets/nd_manage_fabric/tasks/main.yaml | 9 + .../targets/nd_manage_fabric/vars/main.yaml | 209 +++ 16 files changed, 10298 insertions(+) create mode 100644 plugins/module_utils/endpoints/v1/manage/manage_fabrics.py create mode 100644 plugins/module_utils/models/manage_fabric/enums.py create mode 100644 plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py create mode 100644 plugins/module_utils/models/manage_fabric/manage_fabric_external.py create mode 100644 plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py create mode 100644 plugins/module_utils/orchestrators/manage_fabric_ebgp.py create mode 100644 plugins/module_utils/orchestrators/manage_fabric_external.py create mode 100644 plugins/module_utils/orchestrators/manage_fabric_ibgp.py create mode 100644 plugins/modules/nd_manage_fabric_ebgp.py create mode 100644 plugins/modules/nd_manage_fabric_external.py create mode 100644 plugins/modules/nd_manage_fabric_ibgp.py create mode 100644 tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml create mode 100644 tests/integration/targets/nd_manage_fabric/tasks/fabric_external.yaml create mode 100644 tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml create mode 100644 tests/integration/targets/nd_manage_fabric/tasks/main.yaml create mode 100644 tests/integration/targets/nd_manage_fabric/vars/main.yaml diff --git a/plugins/module_utils/endpoints/v1/manage/manage_fabrics.py b/plugins/module_utils/endpoints/v1/manage/manage_fabrics.py new file mode 100644 index 00000000..5cb08213 --- /dev/null +++ b/plugins/module_utils/endpoints/v1/manage/manage_fabrics.py @@ -0,0 +1,525 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +ND Manage Fabrics endpoint models. + +This module contains endpoint definitions for fabric-related operations +in the ND Manage API. + +## Endpoints + +- `EpApiV1ManageFabricsGet` - Get a specific fabric by name + (GET /api/v1/manage/fabrics/{fabric_name}) +- `EpApiV1ManageFabricsListGet` - List all fabrics with optional filtering + (GET /api/v1/manage/fabrics) +- `EpApiV1ManageFabricsPost` - Create a new fabric + (POST /api/v1/manage/fabrics) +- `EpApiV1ManageFabricsPut` - Update a specific fabric + (PUT /api/v1/manage/fabrics/{fabric_name}) +- `EpApiV1ManageFabricsDelete` - Delete a specific fabric + (DELETE /api/v1/manage/fabrics/{fabric_name}) +- `EpApiV1ManageFabricsSummaryGet` - Get summary for a specific fabric + (GET /api/v1/manage/fabrics/{fabric_name}/summary) +""" + +from __future__ import absolute_import, annotations, division, print_function + +# from plugins.module_utils.endpoints.base import NDBaseEndpoint + +# pylint: disable=invalid-name +__metaclass__ = type +# pylint: enable=inFinal, valid-name + +from typing import ClassVar, Literal, Optional, Final + +from ansible_collections.cisco.nd.plugins.module_utils.enums import HttpVerbEnum +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.base_path import BasePath +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.mixins import FabricNameMixin +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.base import NDEndpointBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.query_params import EndpointQueryParams +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import BaseModel, ConfigDict, Field +from ansible_collections.cisco.nd.plugins.module_utils.types import IdentifierKey + + +class FabricsEndpointParams(EndpointQueryParams): + """ + # Summary + + Endpoint-specific query parameters for the fabrics endpoint. + + ## Parameters + + - cluster_name: Name of the target Nexus Dashboard cluster to execute this API, + in a multi-cluster deployment (optional) + + ## Usage + + ```python + params = FabricsEndpointParams(cluster_name="cluster1") + query_string = params.to_query_string() + # Returns: "clusterName=cluster1" + ``` + """ + + cluster_name: Optional[str] = Field( + default=None, + min_length=1, + description="Name of the target Nexus Dashboard cluster to execute this API, in a multi-cluster deployment", + ) + + +class _EpManageFabricsBase(FabricNameMixin, NDEndpointBaseModel): + """ + Base class for ND Manage Fabrics endpoints. + + Provides common functionality for all HTTP methods on the + /api/v1/manage/fabrics endpoint. + + Subclasses may override: + - ``_require_fabric_name``: set to ``False`` for collection-level endpoints + (list, create) that do not include a fabric name in the path. + - ``_path_suffix``: set to a non-empty string to append an extra segment + after the fabric name (e.g. ``"summary"``). Only used when + ``_require_fabric_name`` is ``True``. + """ + + _require_fabric_name: ClassVar[bool] = True + _path_suffix: ClassVar[Optional[str]] = None + + endpoint_params: EndpointQueryParams = Field( + default_factory=EndpointQueryParams, description="Endpoint-specific query parameters" + ) + + def set_identifiers(self, identifier: IdentifierKey = None): + self.fabric_name = identifier + + @property + def path(self) -> str: + """ + # Summary + + Build the endpoint path with optional fabric name, path suffix, and + query string. + + ## Returns + + - Complete endpoint path string + + ## Raises + + - `ValueError` if `fabric_name` is required but not set + """ + if self._require_fabric_name and self.fabric_name is None: + raise ValueError( + f"{type(self).__name__}.path: fabric_name must be set before accessing path." + ) + segments = ["fabrics"] + if self.fabric_name is not None: + segments.append(self.fabric_name) + if self._path_suffix: + segments.append(self._path_suffix) + base_path = BasePath.path(*segments) + query_string = self.endpoint_params.to_query_string() + if query_string: + return f"{base_path}?{query_string}" + return base_path + +class EpManageFabricsGet(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics GET Endpoint + + ## Description + + Endpoint to retrieve details for a specific named fabric from the ND Manage service. + The fabric name is a required path parameter. Optionally filter by cluster name + using the clusterName query parameter in multi-cluster deployments. + + ## Path + + - /api/v1/manage/fabrics/{fabric_name} + - /api/v1/manage/fabrics/{fabric_name}?clusterName=cluster1 + + ## Verb + + - GET + + ## Raises + + - `ValueError` if `fabric_name` is not set when accessing `path` + + ## Usage + + ```python + # Get details for a specific fabric + request = EpApiV1ManageFabricsGet() + request.fabric_name = "my-fabric" + path = request.path + verb = request.verb + # Path will be: /api/v1/manage/fabrics/my-fabric + + # Get fabric details targeting a specific cluster in a multi-cluster deployment + request = EpApiV1ManageFabricsGet() + request.fabric_name = "my-fabric" + request.endpoint_params.cluster_name = "cluster1" + path = request.path + verb = request.verb + # Path will be: /api/v1/manage/fabrics/my-fabric?clusterName=cluster1 + ``` + """ + + class_name: Literal["EpApiV1ManageFabricsGet"] = Field( + default="EpApiV1ManageFabricsGet", description="Class name for backward compatibility" + ) + + endpoint_params: FabricsEndpointParams = Field( + default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters" + ) + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.GET + + +class FabricsListEndpointParams(EndpointQueryParams): + """ + # Summary + + Query parameters for the ``GET /api/v1/manage/fabrics`` list endpoint. + + ## Parameters + + - cluster_name: Name of the target Nexus Dashboard cluster (multi-cluster deployments) + - category: Filter by fabric category (``"fabric"`` or ``"fabricGroup"``) + - filter: Lucene-format filter string + - max: Maximum number of records to return + - offset: Number of records to skip for pagination + - sort: Sort field with optional ``:desc`` suffix + + ## Usage + + ```python + params = FabricsListEndpointParams(category="fabric", max=10, offset=0) + query_string = params.to_query_string() + # Returns: "category=fabric&max=10&offset=0" + ``` + """ + + cluster_name: Optional[str] = Field( + default=None, + min_length=1, + description="Name of the target Nexus Dashboard cluster to execute this API, in a multi-cluster deployment", + ) + + category: Optional[str] = Field( + default=None, + description="Filter by category of fabric (fabric or fabricGroup)", + ) + + filter: Optional[str] = Field( + default=None, + description="Lucene format filter - Filter the response based on this filter field", + ) + + max: Optional[int] = Field( + default=None, + ge=1, + description="Number of records to return", + ) + + offset: Optional[int] = Field( + default=None, + ge=0, + description="Number of records to skip for pagination", + ) + + sort: Optional[str] = Field( + default=None, + description="Sort the records by the declared fields in either ascending (default) or descending (:desc) order", + ) + + +class EpManageFabricsListGet(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics List GET Endpoint + + ## Description + + Endpoint to list all fabrics from the ND Manage service. + Supports optional query parameters for filtering, pagination, and sorting. + + ## Path + + - ``/api/v1/manage/fabrics`` + - ``/api/v1/manage/fabrics?category=fabric&max=10`` + + ## Verb + + - GET + + ## Raises + + - None + + ## Usage + + ```python + # List all fabrics + ep = EpApiV1ManageFabricsListGet() + path = ep.path + verb = ep.verb + # Path: /api/v1/manage/fabrics + + # List fabrics with filtering and pagination + ep = EpApiV1ManageFabricsListGet() + ep.endpoint_params.category = "fabric" + ep.endpoint_params.max = 10 + path = ep.path + # Path: /api/v1/manage/fabrics?category=fabric&max=10 + ``` + """ + + _require_fabric_name: ClassVar[bool] = False + + class_name: Literal["EpApiV1ManageFabricsListGet"] = Field( + default="EpApiV1ManageFabricsListGet", description="Class name for backward compatibility" + ) + + endpoint_params: FabricsListEndpointParams = Field( + default_factory=FabricsListEndpointParams, description="Endpoint-specific query parameters" + ) + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.GET + + +class EpManageFabricsPost(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics POST Endpoint + + ## Description + + Endpoint to create a new fabric via the ND Manage service. + The request body must conform to the ``baseFabric`` schema (discriminated + by ``category``). For standard fabrics the category is ``"fabric"`` and + the body includes ``name`` plus fabric-specific properties such as + ``location``, ``licenseTier``, ``telemetryCollection``, etc. + + ## Path + + - ``/api/v1/manage/fabrics`` + - ``/api/v1/manage/fabrics?clusterName=cluster1`` + + ## Verb + + - POST + + ## Request Body (application/json) + + ``baseFabric`` schema — for a standard fabric use ``category: "fabric"`` + with at minimum: + + - ``name`` (str, required): Name of the fabric + - ``category`` (str, required): ``"fabric"`` + + ## Raises + + - None + + ## Usage + + ```python + ep = EpApiV1ManageFabricsPost() + rest_send.path = ep.path + rest_send.verb = ep.verb + rest_send.payload = { + "name": "my-fabric", + "category": "fabric", + "telemetryCollection": True, + "telemetryCollectionType": "inBand", + } + ``` + """ + + _require_fabric_name: ClassVar[bool] = False + + class_name: Literal["EpApiV1ManageFabricsPost"] = Field( + default="EpApiV1ManageFabricsPost", description="Class name for backward compatibility" + ) + + endpoint_params: FabricsEndpointParams = Field( + default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters" + ) + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.POST + + +class EpManageFabricsPut(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics PUT Endpoint + + ## Description + + Endpoint to update an existing fabric via the ND Manage service. + The fabric name is a required path parameter. The request body must + conform to the ``baseFabric`` schema (same shape as POST/create). + + ## Path + + - ``/api/v1/manage/fabrics/{fabric_name}`` + - ``/api/v1/manage/fabrics/{fabric_name}?clusterName=cluster1`` + + ## Verb + + - PUT + + ## Request Body (application/json) + + ``baseFabric`` schema — same as create (POST). + + ## Raises + + - `ValueError` if `fabric_name` is not set when accessing `path` + + ## Usage + + ```python + ep = EpApiV1ManageFabricsPut() + ep.fabric_name = "my-fabric" + rest_send.path = ep.path + rest_send.verb = ep.verb + rest_send.payload = { + "name": "my-fabric", + "category": "fabric", + "telemetryCollection": False, + } + ``` + """ + + class_name: Literal["EpApiV1ManageFabricsPut"] = Field( + default="EpApiV1ManageFabricsPut", description="Class name for backward compatibility" + ) + + endpoint_params: FabricsEndpointParams = Field( + default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters" + ) + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.PUT + + +class EpManageFabricsDelete(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics DELETE Endpoint + + ## Description + + Endpoint to delete a specific fabric from the ND Manage service. + The fabric name is a required path parameter. + + ## Path + + - ``/api/v1/manage/fabrics/{fabric_name}`` + - ``/api/v1/manage/fabrics/{fabric_name}?clusterName=cluster1`` + + ## Verb + + - DELETE + + ## Raises + + - `ValueError` if `fabric_name` is not set when accessing `path` + + ## Usage + + ```python + ep = EpApiV1ManageFabricsDelete() + ep.fabric_name = "my-fabric" + rest_send.path = ep.path + rest_send.verb = ep.verb + ``` + """ + + class_name: Literal["EpApiV1ManageFabricsDelete"] = Field( + default="EpApiV1ManageFabricsDelete", description="Class name for backward compatibility" + ) + + endpoint_params: FabricsEndpointParams = Field( + default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters" + ) + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.DELETE + + +class EpManageFabricsSummaryGet(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics Summary GET Endpoint + + ## Description + + Endpoint to retrieve summary information for a specific fabric from + the ND Manage service. The fabric name is a required path parameter. + + ## Path + + - ``/api/v1/manage/fabrics/{fabric_name}/summary`` + - ``/api/v1/manage/fabrics/{fabric_name}/summary?clusterName=cluster1`` + + ## Verb + + - GET + + ## Raises + + - `ValueError` if `fabric_name` is not set when accessing `path` + + ## Usage + + ```python + ep = EpApiV1ManageFabricsSummaryGet() + ep.fabric_name = "my-fabric" + path = ep.path + verb = ep.verb + # Path: /api/v1/manage/fabrics/my-fabric/summary + ``` + """ + + class_name: Literal["EpApiV1ManageFabricsSummaryGet"] = Field( + default="EpApiV1ManageFabricsSummaryGet", description="Class name for backward compatibility" + ) + + _path_suffix: ClassVar[Optional[str]] = "summary" + + endpoint_params: FabricsEndpointParams = Field( + default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters" + ) + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.GET diff --git a/plugins/module_utils/models/manage_fabric/enums.py b/plugins/module_utils/models/manage_fabric/enums.py new file mode 100644 index 00000000..5d36756c --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/enums.py @@ -0,0 +1,251 @@ +# -*- coding: utf-8 -*- +# pylint: disable=wrong-import-position +# pylint: disable=missing-module-docstring +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +# Summary + +Enum definitions for Nexus Dashboard Ansible modules. + +## Enums + +- HttpVerbEnum: Enum for HTTP verb values used in endpoints. +- OperationType: Enum for operation types used by Results to determine if changes have occurred. +""" + +from __future__ import absolute_import, annotations, division, print_function + +# pylint: disable=invalid-name +__metaclass__ = type +# pylint: enable=invalid-name + +from enum import Enum + +class FabricTypeEnum(str, Enum): + """ + # Summary + + Enumeration of supported fabric types for discriminated union. + + ## Values + + - `VXLAN_IBGP` - VXLAN fabric with iBGP overlay + - `VXLAN_EBGP` - VXLAN fabric with eBGP overlay + """ + + VXLAN_IBGP = "vxlanIbgp" + VXLAN_EBGP = "vxlanEbgp" + EXTERNAL_CONNECTIVITY = "externalConnectivity" + + +class AlertSuspendEnum(str, Enum): + """ + # Summary + + Enumeration for alert suspension states. + + ## Values + + - `ENABLED` - Alerts are enabled + - `DISABLED` - Alerts are disabled + """ + + ENABLED = "enabled" + DISABLED = "disabled" + + +class LicenseTierEnum(str, Enum): + """ + # Summary + + Enumeration for license tier options. + + ## Values + + - `ESSENTIALS` - Essentials license tier + - `PREMIER` - Premier license tier + """ + + ESSENTIALS = "essentials" + PREMIER = "premier" + + +class ReplicationModeEnum(str, Enum): + """ + # Summary + + Enumeration for replication modes. + + ## Values + + - `MULTICAST` - Multicast replication + - `INGRESS` - Ingress replication + """ + + MULTICAST = "multicast" + INGRESS = "ingress" + + +class OverlayModeEnum(str, Enum): + """ + # Summary + + Enumeration for overlay modes. + + ## Values + + - `CLI` - CLI based configuration + - `CONFIG_PROFILE` - Configuration profile based + """ + + CLI = "cli" + CONFIG_PROFILE = "config-profile" + + +class LinkStateRoutingProtocolEnum(str, Enum): + """ + # Summary + + Enumeration for underlay routing protocols. + + ## Values + + - `OSPF` - Open Shortest Path First + - `ISIS` - Intermediate System to Intermediate System + """ + + OSPF = "ospf" + ISIS = "isis" + + +class CoppPolicyEnum(str, Enum): + """ + # Summary + + Enumeration for CoPP policy options. + """ + + DENSE = "dense" + LENIENT = "lenient" + MODERATE = "moderate" + STRICT = "strict" + MANUAL = "manual" + + +class FabricInterfaceTypeEnum(str, Enum): + """ + # Summary + + Enumeration for fabric interface types. + """ + + P2P = "p2p" + UNNUMBERED = "unNumbered" + + +class GreenfieldDebugFlagEnum(str, Enum): + """ + # Summary + + Enumeration for greenfield debug flag. + """ + + ENABLE = "enable" + DISABLE = "disable" + + +class IsisLevelEnum(str, Enum): + """ + # Summary + + Enumeration for IS-IS levels. + """ + + LEVEL_1 = "level-1" + LEVEL_2 = "level-2" + + +class SecurityGroupStatusEnum(str, Enum): + """ + # Summary + + Enumeration for security group status. + """ + + ENABLED = "enabled" + ENABLED_STRICT = "enabledStrict" + ENABLED_LOOSE = "enabledLoose" + ENABLE_PENDING = "enablePending" + ENABLE_PENDING_STRICT = "enablePendingStrict" + ENABLE_PENDING_LOOSE = "enablePendingLoose" + DISABLE_PENDING = "disablePending" + DISABLED = "disabled" + + +class StpRootOptionEnum(str, Enum): + """ + # Summary + + Enumeration for STP root options. + """ + + RPVST_PLUS = "rpvst+" + MST = "mst" + UNMANAGED = "unmanaged" + + +class VpcPeerKeepAliveOptionEnum(str, Enum): + """ + # Summary + + Enumeration for vPC peer keep-alive options. + """ + + LOOPBACK = "loopback" + MANAGEMENT = "management" + + +class DhcpProtocolVersionEnum(str, Enum): + """ + # Summary + + Enumeration for DHCP protocol version options. + """ + + DHCPV4 = "dhcpv4" + DHCPV6 = "dhcpv6" + + +class PowerRedundancyModeEnum(str, Enum): + """ + # Summary + + Enumeration for power redundancy mode options. + """ + + REDUNDANT = "redundant" + COMBINED = "combined" + INPUT_SRC_REDUNDANT = "inputSrcRedundant" + + +class BgpAsModeEnum(str, Enum): + """ + # Summary + + Enumeration for eBGP BGP AS mode options. + """ + + MULTI_AS = "multiAS" + SAME_TIER_AS = "sameTierAS" + + +class FirstHopRedundancyProtocolEnum(str, Enum): + """ + # Summary + + Enumeration for first-hop redundancy protocol options. + """ + + HSRP = "hsrp" + VRRP = "vrrp" diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py b/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py new file mode 100644 index 00000000..8894941c --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py @@ -0,0 +1,838 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +# pylint: disable=invalid-name +__metaclass__ = type +# pylint: enable=invalid-name + +import re +from typing import List, Dict, Any, Optional, ClassVar, Literal + +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.nested import NDNestedModel +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import ( + BaseModel, + ConfigDict, + Field, + field_validator, + model_validator, +) +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.enums import ( + FabricTypeEnum, + AlertSuspendEnum, + LicenseTierEnum, + OverlayModeEnum, + ReplicationModeEnum, + CoppPolicyEnum, + GreenfieldDebugFlagEnum, + VpcPeerKeepAliveOptionEnum, + BgpAsModeEnum, + FirstHopRedundancyProtocolEnum, +) +# Re-use shared nested models from the iBGP module +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ibgp import ( + LocationModel, + NetflowExporterModel, + NetflowRecordModel, + NetflowMonitorModel, + NetflowSettingsModel, + BootstrapSubnetModel, + TelemetryFlowCollectionModel, + TelemetryMicroburstModel, + TelemetryAnalysisSettingsModel, + TelemetryEnergyManagementModel, + TelemetryNasExportSettingsModel, + TelemetryNasModel, + TelemetrySettingsModel, + ExternalStreamingSettingsModel, +) + + +""" +# Comprehensive Pydantic models for eBGP VXLAN fabric management via Nexus Dashboard + +This module provides Pydantic models for creating, updating, and deleting +eBGP VXLAN fabrics through the Nexus Dashboard Fabric Controller (NDFC) API. + +## Models Overview + +- `VxlanEbgpManagementModel` - eBGP VXLAN specific management settings +- `FabricEbgpModel` - Complete fabric creation model for eBGP fabrics +- `FabricEbgpDeleteModel` - Fabric deletion model + +## Usage + +```python +# Create a new eBGP VXLAN fabric +fabric_data = { + "name": "MyEbgpFabric", + "management": { + "type": "vxlanEbgp", + "bgpAsnAutoAllocation": True, + "bgpAsnRange": "65000-65535" + } +} +fabric = FabricEbgpModel(**fabric_data) +``` +""" + +# Regex from OpenAPI schema: bgpAsn accepts plain integers (1-4294967295) and +# dotted four-byte ASN notation (1-65535).(0-65535) +_BGP_ASN_RE = re.compile( + r"^(([1-9]{1}[0-9]{0,8}|[1-3]{1}[0-9]{1,9}|[4]{1}([0-1]{1}[0-9]{8}|[2]{1}([0-8]{1}[0-9]{7}|[9]{1}([0-3]{1}[0-9]{6}|[4]{1}([0-8]{1}[0-9]{5}|[9]{1}([0-5]{1}[0-9]{4}|[6]{1}([0-6]{1}[0-9]{3}|[7]{1}([0-1]{1}[0-9]{2}|[2]{1}([0-8]{1}[0-9]{1}|[9]{1}[0-5]{1})))))))))|([1-5]\d{4}|[1-9]\d{0,3}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])(\.([1-5]\d{4}|[1-9]\d{0,3}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]|0))?)$" +) + + +class VxlanEbgpManagementModel(NDNestedModel): + """ + # Summary + + Comprehensive eBGP VXLAN fabric management configuration. + + This model contains all settings specific to eBGP VXLAN fabric types including + overlay configuration, BGP AS allocation, multicast settings, and advanced features. + + ## Raises + + - `ValueError` - If BGP ASN, VLAN ranges, or IP ranges are invalid + - `TypeError` - If required string fields are not provided + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + # Fabric Type (required for discriminated union) + type: Literal[FabricTypeEnum.VXLAN_EBGP] = Field(description="Fabric management type", default=FabricTypeEnum.VXLAN_EBGP) + + # Core eBGP Configuration + bgp_asn: Optional[str] = Field( + alias="bgpAsn", + description="BGP Autonomous System Number 1-4294967295 | 1-65535[.0-65535]. Optional when bgpAsnAutoAllocation is True.", + default=None + ) + site_id: Optional[str] = Field(alias="siteId", description="Site identifier for the fabric. Defaults to Fabric ASN.", default="") + bgp_as_mode: BgpAsModeEnum = Field( + alias="bgpAsMode", + description="BGP AS mode: multiAS assigns unique AS per leaf tier, sameTierAS assigns same AS within a tier", + default=BgpAsModeEnum.MULTI_AS + ) + bgp_asn_auto_allocation: bool = Field( + alias="bgpAsnAutoAllocation", + description="Enable automatic BGP ASN allocation from bgpAsnRange", + default=True + ) + bgp_asn_range: Optional[str] = Field( + alias="bgpAsnRange", + description="BGP ASN range for automatic allocation (e.g., '65000-65535')", + default=None + ) + bgp_allow_as_in_num: int = Field( + alias="bgpAllowAsInNum", + description="Number of times BGP allows AS-path that contains local AS", + default=1 + ) + bgp_max_path: int = Field(alias="bgpMaxPath", description="Maximum number of BGP equal-cost paths", default=4) + bgp_underlay_failure_protect: bool = Field( + alias="bgpUnderlayFailureProtect", + description="Enable BGP underlay failure protection", + default=False + ) + auto_configure_ebgp_evpn_peering: bool = Field( + alias="autoConfigureEbgpEvpnPeering", + description="Automatically configure eBGP EVPN peering between spine and leaf", + default=True + ) + allow_leaf_same_as: bool = Field( + alias="allowLeafSameAs", + description="Allow leaf switches to have the same BGP AS number", + default=False + ) + assign_ipv4_to_loopback0: bool = Field( + alias="assignIpv4ToLoopback0", + description="Assign IPv4 address to loopback0 interface", + default=True + ) + evpn: bool = Field(description="Enable EVPN control plane", default=True) + route_map_tag: int = Field(alias="routeMapTag", description="Route map tag for redistribution", default=12345) + disable_route_map_tag: bool = Field( + alias="disableRouteMapTag", + description="Disable route map tag usage", + default=False + ) + leaf_bgp_as: Optional[str] = Field( + alias="leafBgpAs", + description="BGP AS number for leaf switches (used with sameTierAS mode)", + default=None + ) + border_bgp_as: Optional[str] = Field( + alias="borderBgpAs", + description="BGP AS number for border switches", + default=None + ) + super_spine_bgp_as: Optional[str] = Field( + alias="superSpineBgpAs", + description="BGP AS number for super-spine switches", + default=None + ) + + # Propagated from FabricEbgpModel + name: Optional[str] = Field(description="Fabric name", min_length=1, max_length=64, default="") + + # Network Addressing + bgp_loopback_id: int = Field(alias="bgpLoopbackId", description="BGP loopback interface ID", ge=0, le=1023, default=0) + bgp_loopback_ip_range: str = Field(alias="bgpLoopbackIpRange", description="BGP loopback IP range", default="10.2.0.0/22") + bgp_loopback_ipv6_range: str = Field(alias="bgpLoopbackIpv6Range", description="BGP loopback IPv6 range", default="fd00::a02:0/119") + nve_loopback_id: int = Field(alias="nveLoopbackId", description="NVE loopback interface ID", ge=0, le=1023, default=1) + nve_loopback_ip_range: str = Field(alias="nveLoopbackIpRange", description="NVE loopback IP range", default="10.3.0.0/22") + nve_loopback_ipv6_range: str = Field(alias="nveLoopbackIpv6Range", description="NVE loopback IPv6 range", default="fd00::a03:0/118") + anycast_loopback_id: int = Field(alias="anycastLoopbackId", description="Anycast loopback ID", default=10) + anycast_rendezvous_point_ip_range: str = Field( + alias="anycastRendezvousPointIpRange", + description="Anycast RP IP range", + default="10.254.254.0/24" + ) + ipv6_anycast_rendezvous_point_ip_range: str = Field( + alias="ipv6AnycastRendezvousPointIpRange", + description="IPv6 anycast RP IP range", + default="fd00::254:254:0/118" + ) + intra_fabric_subnet_range: str = Field( + alias="intraFabricSubnetRange", + description="Intra-fabric subnet range", + default="10.4.0.0/16" + ) + + # VLAN and VNI Ranges + l2_vni_range: str = Field(alias="l2VniRange", description="Layer 2 VNI range", default="30000-49000") + l3_vni_range: str = Field(alias="l3VniRange", description="Layer 3 VNI range", default="50000-59000") + network_vlan_range: str = Field(alias="networkVlanRange", description="Network VLAN range", default="2300-2999") + vrf_vlan_range: str = Field(alias="vrfVlanRange", description="VRF VLAN range", default="2000-2299") + + # Overlay Configuration + overlay_mode: OverlayModeEnum = Field(alias="overlayMode", description="Overlay configuration mode", default=OverlayModeEnum.CLI) + replication_mode: ReplicationModeEnum = Field( + alias="replicationMode", + description="Multicast replication mode", + default=ReplicationModeEnum.MULTICAST + ) + multicast_group_subnet: str = Field(alias="multicastGroupSubnet", description="Multicast group subnet", default="239.1.1.0/25") + auto_generate_multicast_group_address: bool = Field( + alias="autoGenerateMulticastGroupAddress", + description="Auto-generate multicast group addresses", + default=False + ) + underlay_multicast_group_address_limit: int = Field( + alias="underlayMulticastGroupAddressLimit", + description="Underlay multicast group address limit", + ge=1, + le=255, + default=128 + ) + tenant_routed_multicast: bool = Field(alias="tenantRoutedMulticast", description="Enable tenant routed multicast", default=False) + tenant_routed_multicast_ipv6: bool = Field( + alias="tenantRoutedMulticastIpv6", + description="Enable tenant routed multicast IPv6", + default=False + ) + first_hop_redundancy_protocol: FirstHopRedundancyProtocolEnum = Field( + alias="firstHopRedundancyProtocol", + description="First-hop redundancy protocol for tenant networks", + default=FirstHopRedundancyProtocolEnum.HSRP + ) + + # Multicast / Rendezvous Point + rendezvous_point_count: int = Field( + alias="rendezvousPointCount", + description="Number of spines acting as Rendezvous-Points", + default=2 + ) + rendezvous_point_loopback_id: int = Field(alias="rendezvousPointLoopbackId", description="RP loopback ID", default=254) + rendezvous_point_mode: str = Field(alias="rendezvousPointMode", description="Multicast RP mode", default="asm") + phantom_rendezvous_point_loopback_id1: int = Field(alias="phantomRendezvousPointLoopbackId1", description="Phantom RP loopback ID 1", default=2) + phantom_rendezvous_point_loopback_id2: int = Field(alias="phantomRendezvousPointLoopbackId2", description="Phantom RP loopback ID 2", default=3) + phantom_rendezvous_point_loopback_id3: int = Field(alias="phantomRendezvousPointLoopbackId3", description="Phantom RP loopback ID 3", default=4) + phantom_rendezvous_point_loopback_id4: int = Field(alias="phantomRendezvousPointLoopbackId4", description="Phantom RP loopback ID 4", default=5) + l3vni_multicast_group: str = Field(alias="l3vniMulticastGroup", description="Default L3 VNI multicast group IPv4 address", default="239.1.1.0") + l3_vni_ipv6_multicast_group: str = Field(alias="l3VniIpv6MulticastGroup", description="Default L3 VNI multicast group IPv6 address", default="ff1e::") + ipv6_multicast_group_subnet: str = Field(alias="ipv6MulticastGroupSubnet", description="IPv6 multicast group subnet", default="ff1e::/121") + mvpn_vrf_route_import_id: bool = Field(alias="mvpnVrfRouteImportId", description="Enable MVPN VRF route import ID", default=True) + mvpn_vrf_route_import_id_range: Optional[str] = Field( + alias="mvpnVrfRouteImportIdRange", + description="MVPN VRF route import ID range", + default=None + ) + vrf_route_import_id_reallocation: bool = Field( + alias="vrfRouteImportIdReallocation", + description="Enable VRF route import ID reallocation", + default=False + ) + + # Advanced Features + anycast_gateway_mac: str = Field( + alias="anycastGatewayMac", + description="Anycast gateway MAC address", + default="2020.0000.00aa" + ) + target_subnet_mask: int = Field(alias="targetSubnetMask", description="Target subnet mask", ge=24, le=31, default=30) + fabric_mtu: int = Field(alias="fabricMtu", description="Fabric MTU size", ge=1500, le=9216, default=9216) + l2_host_interface_mtu: int = Field(alias="l2HostInterfaceMtu", description="L2 host interface MTU", ge=1500, le=9216, default=9216) + l3_vni_no_vlan_default_option: bool = Field( + alias="l3VniNoVlanDefaultOption", + description="L3 VNI configuration without VLAN", + default=False + ) + underlay_ipv6: bool = Field(alias="underlayIpv6", description="Enable IPv6 underlay", default=False) + static_underlay_ip_allocation: bool = Field( + alias="staticUnderlayIpAllocation", + description="Disable dynamic underlay IP address allocation", + default=False + ) + anycast_border_gateway_advertise_physical_ip: bool = Field( + alias="anycastBorderGatewayAdvertisePhysicalIp", + description="Advertise Anycast Border Gateway PIP as VTEP", + default=False + ) + + # VPC Configuration + vpc_domain_id_range: str = Field(alias="vpcDomainIdRange", description="vPC domain ID range", default="1-1000") + vpc_peer_link_vlan: str = Field(alias="vpcPeerLinkVlan", description="vPC peer link VLAN", default="3600") + vpc_peer_link_enable_native_vlan: bool = Field( + alias="vpcPeerLinkEnableNativeVlan", + description="Enable native VLAN on vPC peer link", + default=False + ) + vpc_peer_keep_alive_option: VpcPeerKeepAliveOptionEnum = Field( + alias="vpcPeerKeepAliveOption", + description="vPC peer keep-alive option", + default=VpcPeerKeepAliveOptionEnum.MANAGEMENT + ) + vpc_auto_recovery_timer: int = Field( + alias="vpcAutoRecoveryTimer", + description="vPC auto recovery timer", + ge=240, + le=3600, + default=360 + ) + vpc_delay_restore_timer: int = Field( + alias="vpcDelayRestoreTimer", + description="vPC delay restore timer", + ge=1, + le=3600, + default=150 + ) + vpc_peer_link_port_channel_id: str = Field(alias="vpcPeerLinkPortChannelId", description="vPC peer link port-channel ID", default="500") + vpc_ipv6_neighbor_discovery_sync: bool = Field( + alias="vpcIpv6NeighborDiscoverySync", + description="Enable vPC IPv6 ND sync", + default=True + ) + vpc_layer3_peer_router: bool = Field(alias="vpcLayer3PeerRouter", description="Enable vPC layer-3 peer router", default=True) + vpc_tor_delay_restore_timer: int = Field(alias="vpcTorDelayRestoreTimer", description="vPC TOR delay restore timer", default=30) + fabric_vpc_domain_id: bool = Field(alias="fabricVpcDomainId", description="Enable fabric vPC domain ID", default=False) + shared_vpc_domain_id: int = Field(alias="sharedVpcDomainId", description="Shared vPC domain ID", default=1) + fabric_vpc_qos: bool = Field(alias="fabricVpcQos", description="Enable fabric vPC QoS", default=False) + fabric_vpc_qos_policy_name: str = Field( + alias="fabricVpcQosPolicyName", + description="Fabric vPC QoS policy name", + default="spine_qos_for_fabric_vpc_peering" + ) + enable_peer_switch: bool = Field(alias="enablePeerSwitch", description="Enable vPC peer-switch feature on ToR switches", default=False) + + # Per-VRF Loopback + per_vrf_loopback_auto_provision: bool = Field( + alias="perVrfLoopbackAutoProvision", + description="Auto provision IPv4 loopback on VRF attachment", + default=False + ) + per_vrf_loopback_ip_range: str = Field( + alias="perVrfLoopbackIpRange", + description="Per-VRF loopback IPv4 prefix pool", + default="10.5.0.0/22" + ) + per_vrf_loopback_auto_provision_ipv6: bool = Field( + alias="perVrfLoopbackAutoProvisionIpv6", + description="Auto provision IPv6 loopback on VRF attachment", + default=False + ) + per_vrf_loopback_ipv6_range: str = Field( + alias="perVrfLoopbackIpv6Range", + description="Per-VRF loopback IPv6 prefix pool", + default="fd00::a05:0/112" + ) + + # Templates + vrf_template: str = Field(alias="vrfTemplate", description="VRF template", default="Default_VRF_Universal") + network_template: str = Field(alias="networkTemplate", description="Network template", default="Default_Network_Universal") + vrf_extension_template: str = Field( + alias="vrfExtensionTemplate", + description="VRF extension template", + default="Default_VRF_Extension_Universal" + ) + network_extension_template: str = Field( + alias="networkExtensionTemplate", + description="Network extension template", + default="Default_Network_Extension_Universal" + ) + + # Optional Advanced Settings + performance_monitoring: bool = Field(alias="performanceMonitoring", description="Enable performance monitoring", default=False) + tenant_dhcp: bool = Field(alias="tenantDhcp", description="Enable tenant DHCP", default=True) + advertise_physical_ip: bool = Field(alias="advertisePhysicalIp", description="Advertise physical IP as VTEP", default=False) + advertise_physical_ip_on_border: bool = Field( + alias="advertisePhysicalIpOnBorder", + description="Advertise physical IP on border switches only", + default=True + ) + + # Protocol Settings — BGP + bgp_authentication: bool = Field(alias="bgpAuthentication", description="Enable BGP authentication", default=False) + bgp_authentication_key_type: str = Field( + alias="bgpAuthenticationKeyType", + description="BGP authentication key type", + default="3des" + ) + bgp_authentication_key: str = Field(alias="bgpAuthenticationKey", description="BGP authentication key", default="") + + # Protocol Settings — BFD + bfd: bool = Field(description="Enable BFD", default=False) + bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD for iBGP", default=False) + bfd_authentication: bool = Field(alias="bfdAuthentication", description="Enable BFD authentication", default=False) + bfd_authentication_key_id: int = Field(alias="bfdAuthenticationKeyId", description="BFD authentication key ID", default=100) + bfd_authentication_key: str = Field(alias="bfdAuthenticationKey", description="BFD authentication key", default="") + + # Protocol Settings — PIM + pim_hello_authentication: bool = Field(alias="pimHelloAuthentication", description="Enable PIM hello authentication", default=False) + pim_hello_authentication_key: str = Field(alias="pimHelloAuthenticationKey", description="PIM hello authentication key", default="") + + # Management Settings + nxapi: bool = Field(description="Enable NX-API", default=False) + nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API HTTP", default=False) + nxapi_https_port: int = Field(alias="nxapiHttpsPort", description="NX-API HTTPS port", ge=1, le=65535, default=443) + nxapi_http_port: int = Field(alias="nxapiHttpPort", description="NX-API HTTP port", ge=1, le=65535, default=80) + + # Bootstrap / Day-0 / DHCP + day0_bootstrap: bool = Field(alias="day0Bootstrap", description="Enable day-0 bootstrap", default=False) + bootstrap_subnet_collection: List[BootstrapSubnetModel] = Field( + alias="bootstrapSubnetCollection", + description="Bootstrap subnet collection", + default_factory=list + ) + local_dhcp_server: bool = Field(alias="localDhcpServer", description="Enable local DHCP server", default=False) + dhcp_protocol_version: str = Field(alias="dhcpProtocolVersion", description="DHCP protocol version", default="dhcpv4") + dhcp_start_address: str = Field(alias="dhcpStartAddress", description="DHCP start address", default="") + dhcp_end_address: str = Field(alias="dhcpEndAddress", description="DHCP end address", default="") + management_gateway: str = Field(alias="managementGateway", description="Management gateway", default="") + management_ipv4_prefix: int = Field(alias="managementIpv4Prefix", description="Management IPv4 prefix length", default=24) + management_ipv6_prefix: int = Field(alias="managementIpv6Prefix", description="Management IPv6 prefix length", default=64) + + # Netflow Settings + netflow_settings: NetflowSettingsModel = Field( + alias="netflowSettings", + description="Netflow configuration", + default_factory=NetflowSettingsModel + ) + + # Backup / Restore + real_time_backup: Optional[bool] = Field(alias="realTimeBackup", description="Enable real-time backup", default=None) + scheduled_backup: Optional[bool] = Field(alias="scheduledBackup", description="Enable scheduled backup", default=None) + scheduled_backup_time: str = Field(alias="scheduledBackupTime", description="Scheduled backup time", default="") + + # VRF Lite / Sub-Interface + sub_interface_dot1q_range: str = Field(alias="subInterfaceDot1qRange", description="Sub-interface 802.1q range", default="2-511") + vrf_lite_auto_config: str = Field(alias="vrfLiteAutoConfig", description="VRF lite auto-config mode", default="manual") + vrf_lite_subnet_range: str = Field(alias="vrfLiteSubnetRange", description="VRF lite subnet range", default="10.33.0.0/16") + vrf_lite_subnet_target_mask: int = Field(alias="vrfLiteSubnetTargetMask", description="VRF lite subnet target mask", default=30) + auto_unique_vrf_lite_ip_prefix: bool = Field( + alias="autoUniqueVrfLiteIpPrefix", + description="Auto unique VRF lite IP prefix", + default=False + ) + + # Leaf / TOR + leaf_tor_id_range: bool = Field(alias="leafTorIdRange", description="Enable leaf/TOR ID range", default=False) + leaf_tor_vpc_port_channel_id_range: str = Field( + alias="leafTorVpcPortChannelIdRange", + description="Leaf/TOR vPC port-channel ID range", + default="1-499" + ) + allow_vlan_on_leaf_tor_pairing: str = Field( + alias="allowVlanOnLeafTorPairing", + description="Set trunk allowed VLAN on leaf-TOR pairing port-channels", + default="none" + ) + + # DNS / NTP / Syslog Collections + ntp_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="ntpServerCollection") + ntp_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="ntpServerVrfCollection") + dns_collection: List[str] = Field(default_factory=lambda: ["5.192.28.174"], alias="dnsCollection") + dns_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="dnsVrfCollection") + syslog_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerCollection") + syslog_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerVrfCollection") + syslog_severity_collection: List[int] = Field(default_factory=lambda: [7], alias="syslogSeverityCollection") + + # Extra Config / Pre-Interface Config / AAA / Banner + banner: str = Field(description="Fabric banner text", default="") + extra_config_leaf: str = Field(alias="extraConfigLeaf", description="Extra leaf config", default="") + extra_config_spine: str = Field(alias="extraConfigSpine", description="Extra spine config", default="") + extra_config_tor: str = Field(alias="extraConfigTor", description="Extra TOR config", default="") + extra_config_intra_fabric_links: str = Field( + alias="extraConfigIntraFabricLinks", + description="Extra intra-fabric links config", + default="" + ) + extra_config_aaa: str = Field(alias="extraConfigAaa", description="Extra AAA config", default="") + extra_config_nxos_bootstrap: str = Field(alias="extraConfigNxosBootstrap", description="Extra NX-OS bootstrap config", default="") + aaa: bool = Field(description="Enable AAA", default=False) + pre_interface_config_leaf: str = Field(alias="preInterfaceConfigLeaf", description="Pre-interface leaf config", default="") + pre_interface_config_spine: str = Field(alias="preInterfaceConfigSpine", description="Pre-interface spine config", default="") + pre_interface_config_tor: str = Field(alias="preInterfaceConfigTor", description="Pre-interface TOR config", default="") + + # System / Compliance / OAM / Misc + greenfield_debug_flag: GreenfieldDebugFlagEnum = Field( + alias="greenfieldDebugFlag", + description="Greenfield debug flag", + default=GreenfieldDebugFlagEnum.DISABLE + ) + interface_statistics_load_interval: int = Field( + alias="interfaceStatisticsLoadInterval", + description="Interface statistics load interval in seconds", + default=10 + ) + nve_hold_down_timer: int = Field(alias="nveHoldDownTimer", description="NVE source interface hold-down timer in seconds", default=180) + next_generation_oam: bool = Field(alias="nextGenerationOAM", description="Enable next-generation OAM", default=True) + ngoam_south_bound_loop_detect: bool = Field( + alias="ngoamSouthBoundLoopDetect", + description="Enable NGOAM south bound loop detection", + default=False + ) + ngoam_south_bound_loop_detect_probe_interval: int = Field( + alias="ngoamSouthBoundLoopDetectProbeInterval", + description="NGOAM south bound loop detect probe interval in seconds", + default=300 + ) + ngoam_south_bound_loop_detect_recovery_interval: int = Field( + alias="ngoamSouthBoundLoopDetectRecoveryInterval", + description="NGOAM south bound loop detect recovery interval in seconds", + default=600 + ) + strict_config_compliance_mode: bool = Field( + alias="strictConfigComplianceMode", + description="Enable strict config compliance mode", + default=False + ) + advanced_ssh_option: bool = Field(alias="advancedSshOption", description="Enable advanced SSH option", default=False) + copp_policy: CoppPolicyEnum = Field(alias="coppPolicy", description="CoPP policy", default=CoppPolicyEnum.STRICT) + power_redundancy_mode: str = Field(alias="powerRedundancyMode", description="Power redundancy mode", default="redundant") + heartbeat_interval: int = Field(alias="heartbeatInterval", description="XConnect heartbeat interval", default=190) + snmp_trap: bool = Field(alias="snmpTrap", description="Enable SNMP traps", default=True) + cdp: bool = Field(description="Enable CDP", default=False) + real_time_interface_statistics_collection: bool = Field( + alias="realTimeInterfaceStatisticsCollection", + description="Enable real-time interface statistics collection", + default=False + ) + tcam_allocation: bool = Field(alias="tcamAllocation", description="Enable TCAM allocation", default=True) + allow_smart_switch_onboarding: bool = Field( + alias="allowSmartSwitchOnboarding", + description="Allow smart switch onboarding", + default=False + ) + + # Queuing / QoS + default_queuing_policy: bool = Field(alias="defaultQueuingPolicy", description="Enable default queuing policy", default=False) + default_queuing_policy_cloudscale: str = Field( + alias="defaultQueuingPolicyCloudscale", + description="Default queuing policy for cloudscale switches", + default="queuing_policy_default_8q_cloudscale" + ) + default_queuing_policy_r_series: str = Field( + alias="defaultQueuingPolicyRSeries", + description="Default queuing policy for R-Series switches", + default="queuing_policy_default_r_series" + ) + default_queuing_policy_other: str = Field( + alias="defaultQueuingPolicyOther", + description="Default queuing policy for other switches", + default="queuing_policy_default_other" + ) + aiml_qos: bool = Field(alias="aimlQos", description="Enable AI/ML QoS", default=False) + aiml_qos_policy: str = Field(alias="aimlQosPolicy", description="AI/ML QoS policy", default="400G") + roce_v2: str = Field(alias="roceV2", description="RoCEv2 DSCP value", default="26") + cnp: str = Field(description="CNP DSCP value", default="48") + wred_min: int = Field(alias="wredMin", description="WRED minimum threshold in kbytes", default=950) + wred_max: int = Field(alias="wredMax", description="WRED maximum threshold in kbytes", default=3000) + wred_drop_probability: int = Field(alias="wredDropProbability", description="WRED drop probability %", default=7) + wred_weight: int = Field(alias="wredWeight", description="WRED weight", default=0) + bandwidth_remaining: int = Field(alias="bandwidthRemaining", description="Bandwidth remaining % for AI traffic queues", default=50) + dlb: bool = Field(description="Enable dynamic load balancing", default=False) + dlb_mode: str = Field(alias="dlbMode", description="DLB mode", default="flowlet") + dlb_mixed_mode_default: str = Field(alias="dlbMixedModeDefault", description="DLB mixed mode default", default="ecmp") + flowlet_aging: Optional[int] = Field(alias="flowletAging", description="Flowlet aging timer in microseconds", default=None) + flowlet_dscp: str = Field(alias="flowletDscp", description="Flowlet DSCP value", default="") + per_packet_dscp: str = Field(alias="perPacketDscp", description="Per-packet DSCP value", default="") + ai_load_sharing: bool = Field(alias="aiLoadSharing", description="Enable AI load sharing", default=False) + priority_flow_control_watch_interval: Optional[int] = Field( + alias="priorityFlowControlWatchInterval", + description="Priority flow control watch interval in milliseconds", + default=None + ) + + # PTP + ptp: bool = Field(description="Enable PTP", default=False) + ptp_loopback_id: int = Field(alias="ptpLoopbackId", description="PTP loopback ID", default=0) + ptp_domain_id: int = Field(alias="ptpDomainId", description="PTP domain ID", default=0) + + # Private VLAN + private_vlan: bool = Field(alias="privateVlan", description="Enable private VLAN", default=False) + default_private_vlan_secondary_network_template: str = Field( + alias="defaultPrivateVlanSecondaryNetworkTemplate", + description="Default private VLAN secondary network template", + default="Pvlan_Secondary_Network" + ) + + # MACsec + macsec: bool = Field(description="Enable MACsec", default=False) + macsec_cipher_suite: str = Field( + alias="macsecCipherSuite", + description="MACsec cipher suite", + default="GCM-AES-XPN-256" + ) + macsec_key_string: str = Field(alias="macsecKeyString", description="MACsec primary key string", default="") + macsec_algorithm: str = Field(alias="macsecAlgorithm", description="MACsec primary cryptographic algorithm", default="AES_128_CMAC") + macsec_fallback_key_string: str = Field(alias="macsecFallbackKeyString", description="MACsec fallback key string", default="") + macsec_fallback_algorithm: str = Field( + alias="macsecFallbackAlgorithm", + description="MACsec fallback cryptographic algorithm", + default="AES_128_CMAC" + ) + macsec_report_timer: int = Field(alias="macsecReportTimer", description="MACsec report timer in minutes", default=5) + + # Hypershield / Connectivity + connectivity_domain_name: Optional[str] = Field( + alias="connectivityDomainName", + description="Domain name to connect to Hypershield", + default=None + ) + hypershield_connectivity_proxy_server: Optional[str] = Field( + alias="hypershieldConnectivityProxyServer", + description="IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication", + default=None + ) + hypershield_connectivity_proxy_server_port: Optional[int] = Field( + alias="hypershieldConnectivityProxyServerPort", + description="Proxy port number for communication with Hypershield", + default=None + ) + hypershield_connectivity_source_intf: Optional[str] = Field( + alias="hypershieldConnectivitySourceIntf", + description="Loopback interface on smart switch for communication with Hypershield", + default=None + ) + + @field_validator("bgp_asn") + @classmethod + def validate_bgp_asn(cls, value: Optional[str]) -> Optional[str]: + """ + # Summary + + Validate BGP ASN format and range when provided. + + ## Raises + + - `ValueError` - If value does not match the expected ASN format + """ + if value is None: + return value + if not _BGP_ASN_RE.match(value): + raise ValueError( + f"Invalid BGP ASN '{value}'. " + "Expected a plain integer (1-4294967295) or dotted notation (1-65535.0-65535)." + ) + return value + + @field_validator("site_id") + @classmethod + def validate_site_id(cls, value: str) -> str: + """ + # Summary + + Validate site ID format. + + ## Raises + + - `ValueError` - If site ID is not numeric or outside valid range + """ + if value == "": + return value + if not value.isdigit(): + raise ValueError(f"Site ID must be numeric, got: {value}") + site_id_int = int(value) + if not (1 <= site_id_int <= 281474976710655): + raise ValueError(f"Site ID must be between 1 and 281474976710655, got: {site_id_int}") + return value + + @field_validator("anycast_gateway_mac") + @classmethod + def validate_mac_address(cls, value: str) -> str: + """ + # Summary + + Validate MAC address format. + + ## Raises + + - `ValueError` - If MAC address format is invalid + """ + mac_pattern = re.compile(r'^([0-9a-fA-F]{4}\.){2}[0-9a-fA-F]{4}$') + if not mac_pattern.match(value): + raise ValueError(f"Invalid MAC address format, expected xxxx.xxxx.xxxx, got: {value}") + return value.lower() + + +class FabricEbgpModel(NDBaseModel): + """ + # Summary + + Complete model for creating a new eBGP VXLAN fabric. + + ## Raises + + - `ValueError` - If required fields are missing or invalid + - `TypeError` - If field types don't match expected types + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + identifiers: ClassVar[Optional[List[str]]] = ["name"] + identifier_strategy: ClassVar[Optional[Literal["single", "composite", "hierarchical", "singleton"]]] = "single" + + # Basic Fabric Properties + category: Literal["fabric"] = Field(description="Resource category", default="fabric") + name: str = Field(description="Fabric name", min_length=1, max_length=64) + location: Optional[LocationModel] = Field(description="Geographic location of the fabric", default=None) + + # License and Operations + license_tier: LicenseTierEnum = Field(alias="licenseTier", description="License tier", default=LicenseTierEnum.PREMIER) + alert_suspend: AlertSuspendEnum = Field(alias="alertSuspend", description="Alert suspension state", default=AlertSuspendEnum.DISABLED) + telemetry_collection: bool = Field(alias="telemetryCollection", description="Enable telemetry collection", default=False) + telemetry_collection_type: str = Field(alias="telemetryCollectionType", description="Telemetry collection type", default="outOfBand") + telemetry_streaming_protocol: str = Field(alias="telemetryStreamingProtocol", description="Telemetry streaming protocol", default="ipv4") + telemetry_source_interface: str = Field(alias="telemetrySourceInterface", description="Telemetry source interface", default="") + telemetry_source_vrf: str = Field(alias="telemetrySourceVrf", description="Telemetry source VRF", default="") + security_domain: str = Field(alias="securityDomain", description="Security domain", default="all") + + # Core Management Configuration + management: Optional[VxlanEbgpManagementModel] = Field(description="eBGP VXLAN management configuration", default=None) + + # Optional Advanced Settings + telemetry_settings: Optional[TelemetrySettingsModel] = Field( + alias="telemetrySettings", + description="Telemetry configuration", + default=None + ) + external_streaming_settings: ExternalStreamingSettingsModel = Field( + alias="externalStreamingSettings", + description="External streaming settings", + default_factory=ExternalStreamingSettingsModel + ) + + @field_validator("name") + @classmethod + def validate_fabric_name(cls, value: str) -> str: + """ + # Summary + + Validate fabric name format and characters. + + ## Raises + + - `ValueError` - If name contains invalid characters or format + """ + if not re.match(r'^[a-zA-Z0-9_-]+$', value): + raise ValueError(f"Fabric name can only contain letters, numbers, underscores, and hyphens, got: {value}") + return value + + @model_validator(mode='after') + def validate_fabric_consistency(self) -> 'FabricEbgpModel': + """ + # Summary + + Validate consistency between fabric settings and management configuration. + + ## Raises + + - `ValueError` - If fabric settings are inconsistent + """ + if self.management is not None and self.management.type != FabricTypeEnum.VXLAN_EBGP: + raise ValueError(f"Management type must be {FabricTypeEnum.VXLAN_EBGP}") + + # Propagate fabric name to management model + if self.management is not None: + self.management.name = self.name + + # Propagate BGP ASN to site_id if both are set and site_id is empty + if self.management is not None and self.management.site_id == "" and self.management.bgp_asn is not None: + bgp_asn = self.management.bgp_asn + if "." in bgp_asn: + high, low = bgp_asn.split(".") + self.management.site_id = str(int(high) * 65536 + int(low)) + else: + self.management.site_id = bgp_asn + + # Auto-create default telemetry settings if collection is enabled + if self.telemetry_collection and self.telemetry_settings is None: + self.telemetry_settings = TelemetrySettingsModel() + + return self + + def to_diff_dict(self, **kwargs) -> Dict[str, Any]: + """Export for diff comparison, excluding fields that ND overrides for eBGP fabrics.""" + d = super().to_diff_dict(**kwargs) + # ND always returns nxapiHttp=True for eBGP fabrics regardless of the configured value, + # so exclude it from diff comparison to prevent a persistent false-positive diff. + if "management" in d: + d["management"].pop("nxapiHttp", None) + return d + + @classmethod + def get_argument_spec(cls) -> Dict: + return dict( + state={ + "type": "str", + "default": "merged", + "choices": ["merged", "replaced", "deleted", "overridden", "query"], + }, + config={"required": False, "type": "list", "elements": "dict"}, + ) + + +# Export all models for external use +__all__ = [ + "VxlanEbgpManagementModel", + "FabricEbgpModel", + "FabricEbgpDeleteModel", + "FabricTypeEnum", + "AlertSuspendEnum", + "LicenseTierEnum", + "ReplicationModeEnum", + "OverlayModeEnum", + "BgpAsModeEnum", + "FirstHopRedundancyProtocolEnum", + "VpcPeerKeepAliveOptionEnum", + "CoppPolicyEnum", + "GreenfieldDebugFlagEnum", +] diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_external.py b/plugins/module_utils/models/manage_fabric/manage_fabric_external.py new file mode 100644 index 00000000..9210a8a7 --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_external.py @@ -0,0 +1,833 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +# pylint: disable=invalid-name +__metaclass__ = type +# pylint: enable=invalid-name + +import re +from enum import Enum +from typing import List, Dict, Any, Optional, ClassVar, Literal + +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.nested import NDNestedModel +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import ( + BaseModel, + ConfigDict, + Field, + field_validator, + model_validator, +) +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.enums import ( + FabricTypeEnum, + AlertSuspendEnum, + LicenseTierEnum, + CoppPolicyEnum, + DhcpProtocolVersionEnum, + PowerRedundancyModeEnum, +) + + +""" +# Comprehensive Pydantic models for External Connectivity fabric management via Nexus Dashboard + +This module provides comprehensive Pydantic models for creating, updating, and deleting +External Connectivity fabrics through the Nexus Dashboard Fabric Controller (NDFC) API. + +## Models Overview + +- `LocationModel` - Geographic location coordinates +- `NetflowExporterModel` - Netflow exporter configuration +- `NetflowRecordModel` - Netflow record configuration +- `NetflowMonitorModel` - Netflow monitor configuration +- `NetflowSettingsModel` - Complete netflow settings +- `BootstrapSubnetModel` - Bootstrap subnet configuration +- `TelemetryFlowCollectionModel` - Telemetry flow collection settings +- `TelemetrySettingsModel` - Complete telemetry configuration +- `ExternalStreamingSettingsModel` - External streaming configuration +- `ExternalConnectivityManagementModel` - External Connectivity specific management settings +- `FabricExternalConnectivityModel` - Complete fabric creation model + +## Usage + +```python +# Create a new External Connectivity fabric +fabric_data = { + "name": "MyExtFabric", + "location": {"latitude": 37.7749, "longitude": -122.4194}, + "management": { + "type": "externalConnectivity", + "bgp_asn": "65001", + } +} +fabric = FabricExternalConnectivityModel(**fabric_data) +``` +""" + +# Regex from OpenAPI schema: bgpAsn accepts plain integers (1-4294967295) and +# dotted four-byte ASN notation (1-65535).(0-65535) +_BGP_ASN_RE = re.compile( + r"^(([1-9]{1}[0-9]{0,8}|[1-3]{1}[0-9]{1,9}|[4]{1}([0-1]{1}[0-9]{8}|[2]{1}([0-8]{1}[0-9]{7}|[9]{1}([0-3]{1}[0-9]{6}|[4]{1}([0-8]{1}[0-9]{5}|[9]{1}([0-5]{1}[0-9]{4}|[6]{1}([0-6]{1}[0-9]{3}|[7]{1}([0-1]{1}[0-9]{2}|[2]{1}([0-8]{1}[0-9]{1}|[9]{1}[0-5]{1})))))))))|([1-5]\d{4}|[1-9]\d{0,3}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])(\.([1-5]\d{4}|[1-9]\d{0,3}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]|0))?)$" +) + + +class LocationModel(NDNestedModel): + """ + # Summary + + Geographic location coordinates for the fabric. + + ## Raises + + - `ValueError` - If latitude or longitude are outside valid ranges + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + latitude: float = Field( + description="Latitude coordinate (-90 to 90)", + ge=-90.0, + le=90.0 + ) + longitude: float = Field( + description="Longitude coordinate (-180 to 180)", + ge=-180.0, + le=180.0 + ) + + +class NetflowExporterModel(NDNestedModel): + """ + # Summary + + Netflow exporter configuration for telemetry. + + ## Raises + + - `ValueError` - If UDP port is outside valid range or IP address is invalid + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + exporter_name: str = Field(alias="exporterName", description="Name of the netflow exporter") + exporter_ip: str = Field(alias="exporterIp", description="IP address of the netflow collector") + vrf: str = Field(description="VRF name for the exporter", default="management") + source_interface_name: str = Field(alias="sourceInterfaceName", description="Source interface name") + udp_port: int = Field(alias="udpPort", description="UDP port for netflow export", ge=1, le=65535) + + +class NetflowRecordModel(NDNestedModel): + """ + # Summary + + Netflow record configuration defining flow record templates. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + record_name: str = Field(alias="recordName", description="Name of the netflow record") + record_template: str = Field(alias="recordTemplate", description="Template type for the record") + layer2_record: bool = Field(alias="layer2Record", description="Enable layer 2 record fields", default=False) + + +class NetflowMonitorModel(NDNestedModel): + """ + # Summary + + Netflow monitor configuration linking records to exporters. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + monitor_name: str = Field(alias="monitorName", description="Name of the netflow monitor") + record_name: str = Field(alias="recordName", description="Associated record name") + exporter1_name: str = Field(alias="exporter1Name", description="Primary exporter name") + exporter2_name: str = Field(alias="exporter2Name", description="Secondary exporter name", default="") + + +class NetflowSettingsModel(NDNestedModel): + """ + # Summary + + Complete netflow configuration including exporters, records, and monitors. + + ## Raises + + - `ValueError` - If netflow lists are inconsistent with netflow enabled state + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + netflow: bool = Field(description="Enable netflow collection", default=False) + netflow_exporter_collection: List[NetflowExporterModel] = Field( + alias="netflowExporterCollection", + description="List of netflow exporters", + default_factory=list + ) + netflow_record_collection: List[NetflowRecordModel] = Field( + alias="netflowRecordCollection", + description="List of netflow records", + default_factory=list + ) + netflow_monitor_collection: List[NetflowMonitorModel] = Field( + alias="netflowMonitorCollection", + description="List of netflow monitors", + default_factory=list + ) + + +class BootstrapSubnetModel(NDNestedModel): + """ + # Summary + + Bootstrap subnet configuration for fabric initialization. + + ## Raises + + - `ValueError` - If IP addresses or subnet prefix are invalid + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + start_ip: str = Field(alias="startIp", description="Starting IP address of the bootstrap range") + end_ip: str = Field(alias="endIp", description="Ending IP address of the bootstrap range") + default_gateway: str = Field(alias="defaultGateway", description="Default gateway for bootstrap subnet") + subnet_prefix: int = Field(alias="subnetPrefix", description="Subnet prefix length", ge=8, le=30) + + +class TelemetryFlowCollectionModel(NDNestedModel): + """ + # Summary + + Telemetry flow collection configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + traffic_analytics: str = Field(alias="trafficAnalytics", description="Traffic analytics state", default="enabled") + traffic_analytics_scope: str = Field( + alias="trafficAnalyticsScope", + description="Traffic analytics scope", + default="intraFabric" + ) + operating_mode: str = Field(alias="operatingMode", description="Operating mode", default="flowTelemetry") + udp_categorization: str = Field(alias="udpCategorization", description="UDP categorization", default="enabled") + + +class TelemetryMicroburstModel(NDNestedModel): + """ + # Summary + + Microburst detection configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + microburst: bool = Field(description="Enable microburst detection", default=False) + sensitivity: str = Field(description="Microburst sensitivity level", default="low") + + +class TelemetryAnalysisSettingsModel(NDNestedModel): + """ + # Summary + + Telemetry analysis configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + is_enabled: bool = Field(alias="isEnabled", description="Enable telemetry analysis", default=False) + + +class TelemetryEnergyManagementModel(NDNestedModel): + """ + # Summary + + Energy management telemetry configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + cost: float = Field(description="Energy cost per unit", default=1.2) + + +class TelemetryNasExportSettingsModel(NDNestedModel): + """ + # Summary + + NAS export settings for telemetry. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + export_type: str = Field(alias="exportType", description="Export type", default="full") + export_format: str = Field(alias="exportFormat", description="Export format", default="json") + + +class TelemetryNasModel(NDNestedModel): + """ + # Summary + + NAS (Network Attached Storage) telemetry configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + server: str = Field(description="NAS server address", default="") + export_settings: TelemetryNasExportSettingsModel = Field( + alias="exportSettings", + description="NAS export settings", + default_factory=TelemetryNasExportSettingsModel + ) + + +class TelemetrySettingsModel(NDNestedModel): + """ + # Summary + + Complete telemetry configuration for the fabric. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + flow_collection: TelemetryFlowCollectionModel = Field( + alias="flowCollection", + description="Flow collection settings", + default_factory=TelemetryFlowCollectionModel + ) + microburst: TelemetryMicroburstModel = Field( + description="Microburst detection settings", + default_factory=TelemetryMicroburstModel + ) + analysis_settings: TelemetryAnalysisSettingsModel = Field( + alias="analysisSettings", + description="Analysis settings", + default_factory=TelemetryAnalysisSettingsModel + ) + nas: TelemetryNasModel = Field( + description="NAS telemetry configuration", + default_factory=TelemetryNasModel + ) + energy_management: TelemetryEnergyManagementModel = Field( + alias="energyManagement", + description="Energy management settings", + default_factory=TelemetryEnergyManagementModel + ) + + +class ExternalStreamingSettingsModel(NDNestedModel): + """ + # Summary + + External streaming configuration for events and data export. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + email: List[Dict[str, Any]] = Field(description="Email streaming configuration", default_factory=list) + message_bus: List[Dict[str, Any]] = Field(alias="messageBus", description="Message bus configuration", default_factory=list) + syslog: Dict[str, Any] = Field( + description="Syslog streaming configuration", + default_factory=lambda: { + "collectionSettings": {"anomalies": []}, + "facility": "", + "servers": [] + } + ) + webhooks: List[Dict[str, Any]] = Field(description="Webhook configuration", default_factory=list) + + +class ExternalConnectivityManagementModel(NDNestedModel): + """ + # Summary + + Comprehensive External Connectivity fabric management configuration. + + This model contains all settings specific to External Connectivity fabric types including + BGP configuration, bootstrap settings, and advanced features. + + ## Raises + + - `ValueError` - If BGP ASN or IP ranges are invalid + - `TypeError` - If required string fields are not provided + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + # Fabric Type (required for discriminated union) + type: Literal[FabricTypeEnum.EXTERNAL_CONNECTIVITY] = Field( + description="Fabric management type", + default=FabricTypeEnum.EXTERNAL_CONNECTIVITY + ) + + # Core Configuration + bgp_asn: str = Field(alias="bgpAsn", description="BGP Autonomous System Number 1-4294967295 | 1-65535[.0-65535]") + + # Name under management section is optional for backward compatibility + name: Optional[str] = Field(description="Fabric name", min_length=1, max_length=64, default="") + + # AAA + aaa: bool = Field(description="Enable AAA", default=False) + + # SSH + advanced_ssh_option: bool = Field(alias="advancedSshOption", description="Enable advanced SSH option", default=False) + + # Loopback + allow_same_loopback_ip_on_switches: bool = Field( + alias="allowSameLoopbackIpOnSwitches", + description="Allow same loopback IP on switches", + default=False + ) + + # Smart Switch + allow_smart_switch_onboarding: bool = Field( + alias="allowSmartSwitchOnboarding", + description="Allow smart switch onboarding", + default=False + ) + + # Bootstrap Subnet Collection + bootstrap_subnet_collection: List[BootstrapSubnetModel] = Field( + alias="bootstrapSubnetCollection", + description="Bootstrap subnet collection", + default_factory=list + ) + + # CDP + cdp: bool = Field(description="Enable CDP", default=False) + + # CoPP Policy + copp_policy: CoppPolicyEnum = Field( + alias="coppPolicy", + description="CoPP policy", + default=CoppPolicyEnum.MANUAL + ) + + # BGP Configuration + create_bgp_config: bool = Field( + alias="createBgpConfig", + description="Create BGP configuration", + default=True + ) + + # Bootstrap Settings + day0_bootstrap: bool = Field(alias="day0Bootstrap", description="Enable day-0 bootstrap", default=False) + day0_plug_and_play: bool = Field(alias="day0PlugAndPlay", description="Enable day-0 plug and play", default=False) + + # DHCP + dhcp_end_address: str = Field(alias="dhcpEndAddress", description="DHCP end address", default="") + dhcp_protocol_version: DhcpProtocolVersionEnum = Field( + alias="dhcpProtocolVersion", + description="DHCP protocol version", + default=DhcpProtocolVersionEnum.DHCPV4 + ) + dhcp_start_address: str = Field(alias="dhcpStartAddress", description="DHCP start address", default="") + + # DNS + dns_collection: List[str] = Field(alias="dnsCollection", description="DNS server collection", default_factory=list) + dns_vrf_collection: List[str] = Field(alias="dnsVrfCollection", description="DNS VRF collection", default_factory=list) + + # Domain + domain_name: str = Field(alias="domainName", description="Domain name", default="") + + # DPU Pinning + enable_dpu_pinning: bool = Field(alias="enableDpuPinning", description="Enable DPU pinning", default=False) + + # Extra Config + extra_config_aaa: str = Field(alias="extraConfigAaa", description="Extra AAA config", default="") + extra_config_fabric: str = Field(alias="extraConfigFabric", description="Extra fabric config", default="") + extra_config_nxos_bootstrap: str = Field(alias="extraConfigNxosBootstrap", description="Extra NX-OS bootstrap config", default="") + extra_config_xe_bootstrap: str = Field(alias="extraConfigXeBootstrap", description="Extra XE bootstrap config", default="") + + # Inband Management + inband_day0_bootstrap: bool = Field(alias="inbandDay0Bootstrap", description="Enable inband day-0 bootstrap", default=False) + inband_management: bool = Field(alias="inbandManagement", description="Enable in-band management", default=False) + + # Interface Statistics + interface_statistics_load_interval: int = Field( + alias="interfaceStatisticsLoadInterval", + description="Interface statistics load interval", + default=10 + ) + + # Local DHCP Server + local_dhcp_server: bool = Field(alias="localDhcpServer", description="Enable local DHCP server", default=False) + + # Management + management_gateway: str = Field(alias="managementGateway", description="Management gateway", default="") + management_ipv4_prefix: int = Field(alias="managementIpv4Prefix", description="Management IPv4 prefix length", default=24) + management_ipv6_prefix: int = Field(alias="managementIpv6Prefix", description="Management IPv6 prefix length", default=64) + + # Monitored Mode + monitored_mode: bool = Field(alias="monitoredMode", description="Enable monitored mode", default=False) + + # MPLS Handoff + mpls_handoff: bool = Field(alias="mplsHandoff", description="Enable MPLS handoff", default=False) + mpls_loopback_identifier: Optional[int] = Field( + alias="mplsLoopbackIdentifier", + description="MPLS loopback identifier", + default=None + ) + mpls_loopback_ip_range: str = Field( + alias="mplsLoopbackIpRange", + description="MPLS loopback IP range", + default="10.102.0.0/25" + ) + + # Netflow Settings + netflow_settings: NetflowSettingsModel = Field( + alias="netflowSettings", + description="Netflow configuration", + default_factory=NetflowSettingsModel + ) + + # NX-API Settings + nxapi: bool = Field(description="Enable NX-API", default=False) + nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API HTTP", default=False) + nxapi_http_port: int = Field(alias="nxapiHttpPort", description="NX-API HTTP port", ge=1, le=65535, default=80) + nxapi_https_port: int = Field(alias="nxapiHttpsPort", description="NX-API HTTPS port", ge=1, le=65535, default=443) + + # Performance Monitoring + performance_monitoring: bool = Field(alias="performanceMonitoring", description="Enable performance monitoring", default=False) + + # Power Redundancy + power_redundancy_mode: PowerRedundancyModeEnum = Field( + alias="powerRedundancyMode", + description="Power redundancy mode", + default=PowerRedundancyModeEnum.REDUNDANT + ) + + # PTP + ptp: bool = Field(description="Enable PTP", default=False) + ptp_domain_id: int = Field(alias="ptpDomainId", description="PTP domain ID", default=0) + ptp_loopback_id: int = Field(alias="ptpLoopbackId", description="PTP loopback ID", default=0) + + # Backup / Restore + real_time_backup: Optional[bool] = Field(alias="realTimeBackup", description="Enable real-time backup", default=None) + + # Interface Statistics Collection + real_time_interface_statistics_collection: bool = Field( + alias="realTimeInterfaceStatisticsCollection", + description="Enable real-time interface statistics", + default=False + ) + + # Scheduled Backup + scheduled_backup: Optional[bool] = Field(alias="scheduledBackup", description="Enable scheduled backup", default=None) + scheduled_backup_time: str = Field(alias="scheduledBackupTime", description="Scheduled backup time", default="") + + # SNMP + snmp_trap: bool = Field(alias="snmpTrap", description="Enable SNMP traps", default=True) + + # Sub-Interface + sub_interface_dot1q_range: str = Field( + alias="subInterfaceDot1qRange", + description="Sub-interface 802.1q range", + default="2-511" + ) + + # Hypershield / Connectivity + connectivity_domain_name: Optional[str] = Field( + alias="connectivityDomainName", + description="Domain name to connect to Hypershield", + default=None + ) + hypershield_connectivity_proxy_server: Optional[str] = Field( + alias="hypershieldConnectivityProxyServer", + description="IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication", + default=None + ) + hypershield_connectivity_proxy_server_port: Optional[int] = Field( + alias="hypershieldConnectivityProxyServerPort", + description="Proxy port number for communication with Hypershield", + default=None + ) + hypershield_connectivity_source_intf: Optional[str] = Field( + alias="hypershieldConnectivitySourceIntf", + description="Loopback interface on smart switch for communication with Hypershield", + default=None + ) + + @field_validator("bgp_asn") + @classmethod + def validate_bgp_asn(cls, value: str) -> str: + """ + # Summary + + Validate BGP ASN format and range. + + ## Description + + Accepts either a plain integer ASN (1-4294967295) or dotted four-byte + ASN notation in the form ``MMMM.NNNN`` where both parts are in the + range 1-65535 / 0-65535 respectively. + + ## Raises + + - `ValueError` - If the value does not match the expected ASN format + """ + if not _BGP_ASN_RE.match(value): + raise ValueError( + f"Invalid BGP ASN '{value}'. " + "Expected a plain integer (1-4294967295) or dotted notation (1-65535.0-65535)." + ) + return value + + +class FabricExternalConnectivityModel(NDBaseModel): + """ + # Summary + + Complete model for creating a new External Connectivity fabric. + + This model combines all necessary components for fabric creation including + basic fabric properties, management settings, telemetry, and streaming configuration. + + ## Raises + + - `ValueError` - If required fields are missing or invalid + - `TypeError` - If field types don't match expected types + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" # Allow extra fields from API responses + ) + + identifiers: ClassVar[Optional[List[str]]] = ["name"] + identifier_strategy: ClassVar[Optional[Literal["single", "composite", "hierarchical", "singleton"]]] = "single" + + # Basic Fabric Properties + category: Literal["fabric"] = Field(description="Resource category", default="fabric") + name: str = Field(description="Fabric name", min_length=1, max_length=64) + location: Optional[LocationModel] = Field(description="Geographic location of the fabric", default=None) + + # License and Operations + license_tier: LicenseTierEnum = Field(alias="licenseTier", description="License tier", default=LicenseTierEnum.PREMIER) + alert_suspend: AlertSuspendEnum = Field(alias="alertSuspend", description="Alert suspension state", default=AlertSuspendEnum.DISABLED) + telemetry_collection: bool = Field(alias="telemetryCollection", description="Enable telemetry collection", default=False) + telemetry_collection_type: str = Field(alias="telemetryCollectionType", description="Telemetry collection type", default="outOfBand") + telemetry_streaming_protocol: str = Field(alias="telemetryStreamingProtocol", description="Telemetry streaming protocol", default="ipv4") + telemetry_source_interface: str = Field(alias="telemetrySourceInterface", description="Telemetry source interface", default="") + telemetry_source_vrf: str = Field(alias="telemetrySourceVrf", description="Telemetry source VRF", default="") + security_domain: str = Field(alias="securityDomain", description="Security domain", default="all") + + # Core Management Configuration + management: Optional[ExternalConnectivityManagementModel] = Field( + description="External Connectivity management configuration", + default=None + ) + + # Optional Advanced Settings + telemetry_settings: Optional[TelemetrySettingsModel] = Field( + alias="telemetrySettings", + description="Telemetry configuration", + default=None + ) + external_streaming_settings: ExternalStreamingSettingsModel = Field( + alias="externalStreamingSettings", + description="External streaming settings", + default_factory=ExternalStreamingSettingsModel + ) + + @field_validator("name") + @classmethod + def validate_fabric_name(cls, value: str) -> str: + """ + # Summary + + Validate fabric name format and characters. + + ## Raises + + - `ValueError` - If name contains invalid characters or format + """ + if not re.match(r'^[a-zA-Z0-9_-]+$', value): + raise ValueError(f"Fabric name can only contain letters, numbers, underscores, and hyphens, got: {value}") + + return value + + @model_validator(mode='after') + def validate_fabric_consistency(self) -> 'FabricExternalConnectivityModel': + """ + # Summary + + Validate consistency between fabric settings and management configuration. + + ## Raises + + - `ValueError` - If fabric settings are inconsistent + """ + # Ensure management type matches model type + if self.management is not None and self.management.type != FabricTypeEnum.EXTERNAL_CONNECTIVITY: + raise ValueError(f"Management type must be {FabricTypeEnum.EXTERNAL_CONNECTIVITY}") + + # Propagate fabric name to management model + if self.management is not None: + self.management.name = self.name + + # Validate telemetry consistency + if self.telemetry_collection and self.telemetry_settings is None: + # Auto-create default telemetry settings if collection is enabled + self.telemetry_settings = TelemetrySettingsModel() + + return self + + # TODO: to generate from Fields (low priority) + @classmethod + def get_argument_spec(cls) -> Dict: + return dict( + state={ + "type": "str", + "default": "merged", + "choices": ["merged", "replaced", "deleted", "overridden", "query"], + }, + config={"required": False, "type": "list", "elements": "dict"}, + ) + + +# Export all models for external use +__all__ = [ + "LocationModel", + "NetflowExporterModel", + "NetflowRecordModel", + "NetflowMonitorModel", + "NetflowSettingsModel", + "BootstrapSubnetModel", + "TelemetryFlowCollectionModel", + "TelemetryMicroburstModel", + "TelemetryAnalysisSettingsModel", + "TelemetryEnergyManagementModel", + "TelemetrySettingsModel", + "ExternalStreamingSettingsModel", + "ExternalConnectivityManagementModel", + "FabricExternalConnectivityModel", + "FabricTypeEnum", + "AlertSuspendEnum", + "LicenseTierEnum", + "CoppPolicyEnum", + "DhcpProtocolVersionEnum", + "PowerRedundancyModeEnum", +] diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py b/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py new file mode 100644 index 00000000..5e8169de --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py @@ -0,0 +1,1317 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +# pylint: disable=invalid-name +__metaclass__ = type +# pylint: enable=invalid-name + +import re +# from datetime import datetime +from enum import Enum +from typing import List, Dict, Any, Optional, ClassVar, Literal + +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.nested import NDNestedModel +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import ( + BaseModel, + ConfigDict, + Field, + field_validator, + model_validator, +) +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.enums import ( + FabricTypeEnum, + AlertSuspendEnum, + LicenseTierEnum, + OverlayModeEnum, + ReplicationModeEnum, + LinkStateRoutingProtocolEnum, + CoppPolicyEnum, + FabricInterfaceTypeEnum, + GreenfieldDebugFlagEnum, + IsisLevelEnum, + SecurityGroupStatusEnum, + StpRootOptionEnum, + VpcPeerKeepAliveOptionEnum, +) + + +""" +# Comprehensive Pydantic models for iBGP VXLAN fabric management via Nexus Dashboard + +This module provides comprehensive Pydantic models for creating, updating, and deleting +iBGP VXLAN fabrics through the Nexus Dashboard Fabric Controller (NDFC) API. + +## Models Overview + +- `LocationModel` - Geographic location coordinates +- `NetflowExporterModel` - Netflow exporter configuration +- `NetflowRecordModel` - Netflow record configuration +- `NetflowMonitorModel` - Netflow monitor configuration +- `NetflowSettingsModel` - Complete netflow settings +- `BootstrapSubnetModel` - Bootstrap subnet configuration +- `TelemetryFlowCollectionModel` - Telemetry flow collection settings +- `TelemetrySettingsModel` - Complete telemetry configuration +- `ExternalStreamingSettingsModel` - External streaming configuration +- `VxlanIbgpManagementModel` - iBGP VXLAN specific management settings +- `FabricModel` - Complete fabric creation model +- `FabricDeleteModel` - Fabric deletion model + +## Usage + +```python +# Create a new iBGP VXLAN fabric +fabric_data = { + "name": "MyFabric", + "location": {"latitude": 37.7749, "longitude": -122.4194}, + "management": { + "type": "vxlanIbgp", + "bgp_asn": "65001", + "site_id": "65001" + } +} +fabric = FabricModel(**fabric_data) +``` +""" + +# Regex from OpenAPI schema: bgpAsn accepts plain integers (1-4294967295) and +# dotted four-byte ASN notation (1-65535).(0-65535) +_BGP_ASN_RE = re.compile( + r"^(([1-9]{1}[0-9]{0,8}|[1-3]{1}[0-9]{1,9}|[4]{1}([0-1]{1}[0-9]{8}|[2]{1}([0-8]{1}[0-9]{7}|[9]{1}([0-3]{1}[0-9]{6}|[4]{1}([0-8]{1}[0-9]{5}|[9]{1}([0-5]{1}[0-9]{4}|[6]{1}([0-6]{1}[0-9]{3}|[7]{1}([0-1]{1}[0-9]{2}|[2]{1}([0-8]{1}[0-9]{1}|[9]{1}[0-5]{1})))))))))|([1-5]\d{4}|[1-9]\d{0,3}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])(\.([1-5]\d{4}|[1-9]\d{0,3}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]|0))?)$" +) + + +class LocationModel(NDNestedModel): + """ + # Summary + + Geographic location coordinates for the fabric. + + ## Raises + + - `ValueError` - If latitude or longitude are outside valid ranges + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + latitude: float = Field( + description="Latitude coordinate (-90 to 90)", + ge=-90.0, + le=90.0 + ) + longitude: float = Field( + description="Longitude coordinate (-180 to 180)", + ge=-180.0, + le=180.0 + ) + + +class NetflowExporterModel(NDNestedModel): + """ + # Summary + + Netflow exporter configuration for telemetry. + + ## Raises + + - `ValueError` - If UDP port is outside valid range or IP address is invalid + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + exporter_name: str = Field(alias="exporterName", description="Name of the netflow exporter") + exporter_ip: str = Field(alias="exporterIp", description="IP address of the netflow collector") + vrf: str = Field(description="VRF name for the exporter", default="management") + source_interface_name: str = Field(alias="sourceInterfaceName", description="Source interface name") + udp_port: int = Field(alias="udpPort", description="UDP port for netflow export", ge=1, le=65535) + + +class NetflowRecordModel(NDNestedModel): + """ + # Summary + + Netflow record configuration defining flow record templates. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + record_name: str = Field(alias="recordName", description="Name of the netflow record") + record_template: str = Field(alias="recordTemplate", description="Template type for the record") + layer2_record: bool = Field(alias="layer2Record", description="Enable layer 2 record fields", default=False) + + +class NetflowMonitorModel(NDNestedModel): + """ + # Summary + + Netflow monitor configuration linking records to exporters. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + monitor_name: str = Field(alias="monitorName", description="Name of the netflow monitor") + record_name: str = Field(alias="recordName", description="Associated record name") + exporter1_name: str = Field(alias="exporter1Name", description="Primary exporter name") + exporter2_name: str = Field(alias="exporter2Name", description="Secondary exporter name", default="") + + +class NetflowSettingsModel(NDNestedModel): + """ + # Summary + + Complete netflow configuration including exporters, records, and monitors. + + ## Raises + + - `ValueError` - If netflow lists are inconsistent with netflow enabled state + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + netflow: bool = Field(description="Enable netflow collection", default=False) + netflow_exporter_collection: List[NetflowExporterModel] = Field( + alias="netflowExporterCollection", + description="List of netflow exporters", + default_factory=list + ) + netflow_record_collection: List[NetflowRecordModel] = Field( + alias="netflowRecordCollection", + description="List of netflow records", + default_factory=list + ) + netflow_monitor_collection: List[NetflowMonitorModel] = Field( + alias="netflowMonitorCollection", + description="List of netflow monitors", + default_factory=list + ) + + +class BootstrapSubnetModel(NDNestedModel): + """ + # Summary + + Bootstrap subnet configuration for fabric initialization. + + ## Raises + + - `ValueError` - If IP addresses or subnet prefix are invalid + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + start_ip: str = Field(alias="startIp", description="Starting IP address of the bootstrap range") + end_ip: str = Field(alias="endIp", description="Ending IP address of the bootstrap range") + default_gateway: str = Field(alias="defaultGateway", description="Default gateway for bootstrap subnet") + subnet_prefix: int = Field(alias="subnetPrefix", description="Subnet prefix length", ge=8, le=30) + + +class TelemetryFlowCollectionModel(NDNestedModel): + """ + # Summary + + Telemetry flow collection configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + traffic_analytics: str = Field(alias="trafficAnalytics", description="Traffic analytics state", default="enabled") + traffic_analytics_scope: str = Field( + alias="trafficAnalyticsScope", + description="Traffic analytics scope", + default="intraFabric" + ) + operating_mode: str = Field(alias="operatingMode", description="Operating mode", default="flowTelemetry") + udp_categorization: str = Field(alias="udpCategorization", description="UDP categorization", default="enabled") + + +class TelemetryMicroburstModel(NDNestedModel): + """ + # Summary + + Microburst detection configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + microburst: bool = Field(description="Enable microburst detection", default=False) + sensitivity: str = Field(description="Microburst sensitivity level", default="low") + + +class TelemetryAnalysisSettingsModel(NDNestedModel): + """ + # Summary + + Telemetry analysis configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + is_enabled: bool = Field(alias="isEnabled", description="Enable telemetry analysis", default=False) + + +class TelemetryEnergyManagementModel(NDNestedModel): + """ + # Summary + + Energy management telemetry configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + cost: float = Field(description="Energy cost per unit", default=1.2) + + +class TelemetryNasExportSettingsModel(NDNestedModel): + """ + # Summary + + NAS export settings for telemetry. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + export_type: str = Field(alias="exportType", description="Export type", default="full") + export_format: str = Field(alias="exportFormat", description="Export format", default="json") + + +class TelemetryNasModel(NDNestedModel): + """ + # Summary + + NAS (Network Attached Storage) telemetry configuration. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + server: str = Field(description="NAS server address", default="") + export_settings: TelemetryNasExportSettingsModel = Field( + alias="exportSettings", + description="NAS export settings", + default_factory=TelemetryNasExportSettingsModel + ) + + +class TelemetrySettingsModel(NDNestedModel): + """ + # Summary + + Complete telemetry configuration for the fabric. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + flow_collection: TelemetryFlowCollectionModel = Field( + alias="flowCollection", + description="Flow collection settings", + default_factory=TelemetryFlowCollectionModel + ) + microburst: TelemetryMicroburstModel = Field( + description="Microburst detection settings", + default_factory=TelemetryMicroburstModel + ) + analysis_settings: TelemetryAnalysisSettingsModel = Field( + alias="analysisSettings", + description="Analysis settings", + default_factory=TelemetryAnalysisSettingsModel + ) + nas: TelemetryNasModel = Field( + description="NAS telemetry configuration", + default_factory=TelemetryNasModel + ) + energy_management: TelemetryEnergyManagementModel = Field( + alias="energyManagement", + description="Energy management settings", + default_factory=TelemetryEnergyManagementModel + ) + + +class ExternalStreamingSettingsModel(NDNestedModel): + """ + # Summary + + External streaming configuration for events and data export. + + ## Raises + + None + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + email: List[Dict[str, Any]] = Field(description="Email streaming configuration", default_factory=list) + message_bus: List[Dict[str, Any]] = Field(alias="messageBus", description="Message bus configuration", default_factory=list) + syslog: Dict[str, Any] = Field( + description="Syslog streaming configuration", + default_factory=lambda: { + "collectionSettings": {"anomalies": []}, + "facility": "", + "servers": [] + } + ) + webhooks: List[Dict[str, Any]] = Field(description="Webhook configuration", default_factory=list) + + +class VxlanIbgpManagementModel(NDNestedModel): + """ + # Summary + + Comprehensive iBGP VXLAN fabric management configuration. + + This model contains all settings specific to iBGP VXLAN fabric types including + overlay configuration, underlay routing, multicast settings, and advanced features. + + ## Raises + + - `ValueError` - If BGP ASN, VLAN ranges, or IP ranges are invalid + - `TypeError` - If required string fields are not provided + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" + ) + + # Fabric Type (required for discriminated union) + type: Literal[FabricTypeEnum.VXLAN_IBGP] = Field(description="Fabric management type", default=FabricTypeEnum.VXLAN_IBGP) + + # Core iBGP Configuration + bgp_asn: str = Field(alias="bgpAsn", description="BGP Autonomous System Number 1-4294967295 | 1-65535[.0-65535]") + site_id: Optional[str] = Field(alias="siteId", description="Site identifier for the fabric", default="") + + # Name under management section is optional for backward compatibility, but if provided must be non-empty string + name: Optional[str] = Field(description="Fabric name", min_length=1, max_length=64, default="") + # border_count: Optional[int] = Field(alias="borderCount", description="Number of border switches", ge=0, le=32, default=0) + # breakout_spine_interfaces: Optional[bool] = Field(alias="breakoutSpineInterfaces", description="Enable breakout spine interfaces", default=False) + # designer_use_robot_password: Optional[bool] = Field(alias="designerUseRobotPassword", description="Use robot password for designer", default=False) + # leaf_count: Optional[int] = Field(alias="leafCount", description="Number of leaf switches", ge=1, le=128, default=1) + # spine_count: Optional[int] = Field(alias="spineCount", description="Number of spine switches", ge=1, le=32, default=1) + # vrf_lite_ipv6_subnet_range: Optional[str] = Field(alias="vrfLiteIpv6SubnetRange", description="VRF Lite IPv6 subnet range", default="fd00::a33:0/112") + # vrf_lite_ipv6_subnet_target_mask: Optional[int] = Field(alias="vrfLiteIpv6SubnetTargetMask", description="VRF Lite IPv6 subnet target mask", ge=112, le=128, default=126) + + + # Network Addressing + bgp_loopback_ip_range: str = Field( + alias="bgpLoopbackIpRange", + description="BGP loopback IP range", + default="10.2.0.0/22" + ) + nve_loopback_ip_range: str = Field( + alias="nveLoopbackIpRange", + description="NVE loopback IP range", + default="10.3.0.0/22" + ) + anycast_rendezvous_point_ip_range: str = Field( + alias="anycastRendezvousPointIpRange", + description="Anycast RP IP range", + default="10.254.254.0/24" + ) + intra_fabric_subnet_range: str = Field( + alias="intraFabricSubnetRange", + description="Intra-fabric subnet range", + default="10.4.0.0/16" + ) + + # VLAN and VNI Ranges + l2_vni_range: str = Field(alias="l2VniRange", description="Layer 2 VNI range", default="30000-49000") + l3_vni_range: str = Field(alias="l3VniRange", description="Layer 3 VNI range", default="50000-59000") + network_vlan_range: str = Field(alias="networkVlanRange", description="Network VLAN range", default="2300-2999") + vrf_vlan_range: str = Field(alias="vrfVlanRange", description="VRF VLAN range", default="2000-2299") + + # Overlay Configuration + overlay_mode: OverlayModeEnum = Field(alias="overlayMode", description="Overlay configuration mode", default=OverlayModeEnum.CLI) + replication_mode: ReplicationModeEnum = Field( + alias="replicationMode", + description="Multicast replication mode", + default=ReplicationModeEnum.MULTICAST + ) + multicast_group_subnet: str = Field( + alias="multicastGroupSubnet", + description="Multicast group subnet", + default="239.1.1.0/25" + ) + auto_generate_multicast_group_address: bool = Field( + alias="autoGenerateMulticastGroupAddress", + description="Auto-generate multicast group addresses", + default=False + ) + underlay_multicast_group_address_limit: int = Field( + alias="underlayMulticastGroupAddressLimit", + description="Underlay multicast group address limit", + ge=1, + le=255, + default=128 + ) + tenant_routed_multicast: bool = Field( + alias="tenantRoutedMulticast", + description="Enable tenant routed multicast", + default=False + ) + + # Underlay Configuration + link_state_routing_protocol: LinkStateRoutingProtocolEnum = Field( + alias="linkStateRoutingProtocol", + description="Underlay routing protocol", + default=LinkStateRoutingProtocolEnum.OSPF + ) + ospf_area_id: str = Field(alias="ospfAreaId", description="OSPF area ID", default="0.0.0.0") + fabric_interface_type: FabricInterfaceTypeEnum = Field(alias="fabricInterfaceType", description="Fabric interface type", default=FabricInterfaceTypeEnum.P2P) + + # Advanced Features + target_subnet_mask: int = Field(alias="targetSubnetMask", description="Target subnet mask", ge=24, le=31, default=30) + anycast_gateway_mac: str = Field( + alias="anycastGatewayMac", + description="Anycast gateway MAC address", + default="2020.0000.00aa" + ) + fabric_mtu: int = Field(alias="fabricMtu", description="Fabric MTU size", ge=1500, le=9216, default=9216) + l2_host_interface_mtu: int = Field( + alias="l2HostInterfaceMtu", + description="L2 host interface MTU", + ge=1500, + le=9216, + default=9216 + ) + + # VPC Configuration + vpc_domain_id_range: str = Field(alias="vpcDomainIdRange", description="vPC domain ID range", default="1-1000") + vpc_peer_link_vlan: str = Field(alias="vpcPeerLinkVlan", description="vPC peer link VLAN", default="3600") + vpc_peer_link_enable_native_vlan: bool = Field( + alias="vpcPeerLinkEnableNativeVlan", + description="Enable native VLAN on vPC peer link", + default=False + ) + vpc_peer_keep_alive_option: VpcPeerKeepAliveOptionEnum = Field( + alias="vpcPeerKeepAliveOption", + description="vPC peer keep-alive option", + default=VpcPeerKeepAliveOptionEnum.MANAGEMENT + ) + vpc_auto_recovery_timer: int = Field( + alias="vpcAutoRecoveryTimer", + description="vPC auto recovery timer", + ge=240, + le=3600, + default=360 + ) + vpc_delay_restore_timer: int = Field( + alias="vpcDelayRestoreTimer", + description="vPC delay restore timer", + ge=1, + le=3600, + default=150 + ) + + # Loopback Configuration + bgp_loopback_id: int = Field(alias="bgpLoopbackId", description="BGP loopback interface ID", ge=0, le=1023, default=0) + nve_loopback_id: int = Field(alias="nveLoopbackId", description="NVE loopback interface ID", ge=0, le=1023, default=1) + route_reflector_count: int = Field( + alias="routeReflectorCount", + description="Number of route reflectors", + ge=1, + le=4, + default=2 + ) + + # Templates + vrf_template: str = Field(alias="vrfTemplate", description="VRF template", default="Default_VRF_Universal") + network_template: str = Field(alias="networkTemplate", description="Network template", default="Default_Network_Universal") + vrf_extension_template: str = Field( + alias="vrfExtensionTemplate", + description="VRF extension template", + default="Default_VRF_Extension_Universal" + ) + network_extension_template: str = Field( + alias="networkExtensionTemplate", + description="Network extension template", + default="Default_Network_Extension_Universal" + ) + + # Optional Advanced Settings + performance_monitoring: bool = Field(alias="performanceMonitoring", description="Enable performance monitoring", default=False) + tenant_dhcp: bool = Field(alias="tenantDhcp", description="Enable tenant DHCP", default=True) + advertise_physical_ip: bool = Field(alias="advertisePhysicalIp", description="Advertise physical IP", default=False) + advertise_physical_ip_on_border: bool = Field( + alias="advertisePhysicalIpOnBorder", + description="Advertise physical IP on border", + default=True + ) + + # Protocol Settings + bgp_authentication: bool = Field(alias="bgpAuthentication", description="Enable BGP authentication", default=False) + bgp_authentication_key_type: str = Field( + alias="bgpAuthenticationKeyType", + description="BGP authentication key type", + default="3des" + ) + bfd: bool = Field(description="Enable BFD", default=False) + bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD for iBGP", default=False) + + # Management Settings + nxapi: bool = Field(description="Enable NX-API", default=False) + nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API HTTP", default=False) + nxapi_https_port: int = Field(alias="nxapiHttpsPort", description="NX-API HTTPS port", ge=1, le=65535, default=443) + nxapi_http_port: int = Field(alias="nxapiHttpPort", description="NX-API HTTP port", ge=1, le=65535, default=80) + + # Bootstrap Settings + day0_bootstrap: bool = Field(alias="day0Bootstrap", description="Enable day-0 bootstrap", default=False) + bootstrap_subnet_collection: List[BootstrapSubnetModel] = Field( + alias="bootstrapSubnetCollection", + description="Bootstrap subnet collection", + default_factory=list + ) + + # Netflow Settings + netflow_settings: NetflowSettingsModel = Field( + alias="netflowSettings", + description="Netflow configuration", + default_factory=NetflowSettingsModel + ) + + # Multicast Settings + rendezvous_point_count: int = Field( + alias="rendezvousPointCount", + description="Number of rendezvous points", + ge=1, + le=4, + default=2 + ) + rendezvous_point_loopback_id: int = Field( + alias="rendezvousPointLoopbackId", + description="RP loopback interface ID", + ge=0, + le=1023, + default=254 + ) + + # System Settings + snmp_trap: bool = Field(alias="snmpTrap", description="Enable SNMP traps", default=True) + cdp: bool = Field(description="Enable CDP", default=False) + real_time_interface_statistics_collection: bool = Field( + alias="realTimeInterfaceStatisticsCollection", + description="Enable real-time interface statistics", + default=False + ) + tcam_allocation: bool = Field(alias="tcamAllocation", description="Enable TCAM allocation", default=True) + + # VPC Extended Configuration + vpc_peer_link_port_channel_id: str = Field(alias="vpcPeerLinkPortChannelId", description="vPC peer link port-channel ID", default="500") + vpc_ipv6_neighbor_discovery_sync: bool = Field( + alias="vpcIpv6NeighborDiscoverySync", description="Enable vPC IPv6 ND sync", default=True + ) + vpc_layer3_peer_router: bool = Field(alias="vpcLayer3PeerRouter", description="Enable vPC layer-3 peer router", default=True) + vpc_tor_delay_restore_timer: int = Field(alias="vpcTorDelayRestoreTimer", description="vPC TOR delay restore timer", default=30) + fabric_vpc_domain_id: bool = Field(alias="fabricVpcDomainId", description="Enable fabric vPC domain ID", default=False) + shared_vpc_domain_id: int = Field(alias="sharedVpcDomainId", description="Shared vPC domain ID", default=1) + fabric_vpc_qos: bool = Field(alias="fabricVpcQos", description="Enable fabric vPC QoS", default=False) + fabric_vpc_qos_policy_name: str = Field( + alias="fabricVpcQosPolicyName", description="Fabric vPC QoS policy name", default="spine_qos_for_fabric_vpc_peering" + ) + enable_peer_switch: bool = Field(alias="enablePeerSwitch", description="Enable peer switch", default=False) + + # Bootstrap / Day-0 / DHCP + local_dhcp_server: bool = Field(alias="localDhcpServer", description="Enable local DHCP server", default=False) + dhcp_protocol_version: str = Field(alias="dhcpProtocolVersion", description="DHCP protocol version", default="dhcpv4") + dhcp_start_address: str = Field(alias="dhcpStartAddress", description="DHCP start address", default="") + dhcp_end_address: str = Field(alias="dhcpEndAddress", description="DHCP end address", default="") + management_gateway: str = Field(alias="managementGateway", description="Management gateway", default="") + management_ipv4_prefix: int = Field(alias="managementIpv4Prefix", description="Management IPv4 prefix length", default=24) + management_ipv6_prefix: int = Field(alias="managementIpv6Prefix", description="Management IPv6 prefix length", default=64) + extra_config_nxos_bootstrap: str = Field(alias="extraConfigNxosBootstrap", description="Extra NX-OS bootstrap config", default="") + un_numbered_bootstrap_loopback_id: int = Field( + alias="unNumberedBootstrapLoopbackId", description="Unnumbered bootstrap loopback ID", default=253 + ) + un_numbered_dhcp_start_address: str = Field(alias="unNumberedDhcpStartAddress", description="Unnumbered DHCP start address", default="") + un_numbered_dhcp_end_address: str = Field(alias="unNumberedDhcpEndAddress", description="Unnumbered DHCP end address", default="") + inband_management: bool = Field(alias="inbandManagement", description="Enable in-band management", default=False) + inband_dhcp_servers: List[str] = Field(alias="inbandDhcpServers", description="In-band DHCP servers", default_factory=list) + seed_switch_core_interfaces: List[str] = Field( + alias="seedSwitchCoreInterfaces", description="Seed switch core interfaces", default_factory=list + ) + spine_switch_core_interfaces: List[str] = Field( + alias="spineSwitchCoreInterfaces", description="Spine switch core interfaces", default_factory=list + ) + + # Backup / Restore + real_time_backup: bool = Field(alias="realTimeBackup", description="Enable real-time backup", default=False) + scheduled_backup: bool = Field(alias="scheduledBackup", description="Enable scheduled backup", default=False) + scheduled_backup_time: str = Field(alias="scheduledBackupTime", description="Scheduled backup time", default="") + + # IPv6 / Dual-Stack + underlay_ipv6: bool = Field(alias="underlayIpv6", description="Enable IPv6 underlay", default=False) + ipv6_multicast_group_subnet: str = Field( + alias="ipv6MulticastGroupSubnet", description="IPv6 multicast group subnet", default="ff1e::/121" + ) + tenant_routed_multicast_ipv6: bool = Field( + alias="tenantRoutedMulticastIpv6", description="Enable tenant routed multicast IPv6", default=False + ) + ipv6_link_local: bool = Field(alias="ipv6LinkLocal", description="Enable IPv6 link-local", default=True) + ipv6_subnet_target_mask: int = Field(alias="ipv6SubnetTargetMask", description="IPv6 subnet target mask", default=126) + ipv6_subnet_range: str = Field(alias="ipv6SubnetRange", description="IPv6 subnet range", default="fd00::a04:0/112") + bgp_loopback_ipv6_range: str = Field(alias="bgpLoopbackIpv6Range", description="BGP loopback IPv6 range", default="fd00::a02:0/119") + nve_loopback_ipv6_range: str = Field(alias="nveLoopbackIpv6Range", description="NVE loopback IPv6 range", default="fd00::a03:0/118") + ipv6_anycast_rendezvous_point_ip_range: str = Field( + alias="ipv6AnycastRendezvousPointIpRange", description="IPv6 anycast RP IP range", default="fd00::254:254:0/118" + ) + + # Multicast / Rendezvous Point Extended + mvpn_vrf_route_import_id: bool = Field(alias="mvpnVrfRouteImportId", description="Enable MVPN VRF route import ID", default=True) + mvpn_vrf_route_import_id_range: str = Field( + alias="mvpnVrfRouteImportIdRange", description="MVPN VRF route import ID range", default="" + ) + vrf_route_import_id_reallocation: bool = Field( + alias="vrfRouteImportIdReallocation", description="Enable VRF route import ID reallocation", default=False + ) + l3vni_multicast_group: str = Field(alias="l3vniMulticastGroup", description="L3 VNI multicast group", default="239.1.1.0") + l3_vni_ipv6_multicast_group: str = Field(alias="l3VniIpv6MulticastGroup", description="L3 VNI IPv6 multicast group", default="ff1e::") + rendezvous_point_mode: str = Field(alias="rendezvousPointMode", description="Rendezvous point mode", default="asm") + phantom_rendezvous_point_loopback_id1: int = Field( + alias="phantomRendezvousPointLoopbackId1", description="Phantom RP loopback ID 1", default=2 + ) + phantom_rendezvous_point_loopback_id2: int = Field( + alias="phantomRendezvousPointLoopbackId2", description="Phantom RP loopback ID 2", default=3 + ) + phantom_rendezvous_point_loopback_id3: int = Field( + alias="phantomRendezvousPointLoopbackId3", description="Phantom RP loopback ID 3", default=4 + ) + phantom_rendezvous_point_loopback_id4: int = Field( + alias="phantomRendezvousPointLoopbackId4", description="Phantom RP loopback ID 4", default=5 + ) + anycast_loopback_id: int = Field(alias="anycastLoopbackId", description="Anycast loopback ID", default=10) + + # VRF Lite / Sub-Interface + sub_interface_dot1q_range: str = Field(alias="subInterfaceDot1qRange", description="Sub-interface 802.1q range", default="2-511") + vrf_lite_auto_config: str = Field(alias="vrfLiteAutoConfig", description="VRF lite auto-config mode", default="manual") + vrf_lite_subnet_range: str = Field(alias="vrfLiteSubnetRange", description="VRF lite subnet range", default="10.33.0.0/16") + vrf_lite_subnet_target_mask: int = Field(alias="vrfLiteSubnetTargetMask", description="VRF lite subnet target mask", default=30) + auto_unique_vrf_lite_ip_prefix: bool = Field( + alias="autoUniqueVrfLiteIpPrefix", description="Auto unique VRF lite IP prefix", default=False + ) + auto_symmetric_vrf_lite: bool = Field(alias="autoSymmetricVrfLite", description="Auto symmetric VRF lite", default=False) + auto_vrf_lite_default_vrf: bool = Field(alias="autoVrfLiteDefaultVrf", description="Auto VRF lite default VRF", default=False) + auto_symmetric_default_vrf: bool = Field(alias="autoSymmetricDefaultVrf", description="Auto symmetric default VRF", default=False) + default_vrf_redistribution_bgp_route_map: str = Field( + alias="defaultVrfRedistributionBgpRouteMap", description="Default VRF redistribution BGP route map", default="extcon-rmap-filter" + ) + + # Per-VRF Loopback + per_vrf_loopback_auto_provision: bool = Field( + alias="perVrfLoopbackAutoProvision", description="Per-VRF loopback auto-provision", default=False + ) + per_vrf_loopback_ip_range: str = Field( + alias="perVrfLoopbackIpRange", description="Per-VRF loopback IP range", default="10.5.0.0/22" + ) + per_vrf_loopback_auto_provision_ipv6: bool = Field( + alias="perVrfLoopbackAutoProvisionIpv6", description="Per-VRF loopback auto-provision IPv6", default=False + ) + per_vrf_loopback_ipv6_range: str = Field( + alias="perVrfLoopbackIpv6Range", description="Per-VRF loopback IPv6 range", default="fd00::a05:0/112" + ) + per_vrf_unique_loopback_auto_provision: bool = Field( + alias="perVrfUniqueLoopbackAutoProvision", description="Per-VRF unique loopback auto-provision", default=False + ) + per_vrf_unique_loopback_ip_range: str = Field( + alias="perVrfUniqueLoopbackIpRange", description="Per-VRF unique loopback IP range", default="10.6.0.0/22" + ) + per_vrf_unique_loopback_auto_provision_v6: bool = Field( + alias="perVrfUniqueLoopbackAutoProvisionV6", description="Per-VRF unique loopback auto-provision IPv6", default=False + ) + per_vrf_unique_loopback_ipv6_range: str = Field( + alias="perVrfUniqueLoopbackIpv6Range", description="Per-VRF unique loopback IPv6 range", default="fd00::a06:0/112" + ) + + # Authentication — BGP Extended + bgp_authentication_key: str = Field(alias="bgpAuthenticationKey", description="BGP authentication key", default="") + + # Authentication — PIM + pim_hello_authentication: bool = Field(alias="pimHelloAuthentication", description="Enable PIM hello authentication", default=False) + pim_hello_authentication_key: str = Field(alias="pimHelloAuthenticationKey", description="PIM hello authentication key", default="") + + # Authentication — BFD + bfd_authentication: bool = Field(alias="bfdAuthentication", description="Enable BFD authentication", default=False) + bfd_authentication_key_id: int = Field(alias="bfdAuthenticationKeyId", description="BFD authentication key ID", default=100) + bfd_authentication_key: str = Field(alias="bfdAuthenticationKey", description="BFD authentication key", default="") + bfd_ospf: bool = Field(alias="bfdOspf", description="Enable BFD for OSPF", default=False) + bfd_isis: bool = Field(alias="bfdIsis", description="Enable BFD for IS-IS", default=False) + bfd_pim: bool = Field(alias="bfdPim", description="Enable BFD for PIM", default=False) + + # Authentication — OSPF + ospf_authentication: bool = Field(alias="ospfAuthentication", description="Enable OSPF authentication", default=False) + ospf_authentication_key_id: int = Field(alias="ospfAuthenticationKeyId", description="OSPF authentication key ID", default=127) + ospf_authentication_key: str = Field(alias="ospfAuthenticationKey", description="OSPF authentication key", default="") + + # IS-IS + isis_level: IsisLevelEnum = Field(alias="isisLevel", description="IS-IS level", default=IsisLevelEnum.LEVEL_2) + isis_area_number: str = Field(alias="isisAreaNumber", description="IS-IS area number", default="0001") + isis_point_to_point: bool = Field(alias="isisPointToPoint", description="IS-IS point-to-point", default=True) + isis_authentication: bool = Field(alias="isisAuthentication", description="Enable IS-IS authentication", default=False) + isis_authentication_keychain_name: str = Field( + alias="isisAuthenticationKeychainName", description="IS-IS authentication keychain name", default="" + ) + isis_authentication_keychain_key_id: int = Field( + alias="isisAuthenticationKeychainKeyId", description="IS-IS authentication keychain key ID", default=127 + ) + isis_authentication_key: str = Field(alias="isisAuthenticationKey", description="IS-IS authentication key", default="") + isis_overload: bool = Field(alias="isisOverload", description="Enable IS-IS overload bit", default=True) + isis_overload_elapse_time: int = Field(alias="isisOverloadElapseTime", description="IS-IS overload elapse time", default=60) + + # MACsec + macsec: bool = Field(description="Enable MACsec", default=False) + macsec_cipher_suite: str = Field(alias="macsecCipherSuite", description="MACsec cipher suite", default="GCM-AES-XPN-256") + macsec_key_string: str = Field(alias="macsecKeyString", description="MACsec key string", default="") + macsec_algorithm: str = Field(alias="macsecAlgorithm", description="MACsec algorithm", default="AES_128_CMAC") + macsec_fallback_key_string: str = Field(alias="macsecFallbackKeyString", description="MACsec fallback key string", default="") + macsec_fallback_algorithm: str = Field(alias="macsecFallbackAlgorithm", description="MACsec fallback algorithm", default="AES_128_CMAC") + macsec_report_timer: int = Field(alias="macsecReportTimer", description="MACsec report timer", default=5) + + # VRF Lite MACsec + vrf_lite_macsec: bool = Field(alias="vrfLiteMacsec", description="Enable VRF lite MACsec", default=False) + vrf_lite_macsec_cipher_suite: str = Field( + alias="vrfLiteMacsecCipherSuite", description="VRF lite MACsec cipher suite", default="GCM-AES-XPN-256" + ) + vrf_lite_macsec_key_string: str = Field(alias="vrfLiteMacsecKeyString", description="VRF lite MACsec key string", default="") + vrf_lite_macsec_algorithm: str = Field( + alias="vrfLiteMacsecAlgorithm", description="VRF lite MACsec algorithm", default="AES_128_CMAC" + ) + vrf_lite_macsec_fallback_key_string: str = Field( + alias="vrfLiteMacsecFallbackKeyString", description="VRF lite MACsec fallback key string", default="" + ) + vrf_lite_macsec_fallback_algorithm: str = Field( + alias="vrfLiteMacsecFallbackAlgorithm", description="VRF lite MACsec fallback algorithm", default="AES_128_CMAC" + ) + + # Quantum Key Distribution / Trustpoint + quantum_key_distribution: bool = Field(alias="quantumKeyDistribution", description="Enable quantum key distribution", default=False) + quantum_key_distribution_profile_name: str = Field( + alias="quantumKeyDistributionProfileName", description="Quantum key distribution profile name", default="" + ) + key_management_entity_server_ip: str = Field( + alias="keyManagementEntityServerIp", description="Key management entity server IP", default="" + ) + key_management_entity_server_port: int = Field( + alias="keyManagementEntityServerPort", description="Key management entity server port", default=0 + ) + trustpoint_label: str = Field(alias="trustpointLabel", description="Trustpoint label", default="") + skip_certificate_verification: bool = Field( + alias="skipCertificateVerification", description="Skip certificate verification", default=False + ) + + # BGP / Routing Enhancements + auto_bgp_neighbor_description: bool = Field( + alias="autoBgpNeighborDescription", description="Auto BGP neighbor description", default=True + ) + ibgp_peer_template: str = Field(alias="ibgpPeerTemplate", description="iBGP peer template", default="") + leaf_ibgp_peer_template: str = Field(alias="leafIbgpPeerTemplate", description="Leaf iBGP peer template", default="") + link_state_routing_tag: str = Field(alias="linkStateRoutingTag", description="Link state routing tag", default="UNDERLAY") + static_underlay_ip_allocation: bool = Field( + alias="staticUnderlayIpAllocation", description="Static underlay IP allocation", default=False + ) + router_id_range: str = Field(alias="routerIdRange", description="Router ID range", default="10.2.0.0/23") + + # Security Group Tags (SGT) + security_group_tag: bool = Field(alias="securityGroupTag", description="Enable security group tag", default=False) + security_group_tag_prefix: str = Field(alias="securityGroupTagPrefix", description="SGT prefix", default="SG_") + security_group_tag_mac_segmentation: bool = Field( + alias="securityGroupTagMacSegmentation", description="Enable SGT MAC segmentation", default=False + ) + security_group_tag_id_range: str = Field( + alias="securityGroupTagIdRange", description="SGT ID range", default="10000-14000" + ) + security_group_tag_preprovision: bool = Field( + alias="securityGroupTagPreprovision", description="Enable SGT preprovision", default=False + ) + security_group_status: SecurityGroupStatusEnum = Field(alias="securityGroupStatus", description="Security group status", default=SecurityGroupStatusEnum.DISABLED) + + # Queuing / QoS + default_queuing_policy: bool = Field(alias="defaultQueuingPolicy", description="Enable default queuing policy", default=False) + default_queuing_policy_cloudscale: str = Field( + alias="defaultQueuingPolicyCloudscale", description="Default queuing policy cloudscale", default="queuing_policy_default_8q_cloudscale" + ) + default_queuing_policy_r_series: str = Field( + alias="defaultQueuingPolicyRSeries", description="Default queuing policy R-Series", default="queuing_policy_default_r_series" + ) + default_queuing_policy_other: str = Field( + alias="defaultQueuingPolicyOther", description="Default queuing policy other", default="queuing_policy_default_other" + ) + aiml_qos: bool = Field(alias="aimlQos", description="Enable AI/ML QoS", default=False) + aiml_qos_policy: str = Field(alias="aimlQosPolicy", description="AI/ML QoS policy", default="400G") + roce_v2: str = Field(alias="roceV2", description="RoCEv2 DSCP value", default="26") + cnp: str = Field(description="CNP value", default="48") + wred_min: int = Field(alias="wredMin", description="WRED minimum threshold", default=950) + wred_max: int = Field(alias="wredMax", description="WRED maximum threshold", default=3000) + wred_drop_probability: int = Field(alias="wredDropProbability", description="WRED drop probability", default=7) + wred_weight: int = Field(alias="wredWeight", description="WRED weight", default=0) + bandwidth_remaining: int = Field(alias="bandwidthRemaining", description="Bandwidth remaining percentage", default=50) + dlb: bool = Field(description="Enable dynamic load balancing", default=False) + dlb_mode: str = Field(alias="dlbMode", description="DLB mode", default="flowlet") + dlb_mixed_mode_default: str = Field(alias="dlbMixedModeDefault", description="DLB mixed mode default", default="ecmp") + flowlet_aging: int = Field(alias="flowletAging", description="Flowlet aging interval", default=1) + flowlet_dscp: str = Field(alias="flowletDscp", description="Flowlet DSCP value", default="") + per_packet_dscp: str = Field(alias="perPacketDscp", description="Per-packet DSCP value", default="") + ai_load_sharing: bool = Field(alias="aiLoadSharing", description="Enable AI load sharing", default=False) + priority_flow_control_watch_interval: int = Field( + alias="priorityFlowControlWatchInterval", description="Priority flow control watch interval", default=101 + ) + + # PTP + ptp: bool = Field(description="Enable PTP", default=False) + ptp_loopback_id: int = Field(alias="ptpLoopbackId", description="PTP loopback ID", default=0) + ptp_domain_id: int = Field(alias="ptpDomainId", description="PTP domain ID", default=0) + ptp_vlan_id: int = Field(alias="ptpVlanId", description="PTP VLAN ID", default=2) + + # STP + stp_root_option: StpRootOptionEnum = Field(alias="stpRootOption", description="STP root option", default=StpRootOptionEnum.UNMANAGED) + stp_vlan_range: str = Field(alias="stpVlanRange", description="STP VLAN range", default="1-3967") + mst_instance_range: str = Field(alias="mstInstanceRange", description="MST instance range", default="0") + stp_bridge_priority: int = Field(alias="stpBridgePriority", description="STP bridge priority", default=0) + + # MPLS Handoff + mpls_handoff: bool = Field(alias="mplsHandoff", description="Enable MPLS handoff", default=False) + mpls_loopback_identifier: int = Field(alias="mplsLoopbackIdentifier", description="MPLS loopback identifier", default=101) + mpls_isis_area_number: str = Field(alias="mplsIsisAreaNumber", description="MPLS IS-IS area number", default="0001") + mpls_loopback_ip_range: str = Field(alias="mplsLoopbackIpRange", description="MPLS loopback IP range", default="10.101.0.0/25") + + # Private VLAN + private_vlan: bool = Field(alias="privateVlan", description="Enable private VLAN", default=False) + default_private_vlan_secondary_network_template: str = Field( + alias="defaultPrivateVlanSecondaryNetworkTemplate", + description="Default private VLAN secondary network template", + default="Pvlan_Secondary_Network" + ) + allow_vlan_on_leaf_tor_pairing: str = Field( + alias="allowVlanOnLeafTorPairing", description="Allow VLAN on leaf/TOR pairing", default="none" + ) + + # Leaf / TOR + leaf_tor_id_range: bool = Field(alias="leafTorIdRange", description="Enable leaf/TOR ID range", default=False) + leaf_tor_vpc_port_channel_id_range: str = Field( + alias="leafTorVpcPortChannelIdRange", description="Leaf/TOR vPC port-channel ID range", default="1-499" + ) + + # Resource ID Ranges + l3_vni_no_vlan_default_option: bool = Field( + alias="l3VniNoVlanDefaultOption", description="L3 VNI no-VLAN default option", default=False + ) + ip_service_level_agreement_id_range: str = Field( + alias="ipServiceLevelAgreementIdRange", description="IP SLA ID range", default="10000-19999" + ) + object_tracking_number_range: str = Field( + alias="objectTrackingNumberRange", description="Object tracking number range", default="100-299" + ) + service_network_vlan_range: str = Field( + alias="serviceNetworkVlanRange", description="Service network VLAN range", default="3000-3199" + ) + route_map_sequence_number_range: str = Field( + alias="routeMapSequenceNumberRange", description="Route map sequence number range", default="1-65534" + ) + + # DNS / NTP / Syslog Collections + ntp_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="ntpServerCollection") + ntp_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="ntpServerVrfCollection") + dns_collection: List[str] = Field(default_factory=lambda: ["5.192.28.174"], alias="dnsCollection") + dns_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="dnsVrfCollection") + syslog_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerCollection") + syslog_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerVrfCollection") + syslog_severity_collection: List[int] = Field(default_factory=lambda: [7], alias="syslogSeverityCollection", description="Syslog severity levels (0-7)") + + # Extra Config / Pre-Interface Config / AAA / Banner + banner: str = Field(description="Fabric banner text", default="") + extra_config_leaf: str = Field(alias="extraConfigLeaf", description="Extra leaf config", default="") + extra_config_spine: str = Field(alias="extraConfigSpine", description="Extra spine config", default="") + extra_config_tor: str = Field(alias="extraConfigTor", description="Extra TOR config", default="") + extra_config_intra_fabric_links: str = Field( + alias="extraConfigIntraFabricLinks", description="Extra intra-fabric links config", default="" + ) + extra_config_aaa: str = Field(alias="extraConfigAaa", description="Extra AAA config", default="") + aaa: bool = Field(description="Enable AAA", default=False) + pre_interface_config_leaf: str = Field(alias="preInterfaceConfigLeaf", description="Pre-interface leaf config", default="") + pre_interface_config_spine: str = Field(alias="preInterfaceConfigSpine", description="Pre-interface spine config", default="") + pre_interface_config_tor: str = Field(alias="preInterfaceConfigTor", description="Pre-interface TOR config", default="") + + # System / Compliance / OAM / Misc + anycast_border_gateway_advertise_physical_ip: bool = Field( + alias="anycastBorderGatewayAdvertisePhysicalIp", description="Anycast border gateway advertise physical IP", default=False + ) + greenfield_debug_flag: GreenfieldDebugFlagEnum = Field(alias="greenfieldDebugFlag", description="Greenfield debug flag", default=GreenfieldDebugFlagEnum.DISABLE) + interface_statistics_load_interval: int = Field( + alias="interfaceStatisticsLoadInterval", description="Interface statistics load interval", default=10 + ) + nve_hold_down_timer: int = Field(alias="nveHoldDownTimer", description="NVE hold-down timer", default=180) + next_generation_oam: bool = Field(alias="nextGenerationOAM", description="Enable next-generation OAM", default=True) + ngoam_south_bound_loop_detect: bool = Field( + alias="ngoamSouthBoundLoopDetect", description="Enable NGOAM south bound loop detect", default=False + ) + ngoam_south_bound_loop_detect_probe_interval: int = Field( + alias="ngoamSouthBoundLoopDetectProbeInterval", description="NGOAM south bound loop detect probe interval", default=300 + ) + ngoam_south_bound_loop_detect_recovery_interval: int = Field( + alias="ngoamSouthBoundLoopDetectRecoveryInterval", description="NGOAM south bound loop detect recovery interval", default=600 + ) + strict_config_compliance_mode: bool = Field( + alias="strictConfigComplianceMode", description="Enable strict config compliance mode", default=False + ) + advanced_ssh_option: bool = Field(alias="advancedSshOption", description="Enable advanced SSH option", default=False) + copp_policy: CoppPolicyEnum = Field(alias="coppPolicy", description="CoPP policy", default=CoppPolicyEnum.STRICT) + power_redundancy_mode: str = Field(alias="powerRedundancyMode", description="Power redundancy mode", default="redundant") + host_interface_admin_state: bool = Field( + alias="hostInterfaceAdminState", description="Host interface admin state", default=True + ) + heartbeat_interval: int = Field(alias="heartbeatInterval", description="Heartbeat interval", default=190) + policy_based_routing: bool = Field(alias="policyBasedRouting", description="Enable policy-based routing", default=False) + brownfield_network_name_format: str = Field( + alias="brownfieldNetworkNameFormat", description="Brownfield network name format", default="Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$" + ) + brownfield_skip_overlay_network_attachments: bool = Field( + alias="brownfieldSkipOverlayNetworkAttachments", description="Skip brownfield overlay network attachments", default=False + ) + allow_smart_switch_onboarding: bool = Field( + alias="allowSmartSwitchOnboarding", description="Allow smart switch onboarding", default=False + ) + + # Hypershield / Connectivity + connectivity_domain_name: Optional[str] = Field( + alias="connectivityDomainName", description="Domain name to connect to Hypershield", default=None + ) + hypershield_connectivity_proxy_server: Optional[str] = Field( + alias="hypershieldConnectivityProxyServer", + description="IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication", + default=None + ) + hypershield_connectivity_proxy_server_port: Optional[int] = Field( + alias="hypershieldConnectivityProxyServerPort", + description="Proxy port number for communication with Hypershield", + default=None + ) + hypershield_connectivity_source_intf: Optional[str] = Field( + alias="hypershieldConnectivitySourceIntf", + description="Loopback interface on smart switch for communication with Hypershield", + default=None + ) + + @field_validator("bgp_asn") + @classmethod + def validate_bgp_asn(cls, value: str) -> str: + """ + # Summary + + Validate BGP ASN format and range. + + ## Description + + Accepts either a plain integer ASN (1-4294967295) or dotted four-byte + ASN notation in the form ``MMMM.NNNN`` where both parts are in the + range 1-65535 / 0-65535 respectively. + + ## Raises + + - `ValueError` - If the value does not match the expected ASN format + """ + if not _BGP_ASN_RE.match(value): + raise ValueError( + f"Invalid BGP ASN '{value}'. " + "Expected a plain integer (1-4294967295) or dotted notation (1-65535.0-65535)." + ) + return value + + @field_validator("site_id") + @classmethod + def validate_site_id(cls, value: str) -> str: + """ + # Summary + + Validate site ID format. + + ## Raises + + - `ValueError` - If site ID is not numeric or outside valid range + """ + + # If value is empty string (default), skip validation (will be set to BGP ASN later if still empty) + if value == "": + return value + + if not value.isdigit(): + raise ValueError(f"Site ID must be numeric, got: {value}") + + site_id_int = int(value) + if not (1 <= site_id_int <= 281474976710655): + raise ValueError(f"Site ID must be between 1 and 281474976710655, got: {site_id_int}") + + return value + + @field_validator("anycast_gateway_mac") + @classmethod + def validate_mac_address(cls, value: str) -> str: + """ + # Summary + + Validate MAC address format. + + ## Raises + + - `ValueError` - If MAC address format is invalid + """ + mac_pattern = re.compile(r'^([0-9a-fA-F]{4}\.){2}[0-9a-fA-F]{4}$') + if not mac_pattern.match(value): + raise ValueError(f"Invalid MAC address format, expected xxxx.xxxx.xxxx, got: {value}") + + return value.lower() + + +class FabricIbgpModel(NDBaseModel): + """ + # Summary + + Complete model for creating a new iBGP VXLAN fabric. + + This model combines all necessary components for fabric creation including + basic fabric properties, management settings, telemetry, and streaming configuration. + + ## Raises + + - `ValueError` - If required fields are missing or invalid + - `TypeError` - If field types don't match expected types + """ + + model_config = ConfigDict( + str_strip_whitespace=True, + validate_assignment=True, + populate_by_name=True, + extra="allow" # Allow extra fields from API responses + ) + + identifiers: ClassVar[Optional[List[str]]] = ["name"] + identifier_strategy: ClassVar[Optional[Literal["single", "composite", "hierarchical", "singleton"]]] = "single" + + # Basic Fabric Properties + category: Literal["fabric"] = Field(description="Resource category", default="fabric") + name: str = Field(description="Fabric name", min_length=1, max_length=64) + location: Optional[LocationModel] = Field(description="Geographic location of the fabric", default=None) + + # License and Operations + license_tier: LicenseTierEnum = Field(alias="licenseTier", description="License tier", default=LicenseTierEnum.PREMIER) + alert_suspend: AlertSuspendEnum = Field(alias="alertSuspend", description="Alert suspension state", default=AlertSuspendEnum.DISABLED) + telemetry_collection: bool = Field(alias="telemetryCollection", description="Enable telemetry collection", default=False) + telemetry_collection_type: str = Field(alias="telemetryCollectionType", description="Telemetry collection type", default="outOfBand") + telemetry_streaming_protocol: str = Field(alias="telemetryStreamingProtocol", description="Telemetry streaming protocol", default="ipv4") + telemetry_source_interface: str = Field(alias="telemetrySourceInterface", description="Telemetry source interface", default="") + telemetry_source_vrf: str = Field(alias="telemetrySourceVrf", description="Telemetry source VRF", default="") + security_domain: str = Field(alias="securityDomain", description="Security domain", default="all") + + # Core Management Configuration + management: Optional[VxlanIbgpManagementModel] = Field(description="iBGP VXLAN management configuration", default=None) + + # Optional Advanced Settings + telemetry_settings: Optional[TelemetrySettingsModel] = Field( + alias="telemetrySettings", + description="Telemetry configuration", + default=None + ) + external_streaming_settings: ExternalStreamingSettingsModel = Field( + alias="externalStreamingSettings", + description="External streaming settings", + default_factory=ExternalStreamingSettingsModel + ) + + @field_validator("name") + @classmethod + def validate_fabric_name(cls, value: str) -> str: + """ + # Summary + + Validate fabric name format and characters. + + ## Raises + + - `ValueError` - If name contains invalid characters or format + """ + if not re.match(r'^[a-zA-Z0-9_-]+$', value): + raise ValueError(f"Fabric name can only contain letters, numbers, underscores, and hyphens, got: {value}") + + return value + + @model_validator(mode='after') + def validate_fabric_consistency(self) -> 'FabricModel': + """ + # Summary + + Validate consistency between fabric settings and management configuration. + + ## Raises + + - `ValueError` - If fabric settings are inconsistent + """ + # Ensure management type matches model type + if self.management is not None and self.management.type != FabricTypeEnum.VXLAN_IBGP: + raise ValueError(f"Management type must be {FabricTypeEnum.VXLAN_IBGP}") + + # Propagate fabric name to management model + if self.management is not None: + self.management.name = self.name + + # Propagate BGP ASN to Site ID management model if not set + if self.management is not None and self.management.site_id == "": + bgp_asn = self.management.bgp_asn + if "." in bgp_asn: + # asdot notation (High.Low) → convert to asplain decimal: (High × 65536) + Low + high, low = bgp_asn.split(".") + self.management.site_id = str(int(high) * 65536 + int(low)) + else: + # Already plain decimal + self.management.site_id = bgp_asn + + # Validate telemetry consistency + if self.telemetry_collection and self.telemetry_settings is None: + # Auto-create default telemetry settings if collection is enabled + self.telemetry_settings = TelemetrySettingsModel() + + return self + + # TODO: to generate from Fields (low priority) + @classmethod + def get_argument_spec(cls) -> Dict: + return dict( + state={ + "type": "str", + "default": "merged", + "choices": ["merged", "replaced", "deleted", "overridden", "query"], + }, + config={"required": False, "type": "list", "elements": "dict"}, + ) + + +# Export all models for external use +__all__ = [ + "LocationModel", + "NetflowExporterModel", + "NetflowRecordModel", + "NetflowMonitorModel", + "NetflowSettingsModel", + "BootstrapSubnetModel", + "TelemetryFlowCollectionModel", + "TelemetryMicroburstModel", + "TelemetryAnalysisSettingsModel", + "TelemetryEnergyManagementModel", + "TelemetrySettingsModel", + "ExternalStreamingSettingsModel", + "VxlanIbgpManagementModel", + "FabricModel", + "FabricDeleteModel", + "FabricTypeEnum", + "AlertSuspendEnum", + "LicenseTierEnum", + "ReplicationModeEnum", + "OverlayModeEnum", + "LinkStateRoutingProtocolEnum" +] \ No newline at end of file diff --git a/plugins/module_utils/orchestrators/manage_fabric_ebgp.py b/plugins/module_utils/orchestrators/manage_fabric_ebgp.py new file mode 100644 index 00000000..45df1acd --- /dev/null +++ b/plugins/module_utils/orchestrators/manage_fabric_ebgp.py @@ -0,0 +1,46 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from typing import Type +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.base import NDBaseOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ibgp import FabricIbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ebgp import FabricEbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.base import NDEndpointBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.types import ResponseType +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.manage_fabrics import ( + EpManageFabricsGet, + EpManageFabricsListGet, + EpManageFabricsPost, + EpManageFabricsPut, + EpManageFabricsDelete, +) + +class ManageEbgpFabricOrchestrator(NDBaseOrchestrator): + model_class: Type[NDBaseModel] = FabricEbgpModel + + create_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPost + update_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPut + delete_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsDelete + query_one_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsGet + query_all_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsListGet + + def query_all(self) -> ResponseType: + """ + Custom query_all action to extract 'fabrics' from response, + filtered to only vxlanEbgp fabric types. + """ + try: + api_endpoint = self.query_all_endpoint() + result = self.sender.query_obj(api_endpoint.path) + fabrics = result.get("fabrics", []) or [] + return [f for f in fabrics if f.get("management", {}).get("type") == "vxlanEbgp"] + except Exception as e: + raise Exception(f"Query all failed: {e}") from e diff --git a/plugins/module_utils/orchestrators/manage_fabric_external.py b/plugins/module_utils/orchestrators/manage_fabric_external.py new file mode 100644 index 00000000..d370315a --- /dev/null +++ b/plugins/module_utils/orchestrators/manage_fabric_external.py @@ -0,0 +1,46 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from typing import Type +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.base import NDBaseOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_external import FabricExternalConnectivityModel +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.base import NDEndpointBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.types import ResponseType +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.manage_fabrics import ( + EpManageFabricsGet, + EpManageFabricsListGet, + EpManageFabricsPost, + EpManageFabricsPut, + EpManageFabricsDelete, +) + + +class ManageExternalFabricOrchestrator(NDBaseOrchestrator): + model_class: Type[NDBaseModel] = FabricExternalConnectivityModel + + create_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPost + update_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPut + delete_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsDelete + query_one_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsGet + query_all_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsListGet + + def query_all(self) -> ResponseType: + """ + Custom query_all action to extract 'fabrics' from response, + filtered to only externalConnectivity fabric types. + """ + try: + api_endpoint = self.query_all_endpoint() + result = self.sender.query_obj(api_endpoint.path) + fabrics = result.get("fabrics", []) or [] + return [f for f in fabrics if f.get("management", {}).get("type") == "externalConnectivity"] + except Exception as e: + raise Exception(f"Query all failed: {e}") from e diff --git a/plugins/module_utils/orchestrators/manage_fabric_ibgp.py b/plugins/module_utils/orchestrators/manage_fabric_ibgp.py new file mode 100644 index 00000000..e2082b57 --- /dev/null +++ b/plugins/module_utils/orchestrators/manage_fabric_ibgp.py @@ -0,0 +1,47 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from typing import Type +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.base import NDBaseOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ibgp import FabricIbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ebgp import FabricEbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.base import NDEndpointBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.types import ResponseType +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.manage_fabrics import ( + EpManageFabricsGet, + EpManageFabricsListGet, + EpManageFabricsPost, + EpManageFabricsPut, + EpManageFabricsDelete, +) + + +class ManageIbgpFabricOrchestrator(NDBaseOrchestrator): + model_class: Type[NDBaseModel] = FabricIbgpModel + + create_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPost + update_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPut + delete_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsDelete + query_one_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsGet + query_all_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsListGet + + def query_all(self) -> ResponseType: + """ + Custom query_all action to extract 'fabrics' from response, + filtered to only vxlanIbgp fabric types. + """ + try: + api_endpoint = self.query_all_endpoint() + result = self.sender.query_obj(api_endpoint.path) + fabrics = result.get("fabrics", []) or [] + return [f for f in fabrics if f.get("management", {}).get("type") == "vxlanIbgp"] + except Exception as e: + raise Exception(f"Query all failed: {e}") from e diff --git a/plugins/modules/nd_manage_fabric_ebgp.py b/plugins/modules/nd_manage_fabric_ebgp.py new file mode 100644 index 00000000..04a4ab72 --- /dev/null +++ b/plugins/modules/nd_manage_fabric_ebgp.py @@ -0,0 +1,1179 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +ANSIBLE_METADATA = {"metadata_version": "1.1", "status": ["preview"], "supported_by": "community"} + +DOCUMENTATION = r""" +--- +module: nd_manage_fabric_ebgp +version_added: "1.4.0" +short_description: Manage eBGP VXLAN fabrics on Cisco Nexus Dashboard +description: +- Manage eBGP VXLAN fabrics on Cisco Nexus Dashboard (ND). +- It supports creating, updating, replacing, and deleting eBGP VXLAN fabrics. +author: +- Mike Wiebe (@mwiebe) +options: + config: + description: + - The list of eBGP VXLAN fabrics to configure. + type: list + elements: dict + suboptions: + name: + description: + - The name of the fabric. + - Only letters, numbers, underscores, and hyphens are allowed. + - The O(config.name) must be defined when creating, updating or deleting a fabric. + type: str + required: true + category: + description: + - The resource category. + type: str + default: fabric + location: + description: + - The geographic location of the fabric. + type: dict + suboptions: + latitude: + description: + - Latitude coordinate of the fabric location (-90 to 90). + type: float + required: true + longitude: + description: + - Longitude coordinate of the fabric location (-180 to 180). + type: float + required: true + license_tier: + description: + - The license tier for the fabric. + type: str + default: premier + choices: [ essentials, premier ] + alert_suspend: + description: + - The alert suspension state for the fabric. + type: str + default: disabled + choices: [ enabled, disabled ] + telemetry_collection: + description: + - Enable telemetry collection for the fabric. + type: bool + default: false + telemetry_collection_type: + description: + - The telemetry collection type. + type: str + default: outOfBand + telemetry_streaming_protocol: + description: + - The telemetry streaming protocol. + type: str + default: ipv4 + telemetry_source_interface: + description: + - The telemetry source interface. + type: str + default: "" + telemetry_source_vrf: + description: + - The telemetry source VRF. + type: str + default: "" + security_domain: + description: + - The security domain associated with the fabric. + type: str + default: all + management: + description: + - The eBGP VXLAN management configuration for the fabric. + type: dict + suboptions: + type: + description: + - The fabric management type. Must be C(vxlanEbgp) for eBGP VXLAN fabrics. + type: str + default: vxlanEbgp + choices: [ vxlanEbgp ] + bgp_asn: + description: + - The BGP Autonomous System Number for the fabric. + - Must be a numeric value between 1 and 4294967295, or dotted notation (1-65535.0-65535). + - Optional when O(config.management.bgp_asn_auto_allocation) is C(true). + type: str + bgp_asn_auto_allocation: + description: + - Enable automatic BGP ASN allocation from the O(config.management.bgp_asn_range) pool. + type: bool + default: true + bgp_asn_range: + description: + - The BGP ASN range to use for automatic ASN allocation (e.g. C(65000-65535)). + - Required when O(config.management.bgp_asn_auto_allocation) is C(true). + type: str + bgp_as_mode: + description: + - The BGP AS mode for the fabric. + - C(multiAS) assigns a unique AS number to each leaf tier. + - C(sameTierAS) assigns the same AS number within a tier. + type: str + default: multiAS + choices: [ multiAS, sameTierAS ] + bgp_allow_as_in_num: + description: + - The number of times BGP allows an AS-path containing the local AS number. + type: int + default: 1 + bgp_max_path: + description: + - The maximum number of BGP equal-cost paths. + type: int + default: 4 + bgp_underlay_failure_protect: + description: + - Enable BGP underlay failure protection. + type: bool + default: false + auto_configure_ebgp_evpn_peering: + description: + - Automatically configure eBGP EVPN peering between spine and leaf switches. + type: bool + default: true + allow_leaf_same_as: + description: + - Allow leaf switches to share the same BGP AS number. + type: bool + default: false + assign_ipv4_to_loopback0: + description: + - Assign an IPv4 address to the loopback0 interface. + type: bool + default: true + evpn: + description: + - Enable the EVPN control plane. + type: bool + default: true + route_map_tag: + description: + - The route map tag used for redistribution. + type: int + default: 12345 + disable_route_map_tag: + description: + - Disable route map tag usage. + type: bool + default: false + leaf_bgp_as: + description: + - The BGP AS number for leaf switches (used with C(sameTierAS) mode). + type: str + border_bgp_as: + description: + - The BGP AS number for border switches. + type: str + super_spine_bgp_as: + description: + - The BGP AS number for super-spine switches. + type: str + site_id: + description: + - The site identifier for the fabric. + - Defaults to the value of O(config.management.bgp_asn) if not provided. + type: str + default: "" + target_subnet_mask: + description: + - The target subnet mask for intra-fabric links (24-31). + type: int + default: 30 + anycast_gateway_mac: + description: + - The anycast gateway MAC address in xxxx.xxxx.xxxx format. + type: str + default: 2020.0000.00aa + replication_mode: + description: + - The multicast replication mode. + type: str + default: multicast + choices: [ multicast, ingress ] + multicast_group_subnet: + description: + - The multicast group subnet. + type: str + default: "239.1.1.0/25" + auto_generate_multicast_group_address: + description: + - Automatically generate multicast group addresses. + type: bool + default: false + underlay_multicast_group_address_limit: + description: + - The underlay multicast group address limit (1-255). + type: int + default: 128 + tenant_routed_multicast: + description: + - Enable tenant routed multicast. + type: bool + default: false + tenant_routed_multicast_ipv6: + description: + - Enable tenant routed multicast for IPv6. + type: bool + default: false + first_hop_redundancy_protocol: + description: + - The first-hop redundancy protocol for tenant networks. + type: str + default: hsrp + choices: [ hsrp, vrrp ] + rendezvous_point_count: + description: + - The number of rendezvous points (1-4). + type: int + default: 2 + rendezvous_point_loopback_id: + description: + - The rendezvous point loopback interface ID (0-1023). + type: int + default: 254 + overlay_mode: + description: + - The overlay configuration mode. + type: str + default: cli + choices: [ cli, config-profile ] + bgp_loopback_id: + description: + - The BGP loopback interface ID (0-1023). + type: int + default: 0 + nve_loopback_id: + description: + - The NVE loopback interface ID (0-1023). + type: int + default: 1 + anycast_loopback_id: + description: + - The anycast loopback interface ID. + type: int + default: 10 + bgp_loopback_ip_range: + description: + - The BGP loopback IP address pool. + type: str + default: "10.2.0.0/22" + bgp_loopback_ipv6_range: + description: + - The BGP loopback IPv6 address pool. + type: str + default: "fd00::a02:0/119" + nve_loopback_ip_range: + description: + - The NVE loopback IP address pool. + type: str + default: "10.3.0.0/22" + nve_loopback_ipv6_range: + description: + - The NVE loopback IPv6 address pool. + type: str + default: "fd00::a03:0/118" + anycast_rendezvous_point_ip_range: + description: + - The anycast rendezvous point IP address pool. + type: str + default: "10.254.254.0/24" + ipv6_anycast_rendezvous_point_ip_range: + description: + - The IPv6 anycast rendezvous point IP address pool. + type: str + default: "fd00::254:254:0/118" + intra_fabric_subnet_range: + description: + - The intra-fabric subnet IP address pool. + type: str + default: "10.4.0.0/16" + l2_vni_range: + description: + - The Layer 2 VNI range. + type: str + default: "30000-49000" + l3_vni_range: + description: + - The Layer 3 VNI range. + type: str + default: "50000-59000" + network_vlan_range: + description: + - The network VLAN range. + type: str + default: "2300-2999" + vrf_vlan_range: + description: + - The VRF VLAN range. + type: str + default: "2000-2299" + sub_interface_dot1q_range: + description: + - The sub-interface 802.1q range. + type: str + default: "2-511" + l3_vni_no_vlan_default_option: + description: + - Enable L3 VNI no-VLAN default option. + type: bool + default: false + fabric_mtu: + description: + - The fabric MTU size (1500-9216). + type: int + default: 9216 + l2_host_interface_mtu: + description: + - The L2 host interface MTU size (1500-9216). + type: int + default: 9216 + underlay_ipv6: + description: + - Enable IPv6 underlay. + type: bool + default: false + static_underlay_ip_allocation: + description: + - Disable dynamic underlay IP address allocation. + type: bool + default: false + vpc_domain_id_range: + description: + - The vPC domain ID range. + type: str + default: "1-1000" + vpc_peer_link_vlan: + description: + - The vPC peer link VLAN ID. + type: str + default: "3600" + vpc_peer_link_enable_native_vlan: + description: + - Enable native VLAN on the vPC peer link. + type: bool + default: false + vpc_peer_keep_alive_option: + description: + - The vPC peer keep-alive option. + type: str + default: management + choices: [ loopback, management ] + vpc_auto_recovery_timer: + description: + - The vPC auto recovery timer in seconds (240-3600). + type: int + default: 360 + vpc_delay_restore_timer: + description: + - The vPC delay restore timer in seconds (1-3600). + type: int + default: 150 + vpc_peer_link_port_channel_id: + description: + - The vPC peer link port-channel ID. + type: str + default: "500" + vpc_ipv6_neighbor_discovery_sync: + description: + - Enable vPC IPv6 neighbor discovery synchronization. + type: bool + default: true + vpc_layer3_peer_router: + description: + - Enable vPC layer-3 peer router. + type: bool + default: true + vpc_tor_delay_restore_timer: + description: + - The vPC TOR delay restore timer. + type: int + default: 30 + fabric_vpc_domain_id: + description: + - Enable fabric vPC domain ID. + type: bool + default: false + shared_vpc_domain_id: + description: + - The shared vPC domain ID. + type: int + default: 1 + fabric_vpc_qos: + description: + - Enable fabric vPC QoS. + type: bool + default: false + fabric_vpc_qos_policy_name: + description: + - The fabric vPC QoS policy name. + type: str + default: spine_qos_for_fabric_vpc_peering + enable_peer_switch: + description: + - Enable peer switch. + type: bool + default: false + per_vrf_loopback_auto_provision: + description: + - Enable per-VRF loopback auto-provisioning. + type: bool + default: false + per_vrf_loopback_ip_range: + description: + - The per-VRF loopback IP address pool. + type: str + default: "10.5.0.0/22" + per_vrf_loopback_auto_provision_ipv6: + description: + - Enable per-VRF loopback auto-provisioning for IPv6. + type: bool + default: false + per_vrf_loopback_ipv6_range: + description: + - The per-VRF loopback IPv6 address pool. + type: str + default: "fd00::a05:0/112" + vrf_template: + description: + - The VRF template name. + type: str + default: Default_VRF_Universal + network_template: + description: + - The network template name. + type: str + default: Default_Network_Universal + vrf_extension_template: + description: + - The VRF extension template name. + type: str + default: Default_VRF_Extension_Universal + network_extension_template: + description: + - The network extension template name. + type: str + default: Default_Network_Extension_Universal + performance_monitoring: + description: + - Enable performance monitoring. + type: bool + default: false + tenant_dhcp: + description: + - Enable tenant DHCP. + type: bool + default: true + advertise_physical_ip: + description: + - Advertise physical IP address for NVE loopback. + type: bool + default: false + advertise_physical_ip_on_border: + description: + - Advertise physical IP address on border switches. + type: bool + default: true + anycast_border_gateway_advertise_physical_ip: + description: + - Enable anycast border gateway to advertise physical IP. + type: bool + default: false + snmp_trap: + description: + - Enable SNMP traps. + type: bool + default: true + cdp: + description: + - Enable CDP. + type: bool + default: false + tcam_allocation: + description: + - Enable TCAM allocation. + type: bool + default: true + real_time_interface_statistics_collection: + description: + - Enable real-time interface statistics collection. + type: bool + default: false + interface_statistics_load_interval: + description: + - The interface statistics load interval in seconds. + type: int + default: 10 + greenfield_debug_flag: + description: + - The greenfield debug flag. + type: str + default: disable + choices: [ enable, disable ] + nxapi: + description: + - Enable NX-API (HTTPS). + type: bool + default: false + nxapi_https_port: + description: + - The NX-API HTTPS port (1-65535). + type: int + default: 443 + nxapi_http: + description: + - Enable NX-API HTTP. + type: bool + default: false + nxapi_http_port: + description: + - The NX-API HTTP port (1-65535). + type: int + default: 80 + bgp_authentication: + description: + - Enable BGP authentication. + type: bool + default: false + bgp_authentication_key_type: + description: + - The BGP authentication key type. + type: str + default: 3des + bgp_authentication_key: + description: + - The BGP authentication key. + type: str + default: "" + bfd: + description: + - Enable BFD globally. + type: bool + default: false + bfd_ibgp: + description: + - Enable BFD for iBGP sessions. + type: bool + default: false + bfd_authentication: + description: + - Enable BFD authentication. + type: bool + default: false + bfd_authentication_key_id: + description: + - The BFD authentication key ID. + type: int + default: 100 + bfd_authentication_key: + description: + - The BFD authentication key. + type: str + default: "" + pim_hello_authentication: + description: + - Enable PIM hello authentication. + type: bool + default: false + pim_hello_authentication_key: + description: + - The PIM hello authentication key. + type: str + default: "" + macsec: + description: + - Enable MACsec on intra-fabric links. + type: bool + default: false + macsec_cipher_suite: + description: + - The MACsec cipher suite. + type: str + default: GCM-AES-XPN-256 + macsec_key_string: + description: + - The MACsec primary key string. + type: str + default: "" + macsec_algorithm: + description: + - The MACsec algorithm. + type: str + default: AES_128_CMAC + macsec_fallback_key_string: + description: + - The MACsec fallback key string. + type: str + default: "" + macsec_fallback_algorithm: + description: + - The MACsec fallback algorithm. + type: str + default: AES_128_CMAC + macsec_report_timer: + description: + - The MACsec report timer in minutes. + type: int + default: 5 + vrf_lite_auto_config: + description: + - The VRF lite auto-configuration mode. + type: str + default: manual + vrf_lite_subnet_range: + description: + - The VRF lite subnet IP address pool. + type: str + default: "10.33.0.0/16" + vrf_lite_subnet_target_mask: + description: + - The VRF lite subnet target mask. + type: int + default: 30 + auto_unique_vrf_lite_ip_prefix: + description: + - Enable auto unique VRF lite IP prefix. + type: bool + default: false + default_queuing_policy: + description: + - Enable default queuing policy. + type: bool + default: false + aiml_qos: + description: + - Enable AI/ML QoS. + type: bool + default: false + aiml_qos_policy: + description: + - The AI/ML QoS policy. + type: str + default: 400G + dlb: + description: + - Enable dynamic load balancing. + type: bool + default: false + dlb_mode: + description: + - The DLB mode. + type: str + default: flowlet + ptp: + description: + - Enable Precision Time Protocol (PTP). + type: bool + default: false + ptp_loopback_id: + description: + - The PTP loopback ID. + type: int + default: 0 + ptp_domain_id: + description: + - The PTP domain ID. + type: int + default: 0 + private_vlan: + description: + - Enable private VLAN support. + type: bool + default: false + day0_bootstrap: + description: + - Enable day-0 bootstrap (POAP). + type: bool + default: false + local_dhcp_server: + description: + - Enable local DHCP server for bootstrap. + type: bool + default: false + dhcp_protocol_version: + description: + - The DHCP protocol version for bootstrap. + type: str + default: dhcpv4 + dhcp_start_address: + description: + - The DHCP start address for bootstrap. + type: str + default: "" + dhcp_end_address: + description: + - The DHCP end address for bootstrap. + type: str + default: "" + management_gateway: + description: + - The management gateway for bootstrap. + type: str + default: "" + management_ipv4_prefix: + description: + - The management IPv4 prefix length for bootstrap. + type: int + default: 24 + management_ipv6_prefix: + description: + - The management IPv6 prefix length for bootstrap. + type: int + default: 64 + real_time_backup: + description: + - Enable real-time backup. + type: bool + scheduled_backup: + description: + - Enable scheduled backup. + type: bool + scheduled_backup_time: + description: + - The scheduled backup time. + type: str + default: "" + nve_hold_down_timer: + description: + - The NVE hold-down timer in seconds. + type: int + default: 180 + next_generation_oam: + description: + - Enable next-generation OAM. + type: bool + default: true + strict_config_compliance_mode: + description: + - Enable strict configuration compliance mode. + type: bool + default: false + copp_policy: + description: + - The CoPP policy. + type: str + default: strict + power_redundancy_mode: + description: + - The power redundancy mode. + type: str + default: redundant + heartbeat_interval: + description: + - The heartbeat interval. + type: int + default: 190 + allow_smart_switch_onboarding: + description: + - Allow smart switch onboarding. + type: bool + default: false + aaa: + description: + - Enable AAA. + type: bool + default: false + extra_config_leaf: + description: + - Extra freeform configuration applied to leaf switches. + type: str + default: "" + extra_config_spine: + description: + - Extra freeform configuration applied to spine switches. + type: str + default: "" + extra_config_tor: + description: + - Extra freeform configuration applied to TOR switches. + type: str + default: "" + extra_config_intra_fabric_links: + description: + - Extra freeform configuration applied to intra-fabric links. + type: str + default: "" + extra_config_aaa: + description: + - Extra freeform AAA configuration. + type: str + default: "" + banner: + description: + - The fabric banner text displayed on switch login. + type: str + default: "" + ntp_server_collection: + description: + - The list of NTP server IP addresses. + type: list + elements: str + dns_collection: + description: + - The list of DNS server IP addresses. + type: list + elements: str + syslog_server_collection: + description: + - The list of syslog server IP addresses. + type: list + elements: str + syslog_server_vrf_collection: + description: + - The list of VRFs for syslog servers. + type: list + elements: str + syslog_severity_collection: + description: + - The list of syslog severity levels (0-7). + type: list + elements: int + state: + description: + - The desired state of the fabric resources on the Cisco Nexus Dashboard. + - Use O(state=merged) to create new fabrics and update existing ones as defined in the configuration. + Resources on ND that are not specified in the configuration will be left unchanged. + - Use O(state=replaced) to replace the fabric configuration specified in the configuration. + Any settings not explicitly provided will revert to their defaults. + - Use O(state=overridden) to enforce the configuration as the single source of truth. + Any fabric existing on ND but not present in the configuration will be deleted. Use with extra caution. + - Use O(state=deleted) to remove the fabrics specified in the configuration from the Cisco Nexus Dashboard. + type: str + default: merged + choices: [ merged, replaced, overridden, deleted ] +extends_documentation_fragment: +- cisco.nd.modules +- cisco.nd.check_mode +notes: +- This module is only supported on Nexus Dashboard having version 4.1.0 or higher. +- Only eBGP VXLAN fabric type (C(vxlanEbgp)) is supported by this module. +- When using O(state=replaced) with only required fields, all optional management settings revert to their defaults. +- The O(config.management.bgp_asn) field is optional when O(config.management.bgp_asn_auto_allocation) is C(true). +- The O(config.management.bgp_asn) field is required when O(config.management.bgp_asn_auto_allocation) is C(false). +- O(config.management.site_id) defaults to the value of O(config.management.bgp_asn) if not provided. +- The default O(config.management.vpc_peer_keep_alive_option) for eBGP fabrics is C(management), unlike iBGP fabrics. +""" + +EXAMPLES = r""" +- name: Create an eBGP VXLAN fabric using state merged (with auto ASN allocation) + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - name: my_ebgp_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65535" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: result + +- name: Create an eBGP VXLAN fabric with a static BGP ASN + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - name: my_ebgp_fabric_static + category: fabric + management: + type: vxlanEbgp + bgp_asn: "65001" + bgp_asn_auto_allocation: false + site_id: "65001" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + register: result + +- name: Update specific fields on an existing eBGP fabric using state merged (partial update) + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - name: my_ebgp_fabric + category: fabric + management: + bgp_asn_range: "65100-65199" + anycast_gateway_mac: "2020.0000.00bb" + performance_monitoring: true + register: result + +- name: Create or fully replace an eBGP VXLAN fabric using state replaced + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - name: my_ebgp_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65004" + bgp_asn_auto_allocation: false + site_id: "65004" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" + performance_monitoring: true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" + rendezvous_point_count: 3 + rendezvous_point_loopback_id: 253 + vpc_peer_link_vlan: "3700" + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 300 + vpc_delay_restore_timer: 120 + vpc_peer_link_port_channel_id: "600" + advertise_physical_ip: true + vpc_domain_id_range: "1-800" + fabric_mtu: 9000 + l2_host_interface_mtu: 9000 + tenant_dhcp: false + snmp_trap: false + anycast_border_gateway_advertise_physical_ip: true + greenfield_debug_flag: disable + tcam_allocation: false + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + bgp_loopback_ip_range: "10.22.0.0/22" + nve_loopback_ip_range: "10.23.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.252.0/24" + intra_fabric_subnet_range: "10.24.0.0/16" + l2_vni_range: "40000-59000" + l3_vni_range: "60000-69000" + network_vlan_range: "2400-3099" + vrf_vlan_range: "2100-2399" + banner: "^ Managed by Ansible ^" + register: result + +- name: Replace fabric with only required fields (all optional settings revert to defaults) + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - name: my_ebgp_fabric + category: fabric + management: + type: vxlanEbgp + bgp_asn: "65004" + bgp_asn_auto_allocation: false + site_id: "65004" + banner: "^ Managed by Ansible ^" + register: result + +- name: Enforce exact fabric inventory using state overridden (deletes unlisted fabrics) + cisco.nd.nd_manage_fabric_ebgp: + state: overridden + config: + - name: fabric_east + category: fabric + location: + latitude: 40.7128 + longitude: -74.0060 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65010" + bgp_asn_auto_allocation: false + site_id: "65010" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0010" + replication_mode: multicast + multicast_group_subnet: "239.1.10.0/25" + bgp_loopback_ip_range: "10.10.0.0/22" + nve_loopback_ip_range: "10.11.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.10.0/24" + intra_fabric_subnet_range: "10.12.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + - name: fabric_west + category: fabric + location: + latitude: 34.0522 + longitude: -118.2437 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65020" + bgp_asn_auto_allocation: false + site_id: "65020" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0020" + replication_mode: multicast + multicast_group_subnet: "239.1.20.0/25" + bgp_loopback_ip_range: "10.20.0.0/22" + nve_loopback_ip_range: "10.21.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.20.0/24" + intra_fabric_subnet_range: "10.22.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + register: result + +- name: Delete a specific eBGP fabric using state deleted + cisco.nd.nd_manage_fabric_ebgp: + state: deleted + config: + - name: my_ebgp_fabric + register: result + +- name: Delete multiple eBGP fabrics in a single task + cisco.nd.nd_manage_fabric_ebgp: + state: deleted + config: + - name: fabric_east + - name: fabric_west + - name: fabric_old + register: result +""" + +RETURN = r""" +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.cisco.nd.plugins.module_utils.nd import nd_argument_spec +from ansible_collections.cisco.nd.plugins.module_utils.nd_state_machine import NDStateMachine +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ebgp import FabricEbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.manage_fabric_ebgp import ManageEbgpFabricOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.common.exceptions import NDStateMachineError + + +def main(): + argument_spec = nd_argument_spec() + argument_spec.update(FabricEbgpModel.get_argument_spec()) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + ) + + try: + # Initialize StateMachine + nd_state_machine = NDStateMachine( + module=module, + model_orchestrator=ManageEbgpFabricOrchestrator, + ) + + # Manage state + nd_state_machine.manage_state() + + module.exit_json(**nd_state_machine.output.format()) + + except NDStateMachineError as e: + module.fail_json(msg=str(e)) + except Exception as e: + module.fail_json(msg=f"Module execution failed: {str(e)}") + +if __name__ == "__main__": + main() diff --git a/plugins/modules/nd_manage_fabric_external.py b/plugins/modules/nd_manage_fabric_external.py new file mode 100644 index 00000000..a2ab33df --- /dev/null +++ b/plugins/modules/nd_manage_fabric_external.py @@ -0,0 +1,524 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +ANSIBLE_METADATA = {"metadata_version": "1.1", "status": ["preview"], "supported_by": "community"} + +DOCUMENTATION = r""" +--- +module: nd_manage_fabric_external +version_added: "1.4.0" +short_description: Manage External Connectivity fabrics on Cisco Nexus Dashboard +description: +- Manage External Connectivity fabrics on Cisco Nexus Dashboard (ND). +- It supports creating, updating, replacing, and deleting External Connectivity fabrics. +author: +- Mike Wiebe (@mwiebe) +options: + config: + description: + - The list of External Connectivity fabrics to configure. + type: list + elements: dict + suboptions: + name: + description: + - The name of the fabric. + - Only letters, numbers, underscores, and hyphens are allowed. + - The O(config.name) must be defined when creating, updating or deleting a fabric. + type: str + required: true + category: + description: + - The resource category. + type: str + default: fabric + location: + description: + - The geographic location of the fabric. + type: dict + suboptions: + latitude: + description: + - Latitude coordinate of the fabric location (-90 to 90). + type: float + required: true + longitude: + description: + - Longitude coordinate of the fabric location (-180 to 180). + type: float + required: true + license_tier: + description: + - The license tier for the fabric. + type: str + default: premier + choices: [ essentials, premier ] + alert_suspend: + description: + - The alert suspension state for the fabric. + type: str + default: disabled + choices: [ enabled, disabled ] + telemetry_collection: + description: + - Enable telemetry collection for the fabric. + type: bool + default: false + telemetry_collection_type: + description: + - The telemetry collection type. + type: str + default: outOfBand + telemetry_streaming_protocol: + description: + - The telemetry streaming protocol. + type: str + default: ipv4 + telemetry_source_interface: + description: + - The telemetry source interface. + type: str + default: "" + telemetry_source_vrf: + description: + - The telemetry source VRF. + type: str + default: "" + security_domain: + description: + - The security domain associated with the fabric. + type: str + default: all + management: + description: + - The External Connectivity management configuration for the fabric. + type: dict + suboptions: + type: + description: + - The fabric management type. Must be C(externalConnectivity) for External Connectivity fabrics. + type: str + default: externalConnectivity + choices: [ externalConnectivity ] + bgp_asn: + description: + - The BGP Autonomous System Number for the fabric. + - Must be a numeric value between 1 and 4294967295 or dotted notation 1-65535.0-65535. + type: str + required: true + aaa: + description: + - Enable AAA. + type: bool + default: false + advanced_ssh_option: + description: + - Enable advanced SSH option. + type: bool + default: false + allow_same_loopback_ip_on_switches: + description: + - Allow same loopback IP on switches. + type: bool + default: false + allow_smart_switch_onboarding: + description: + - Allow smart switch onboarding. + type: bool + default: false + cdp: + description: + - Enable CDP. + type: bool + default: false + copp_policy: + description: + - The CoPP policy. + type: str + default: manual + choices: [ dense, lenient, moderate, strict, manual ] + create_bgp_config: + description: + - Create BGP configuration. + type: bool + default: true + day0_bootstrap: + description: + - Enable day-0 bootstrap (POAP). + type: bool + default: false + day0_plug_and_play: + description: + - Enable day-0 plug and play. + type: bool + default: false + dhcp_end_address: + description: + - The DHCP end address for bootstrap. + type: str + default: "" + dhcp_protocol_version: + description: + - The DHCP protocol version for bootstrap. + type: str + default: dhcpv4 + choices: [ dhcpv4, dhcpv6 ] + dhcp_start_address: + description: + - The DHCP start address for bootstrap. + type: str + default: "" + dns_collection: + description: + - The list of DNS server IP addresses. + type: list + elements: str + dns_vrf_collection: + description: + - The list of VRFs for DNS servers. + type: list + elements: str + domain_name: + description: + - The domain name. + type: str + default: "" + enable_dpu_pinning: + description: + - Enable DPU pinning. + type: bool + default: false + extra_config_aaa: + description: + - Extra freeform AAA configuration. + type: str + default: "" + extra_config_fabric: + description: + - Extra freeform fabric configuration. + type: str + default: "" + extra_config_nxos_bootstrap: + description: + - Extra NX-OS bootstrap configuration. + type: str + default: "" + extra_config_xe_bootstrap: + description: + - Extra XE bootstrap configuration. + type: str + default: "" + inband_day0_bootstrap: + description: + - Enable inband day-0 bootstrap. + type: bool + default: false + inband_management: + description: + - Enable in-band management. + type: bool + default: false + interface_statistics_load_interval: + description: + - The interface statistics load interval in seconds. + type: int + default: 10 + local_dhcp_server: + description: + - Enable local DHCP server for bootstrap. + type: bool + default: false + management_gateway: + description: + - The management gateway for bootstrap. + type: str + default: "" + management_ipv4_prefix: + description: + - The management IPv4 prefix length for bootstrap. + type: int + default: 24 + management_ipv6_prefix: + description: + - The management IPv6 prefix length for bootstrap. + type: int + default: 64 + monitored_mode: + description: + - Enable monitored mode. + type: bool + default: false + mpls_handoff: + description: + - Enable MPLS handoff. + type: bool + default: false + mpls_loopback_identifier: + description: + - The MPLS loopback identifier. + type: int + mpls_loopback_ip_range: + description: + - The MPLS loopback IP address pool. + type: str + default: "10.102.0.0/25" + nxapi: + description: + - Enable NX-API (HTTPS). + type: bool + default: false + nxapi_http: + description: + - Enable NX-API HTTP. + type: bool + default: false + nxapi_http_port: + description: + - The NX-API HTTP port (1-65535). + type: int + default: 80 + nxapi_https_port: + description: + - The NX-API HTTPS port (1-65535). + type: int + default: 443 + performance_monitoring: + description: + - Enable performance monitoring. + type: bool + default: false + power_redundancy_mode: + description: + - The power redundancy mode. + type: str + default: redundant + choices: [ redundant, combined, inputSrcRedundant ] + ptp: + description: + - Enable Precision Time Protocol (PTP). + type: bool + default: false + ptp_domain_id: + description: + - The PTP domain ID. + type: int + default: 0 + ptp_loopback_id: + description: + - The PTP loopback ID. + type: int + default: 0 + real_time_backup: + description: + - Enable real-time backup. + type: bool + real_time_interface_statistics_collection: + description: + - Enable real-time interface statistics collection. + type: bool + default: false + scheduled_backup: + description: + - Enable scheduled backup. + type: bool + scheduled_backup_time: + description: + - The scheduled backup time. + type: str + default: "" + snmp_trap: + description: + - Enable SNMP traps. + type: bool + default: true + sub_interface_dot1q_range: + description: + - The sub-interface 802.1q range. + type: str + default: "2-511" + state: + description: + - The desired state of the fabric resources on the Cisco Nexus Dashboard. + - Use O(state=merged) to create new fabrics and update existing ones as defined in the configuration. + Resources on ND that are not specified in the configuration will be left unchanged. + - Use O(state=replaced) to replace the fabric configuration specified in the configuration. + Any settings not explicitly provided will revert to their defaults. + - Use O(state=overridden) to enforce the configuration as the single source of truth. + Any fabric existing on ND but not present in the configuration will be deleted. Use with extra caution. + - Use O(state=deleted) to remove the fabrics specified in the configuration from the Cisco Nexus Dashboard. + type: str + default: merged + choices: [ merged, replaced, overridden, deleted ] +extends_documentation_fragment: +- cisco.nd.modules +- cisco.nd.check_mode +notes: +- This module is only supported on Nexus Dashboard having version 4.1.0 or higher. +- Only External Connectivity fabric type (C(externalConnectivity)) is supported by this module. +- When using O(state=replaced) with only required fields, all optional management settings revert to their defaults. +- The O(config.management.bgp_asn) field is required when creating a fabric. +""" + +EXAMPLES = r""" +- name: Create an External Connectivity fabric using state merged + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - name: my_ext_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65001" + copp_policy: manual + create_bgp_config: true + cdp: false + snmp_trap: true + nxapi: false + nxapi_http: false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + sub_interface_dot1q_range: "2-511" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: result + +- name: Update specific fields on an existing fabric using state merged (partial update) + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - name: my_ext_fabric + category: fabric + management: + bgp_asn: "65002" + performance_monitoring: true + snmp_trap: false + register: result + +- name: Create or fully replace an External Connectivity fabric using state replaced + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - name: my_ext_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65004" + copp_policy: strict + create_bgp_config: true + cdp: true + snmp_trap: false + nxapi: true + nxapi_http: true + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: true + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: combined + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: result + +- name: Replace fabric with only required fields (all optional settings revert to defaults) + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - name: my_ext_fabric + category: fabric + management: + type: externalConnectivity + bgp_asn: "65004" + register: result + +- name: Delete a specific fabric using state deleted + cisco.nd.nd_manage_fabric_external: + state: deleted + config: + - name: my_ext_fabric + register: result + +- name: Delete multiple fabrics in a single task + cisco.nd.nd_manage_fabric_external: + state: deleted + config: + - name: ext_fabric_east + - name: ext_fabric_west + register: result +""" + +RETURN = r""" +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.cisco.nd.plugins.module_utils.nd import nd_argument_spec +from ansible_collections.cisco.nd.plugins.module_utils.nd_state_machine import NDStateMachine +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_external import FabricExternalConnectivityModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.manage_fabric_external import ManageExternalFabricOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.common.exceptions import NDStateMachineError + + +def main(): + argument_spec = nd_argument_spec() + argument_spec.update(FabricExternalConnectivityModel.get_argument_spec()) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + ) + + try: + # Initialize StateMachine + nd_state_machine = NDStateMachine( + module=module, + model_orchestrator=ManageExternalFabricOrchestrator, + ) + + # Manage state + nd_state_machine.manage_state() + + module.exit_json(**nd_state_machine.output.format()) + + except NDStateMachineError as e: + module.fail_json(msg=str(e)) + except Exception as e: + module.fail_json(msg=f"Module execution failed: {str(e)}") + +if __name__ == "__main__": + main() diff --git a/plugins/modules/nd_manage_fabric_ibgp.py b/plugins/modules/nd_manage_fabric_ibgp.py new file mode 100644 index 00000000..9d857fc6 --- /dev/null +++ b/plugins/modules/nd_manage_fabric_ibgp.py @@ -0,0 +1,1393 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +ANSIBLE_METADATA = {"metadata_version": "1.1", "status": ["preview"], "supported_by": "community"} + +DOCUMENTATION = r""" +--- +module: nd_manage_fabric_ibgp +version_added: "1.4.0" +short_description: Manage iBGP VXLAN fabrics on Cisco Nexus Dashboard +description: +- Manage iBGP VXLAN fabrics on Cisco Nexus Dashboard (ND). +- It supports creating, updating, replacing, and deleting iBGP VXLAN fabrics. +author: +- Mike Wiebe (@mwiebe) +options: + config: + description: + - The list of iBGP VXLAN fabrics to configure. + type: list + elements: dict + suboptions: + name: + description: + - The name of the fabric. + - Only letters, numbers, underscores, and hyphens are allowed. + - The O(config.name) must be defined when creating, updating or deleting a fabric. + type: str + required: true + category: + description: + - The resource category. + type: str + default: fabric + location: + description: + - The geographic location of the fabric. + type: dict + suboptions: + latitude: + description: + - Latitude coordinate of the fabric location (-90 to 90). + type: float + required: true + longitude: + description: + - Longitude coordinate of the fabric location (-180 to 180). + type: float + required: true + license_tier: + description: + - The license tier for the fabric. + type: str + default: premier + choices: [ essentials, premier ] + alert_suspend: + description: + - The alert suspension state for the fabric. + type: str + default: disabled + choices: [ enabled, disabled ] + telemetry_collection: + description: + - Enable telemetry collection for the fabric. + type: bool + default: false + telemetry_collection_type: + description: + - The telemetry collection type. + type: str + default: outOfBand + telemetry_streaming_protocol: + description: + - The telemetry streaming protocol. + type: str + default: ipv4 + telemetry_source_interface: + description: + - The telemetry source interface. + type: str + default: "" + telemetry_source_vrf: + description: + - The telemetry source VRF. + type: str + default: "" + security_domain: + description: + - The security domain associated with the fabric. + type: str + default: all + management: + description: + - The iBGP VXLAN management configuration for the fabric. + type: dict + suboptions: + type: + description: + - The fabric management type. Must be C(vxlanIbgp) for iBGP VXLAN fabrics. + type: str + default: vxlanIbgp + choices: [ vxlanIbgp ] + bgp_asn: + description: + - The BGP Autonomous System Number for the fabric. + - Must be a numeric value between 1 and 4294967295. + type: str + required: true + site_id: + description: + - The site identifier for the fabric. + - Must be a numeric value between 1 and 65535. + - Defaults to the value of O(config.management.bgp_asn) if not provided. + type: str + default: "" + target_subnet_mask: + description: + - The target subnet mask for intra-fabric links. + type: int + default: 30 + anycast_gateway_mac: + description: + - The anycast gateway MAC address in xxxx.xxxx.xxxx format. + type: str + default: 2020.0000.00aa + replication_mode: + description: + - The multicast replication mode. + type: str + default: multicast + choices: [ multicast, ingress ] + multicast_group_subnet: + description: + - The multicast group subnet. + type: str + default: "239.1.1.0/25" + auto_generate_multicast_group_address: + description: + - Automatically generate multicast group addresses. + type: bool + default: false + underlay_multicast_group_address_limit: + description: + - The underlay multicast group address limit (1-255). + type: int + default: 128 + tenant_routed_multicast: + description: + - Enable tenant routed multicast. + type: bool + default: false + rendezvous_point_count: + description: + - The number of rendezvous points (1-4). + type: int + default: 2 + rendezvous_point_loopback_id: + description: + - The rendezvous point loopback interface ID (0-1023). + type: int + default: 254 + overlay_mode: + description: + - The overlay configuration mode. + type: str + default: cli + choices: [ cli, config-profile ] + link_state_routing_protocol: + description: + - The underlay link-state routing protocol. + type: str + default: ospf + choices: [ ospf, isis ] + ospf_area_id: + description: + - The OSPF area ID. + type: str + default: "0.0.0.0" + fabric_interface_type: + description: + - The fabric interface type. + type: str + default: p2p + bgp_loopback_id: + description: + - The BGP loopback interface ID (0-1023). + type: int + default: 0 + nve_loopback_id: + description: + - The NVE loopback interface ID (0-1023). + type: int + default: 1 + route_reflector_count: + description: + - The number of BGP route reflectors (1-4). + type: int + default: 2 + bgp_loopback_ip_range: + description: + - The BGP loopback IP address pool. + type: str + default: "10.2.0.0/22" + nve_loopback_ip_range: + description: + - The NVE loopback IP address pool. + type: str + default: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: + description: + - The anycast rendezvous point IP address pool. + type: str + default: "10.254.254.0/24" + intra_fabric_subnet_range: + description: + - The intra-fabric subnet IP address pool. + type: str + default: "10.4.0.0/16" + router_id_range: + description: + - The router ID IP address pool. + type: str + default: "10.2.0.0/23" + l2_vni_range: + description: + - The Layer 2 VNI range. + type: str + default: "30000-49000" + l3_vni_range: + description: + - The Layer 3 VNI range. + type: str + default: "50000-59000" + network_vlan_range: + description: + - The network VLAN range. + type: str + default: "2300-2999" + vrf_vlan_range: + description: + - The VRF VLAN range. + type: str + default: "2000-2299" + sub_interface_dot1q_range: + description: + - The sub-interface 802.1q range. + type: str + default: "2-511" + service_network_vlan_range: + description: + - The service network VLAN range. + type: str + default: "3000-3199" + l3_vni_no_vlan_default_option: + description: + - Enable L3 VNI no-VLAN default option. + type: bool + default: false + fabric_mtu: + description: + - The fabric MTU size (1500-9216). + type: int + default: 9216 + l2_host_interface_mtu: + description: + - The L2 host interface MTU size (1500-9216). + type: int + default: 9216 + vpc_domain_id_range: + description: + - The vPC domain ID range. + type: str + default: "1-1000" + vpc_peer_link_vlan: + description: + - The vPC peer link VLAN ID. + type: str + default: "3600" + vpc_peer_link_enable_native_vlan: + description: + - Enable native VLAN on the vPC peer link. + type: bool + default: false + vpc_peer_keep_alive_option: + description: + - The vPC peer keep-alive option. + type: str + default: loopback + vpc_auto_recovery_timer: + description: + - The vPC auto recovery timer in seconds (240-3600). + type: int + default: 360 + vpc_delay_restore_timer: + description: + - The vPC delay restore timer in seconds (1-3600). + type: int + default: 150 + vpc_peer_link_port_channel_id: + description: + - The vPC peer link port-channel ID. + type: str + default: "500" + vpc_ipv6_neighbor_discovery_sync: + description: + - Enable vPC IPv6 neighbor discovery synchronization. + type: bool + default: true + vpc_layer3_peer_router: + description: + - Enable vPC layer-3 peer router. + type: bool + default: true + vpc_tor_delay_restore_timer: + description: + - The vPC TOR delay restore timer. + type: int + default: 30 + fabric_vpc_domain_id: + description: + - Enable fabric vPC domain ID. + type: bool + default: false + shared_vpc_domain_id: + description: + - The shared vPC domain ID. + type: int + default: 1 + fabric_vpc_qos: + description: + - Enable fabric vPC QoS. + type: bool + default: false + fabric_vpc_qos_policy_name: + description: + - The fabric vPC QoS policy name. + type: str + default: spine_qos_for_fabric_vpc_peering + enable_peer_switch: + description: + - Enable peer switch. + type: bool + default: false + vrf_template: + description: + - The VRF template name. + type: str + default: Default_VRF_Universal + network_template: + description: + - The network template name. + type: str + default: Default_Network_Universal + vrf_extension_template: + description: + - The VRF extension template name. + type: str + default: Default_VRF_Extension_Universal + network_extension_template: + description: + - The network extension template name. + type: str + default: Default_Network_Extension_Universal + performance_monitoring: + description: + - Enable performance monitoring. + type: bool + default: false + tenant_dhcp: + description: + - Enable tenant DHCP. + type: bool + default: true + advertise_physical_ip: + description: + - Advertise physical IP address for NVE loopback. + type: bool + default: false + advertise_physical_ip_on_border: + description: + - Advertise physical IP address on border switches. + type: bool + default: true + anycast_border_gateway_advertise_physical_ip: + description: + - Enable anycast border gateway to advertise physical IP. + type: bool + default: false + snmp_trap: + description: + - Enable SNMP traps. + type: bool + default: true + cdp: + description: + - Enable CDP. + type: bool + default: false + tcam_allocation: + description: + - Enable TCAM allocation. + type: bool + default: true + real_time_interface_statistics_collection: + description: + - Enable real-time interface statistics collection. + type: bool + default: false + interface_statistics_load_interval: + description: + - The interface statistics load interval in seconds. + type: int + default: 10 + greenfield_debug_flag: + description: + - The greenfield debug flag. + type: str + default: enable + nxapi: + description: + - Enable NX-API (HTTPS). + type: bool + default: false + nxapi_https_port: + description: + - The NX-API HTTPS port (1-65535). + type: int + default: 443 + nxapi_http: + description: + - Enable NX-API HTTP. + type: bool + default: true + nxapi_http_port: + description: + - The NX-API HTTP port (1-65535). + type: int + default: 80 + bgp_authentication: + description: + - Enable BGP authentication. + type: bool + default: false + bgp_authentication_key_type: + description: + - The BGP authentication key type. + type: str + default: 3des + bgp_authentication_key: + description: + - The BGP authentication key. + type: str + default: "" + bfd: + description: + - Enable BFD globally. + type: bool + default: false + bfd_ibgp: + description: + - Enable BFD for iBGP sessions. + type: bool + default: false + bfd_ospf: + description: + - Enable BFD for OSPF. + type: bool + default: false + bfd_isis: + description: + - Enable BFD for IS-IS. + type: bool + default: false + bfd_pim: + description: + - Enable BFD for PIM. + type: bool + default: false + bfd_authentication: + description: + - Enable BFD authentication. + type: bool + default: false + bfd_authentication_key_id: + description: + - The BFD authentication key ID. + type: int + default: 100 + bfd_authentication_key: + description: + - The BFD authentication key. + type: str + default: "" + ospf_authentication: + description: + - Enable OSPF authentication. + type: bool + default: false + ospf_authentication_key_id: + description: + - The OSPF authentication key ID. + type: int + default: 127 + ospf_authentication_key: + description: + - The OSPF authentication key. + type: str + default: "" + pim_hello_authentication: + description: + - Enable PIM hello authentication. + type: bool + default: false + pim_hello_authentication_key: + description: + - The PIM hello authentication key. + type: str + default: "" + isis_level: + description: + - The IS-IS level. + type: str + default: level-2 + isis_area_number: + description: + - The IS-IS area number. + type: str + default: "0001" + isis_point_to_point: + description: + - Enable IS-IS point-to-point. + type: bool + default: true + isis_authentication: + description: + - Enable IS-IS authentication. + type: bool + default: false + isis_authentication_keychain_name: + description: + - The IS-IS authentication keychain name. + type: str + default: "" + isis_authentication_keychain_key_id: + description: + - The IS-IS authentication keychain key ID. + type: int + default: 127 + isis_authentication_key: + description: + - The IS-IS authentication key. + type: str + default: "" + isis_overload: + description: + - Enable IS-IS overload bit. + type: bool + default: true + isis_overload_elapse_time: + description: + - The IS-IS overload elapse time in seconds. + type: int + default: 60 + macsec: + description: + - Enable MACsec on intra-fabric links. + type: bool + default: false + macsec_cipher_suite: + description: + - The MACsec cipher suite. + type: str + default: GCM-AES-XPN-256 + macsec_key_string: + description: + - The MACsec primary key string. + type: str + default: "" + macsec_algorithm: + description: + - The MACsec algorithm. + type: str + default: AES_128_CMAC + macsec_fallback_key_string: + description: + - The MACsec fallback key string. + type: str + default: "" + macsec_fallback_algorithm: + description: + - The MACsec fallback algorithm. + type: str + default: AES_128_CMAC + macsec_report_timer: + description: + - The MACsec report timer. + type: int + default: 5 + vrf_lite_macsec: + description: + - Enable MACsec on VRF lite links. + type: bool + default: false + quantum_key_distribution: + description: + - Enable quantum key distribution. + type: bool + default: false + quantum_key_distribution_profile_name: + description: + - The quantum key distribution profile name. + type: str + default: "" + key_management_entity_server_ip: + description: + - The key management entity server IP address. + type: str + default: "" + key_management_entity_server_port: + description: + - The key management entity server port. + type: int + default: 0 + trustpoint_label: + description: + - The trustpoint label. + type: str + default: "" + vrf_lite_auto_config: + description: + - The VRF lite auto-configuration mode. + type: str + default: manual + vrf_lite_subnet_range: + description: + - The VRF lite subnet IP address pool. + type: str + default: "10.33.0.0/16" + vrf_lite_subnet_target_mask: + description: + - The VRF lite subnet target mask. + type: int + default: 30 + vrf_lite_ipv6_subnet_range: + description: + - The VRF lite IPv6 subnet range. + type: str + default: "fd00::a33:0/112" + vrf_lite_ipv6_subnet_target_mask: + description: + - The VRF lite IPv6 subnet target mask (112-128). + type: int + default: 126 + auto_unique_vrf_lite_ip_prefix: + description: + - Enable auto unique VRF lite IP prefix. + type: bool + default: false + auto_symmetric_vrf_lite: + description: + - Enable auto symmetric VRF lite. + type: bool + default: false + auto_vrf_lite_default_vrf: + description: + - Enable auto VRF lite for the default VRF. + type: bool + default: false + auto_symmetric_default_vrf: + description: + - Enable auto symmetric default VRF. + type: bool + default: false + per_vrf_loopback_auto_provision: + description: + - Enable per-VRF loopback auto-provisioning. + type: bool + default: false + per_vrf_loopback_ip_range: + description: + - The per-VRF loopback IP address pool. + type: str + default: "10.5.0.0/22" + per_vrf_loopback_auto_provision_ipv6: + description: + - Enable per-VRF loopback auto-provisioning for IPv6. + type: bool + default: false + per_vrf_loopback_ipv6_range: + description: + - The per-VRF loopback IPv6 address pool. + type: str + default: "fd00::a05:0/112" + underlay_ipv6: + description: + - Enable IPv6 underlay. + type: bool + default: false + ipv6_multicast_group_subnet: + description: + - The IPv6 multicast group subnet. + type: str + default: "ff1e::/121" + tenant_routed_multicast_ipv6: + description: + - Enable tenant routed multicast for IPv6. + type: bool + default: false + ipv6_link_local: + description: + - Enable IPv6 link-local addressing. + type: bool + default: true + ipv6_subnet_target_mask: + description: + - The IPv6 subnet target mask. + type: int + default: 126 + ipv6_subnet_range: + description: + - The IPv6 subnet range. + type: str + default: "fd00::a04:0/112" + bgp_loopback_ipv6_range: + description: + - The BGP loopback IPv6 address pool. + type: str + default: "fd00::a02:0/119" + nve_loopback_ipv6_range: + description: + - The NVE loopback IPv6 address pool. + type: str + default: "fd00::a03:0/118" + ipv6_anycast_rendezvous_point_ip_range: + description: + - The IPv6 anycast rendezvous point IP address pool. + type: str + default: "fd00::254:254:0/118" + auto_bgp_neighbor_description: + description: + - Enable automatic BGP neighbor description. + type: bool + default: true + ibgp_peer_template: + description: + - The iBGP peer template name. + type: str + default: "" + leaf_ibgp_peer_template: + description: + - The leaf iBGP peer template name. + type: str + default: "" + link_state_routing_tag: + description: + - The link state routing tag. + type: str + default: UNDERLAY + static_underlay_ip_allocation: + description: + - Enable static underlay IP allocation. + type: bool + default: false + security_group_tag: + description: + - Enable Security Group Tag (SGT) support. + type: bool + default: false + security_group_tag_prefix: + description: + - The SGT prefix. + type: str + default: SG_ + security_group_tag_mac_segmentation: + description: + - Enable SGT MAC segmentation. + type: bool + default: false + security_group_tag_id_range: + description: + - The SGT ID range. + type: str + default: "10000-14000" + security_group_tag_preprovision: + description: + - Enable SGT pre-provisioning. + type: bool + default: false + security_group_status: + description: + - The security group status. + type: str + default: enabled + default_queuing_policy: + description: + - Enable default queuing policy. + type: bool + default: false + aiml_qos: + description: + - Enable AI/ML QoS. + type: bool + default: false + aiml_qos_policy: + description: + - The AI/ML QoS policy. + type: str + default: 400G + dlb: + description: + - Enable dynamic load balancing. + type: bool + default: false + dlb_mode: + description: + - The DLB mode. + type: str + default: flowlet + ptp: + description: + - Enable Precision Time Protocol (PTP). + type: bool + default: false + ptp_loopback_id: + description: + - The PTP loopback ID. + type: int + default: 0 + ptp_domain_id: + description: + - The PTP domain ID. + type: int + default: 0 + stp_root_option: + description: + - The STP root option. + type: str + default: mst + stp_vlan_range: + description: + - The STP VLAN range. + type: str + default: "" + mst_instance_range: + description: + - The MST instance range. + type: str + default: "0-3,5,7-9" + stp_bridge_priority: + description: + - The STP bridge priority. + type: int + default: 0 + mpls_handoff: + description: + - Enable MPLS handoff. + type: bool + default: false + mpls_loopback_identifier: + description: + - The MPLS loopback identifier. + type: int + default: 101 + mpls_loopback_ip_range: + description: + - The MPLS loopback IP address pool. + type: str + default: "10.101.0.0/25" + private_vlan: + description: + - Enable private VLAN support. + type: bool + default: false + ip_service_level_agreement_id_range: + description: + - The IP SLA ID range. + type: str + default: "10000-19999" + object_tracking_number_range: + description: + - The object tracking number range. + type: str + default: "100-299" + route_map_sequence_number_range: + description: + - The route map sequence number range. + type: str + default: "1-65534" + day0_bootstrap: + description: + - Enable day-0 bootstrap (POAP). + type: bool + default: false + local_dhcp_server: + description: + - Enable local DHCP server for bootstrap. + type: bool + default: false + dhcp_protocol_version: + description: + - The DHCP protocol version for bootstrap. + type: str + default: dhcpv4 + dhcp_start_address: + description: + - The DHCP start address for bootstrap. + type: str + default: "" + dhcp_end_address: + description: + - The DHCP end address for bootstrap. + type: str + default: "" + management_gateway: + description: + - The management gateway for bootstrap. + type: str + default: "" + management_ipv4_prefix: + description: + - The management IPv4 prefix length for bootstrap. + type: int + default: 24 + management_ipv6_prefix: + description: + - The management IPv6 prefix length for bootstrap. + type: int + default: 64 + real_time_backup: + description: + - Enable real-time backup. + type: bool + default: false + scheduled_backup: + description: + - Enable scheduled backup. + type: bool + default: false + scheduled_backup_time: + description: + - The scheduled backup time. + type: str + default: "" + nve_hold_down_timer: + description: + - The NVE hold-down timer in seconds. + type: int + default: 180 + next_generation_oam: + description: + - Enable next-generation OAM. + type: bool + default: true + strict_config_compliance_mode: + description: + - Enable strict configuration compliance mode. + type: bool + default: false + copp_policy: + description: + - The CoPP policy. + type: str + default: dense + power_redundancy_mode: + description: + - The power redundancy mode. + type: str + default: redundant + host_interface_admin_state: + description: + - Enable host interface admin state. + type: bool + default: true + heartbeat_interval: + description: + - The heartbeat interval. + type: int + default: 190 + policy_based_routing: + description: + - Enable policy-based routing. + type: bool + default: false + brownfield_network_name_format: + description: + - The brownfield network name format. + type: str + default: "Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$" + brownfield_skip_overlay_network_attachments: + description: + - Skip brownfield overlay network attachments. + type: bool + default: false + allow_smart_switch_onboarding: + description: + - Allow smart switch onboarding. + type: bool + default: false + aaa: + description: + - Enable AAA. + type: bool + default: false + extra_config_leaf: + description: + - Extra freeform configuration applied to leaf switches. + type: str + default: "" + extra_config_spine: + description: + - Extra freeform configuration applied to spine switches. + type: str + default: "" + extra_config_tor: + description: + - Extra freeform configuration applied to TOR switches. + type: str + default: "" + extra_config_intra_fabric_links: + description: + - Extra freeform configuration applied to intra-fabric links. + type: str + default: "" + extra_config_aaa: + description: + - Extra freeform AAA configuration. + type: str + default: "" + banner: + description: + - The fabric banner text displayed on switch login. + type: str + default: "" + ntp_server_collection: + description: + - The list of NTP server IP addresses. + type: list + elements: str + dns_collection: + description: + - The list of DNS server IP addresses. + type: list + elements: str + syslog_server_collection: + description: + - The list of syslog server IP addresses. + type: list + elements: str + syslog_server_vrf_collection: + description: + - The list of VRFs for syslog servers. + type: list + elements: str + syslog_severity_collection: + description: + - The list of syslog severity levels (0-7). + type: list + elements: int + state: + description: + - The desired state of the fabric resources on the Cisco Nexus Dashboard. + - Use O(state=merged) to create new fabrics and update existing ones as defined in the configuration. + Resources on ND that are not specified in the configuration will be left unchanged. + - Use O(state=replaced) to replace the fabric configuration specified in the configuration. + Any settings not explicitly provided will revert to their defaults. + - Use O(state=overridden) to enforce the configuration as the single source of truth. + Any fabric existing on ND but not present in the configuration will be deleted. Use with extra caution. + - Use O(state=deleted) to remove the fabrics specified in the configuration from the Cisco Nexus Dashboard. + type: str + default: merged + choices: [ merged, replaced, overridden, deleted ] +extends_documentation_fragment: +- cisco.nd.modules +- cisco.nd.check_mode +notes: +- This module is only supported on Nexus Dashboard having version 4.1.0 or higher. +- Only iBGP VXLAN fabric type (C(vxlanIbgp)) is supported by this module. +- When using O(state=replaced) with only required fields, all optional management settings revert to their defaults. +- The O(config.management.bgp_asn) field is required when creating a fabric. +- O(config.management.site_id) defaults to the value of O(config.management.bgp_asn) if not provided. +""" + +EXAMPLES = r""" +- name: Create an iBGP VXLAN fabric using state merged + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - name: my_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65001" + site_id: "65001" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: result + +- name: Update specific fields on an existing fabric using state merged (partial update) + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - name: my_fabric + category: fabric + management: + bgp_asn: "65002" + site_id: "65002" + anycast_gateway_mac: "2020.0000.00bb" + performance_monitoring: true + register: result + +- name: Create or fully replace an iBGP VXLAN fabric using state replaced + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - name: my_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65004" + site_id: "65004" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" + performance_monitoring: true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 3 + rendezvous_point_loopback_id: 253 + vpc_peer_link_vlan: "3700" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 300 + vpc_delay_restore_timer: 120 + vpc_peer_link_port_channel_id: "600" + vpc_ipv6_neighbor_discovery_sync: false + advertise_physical_ip: true + vpc_domain_id_range: "1-800" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 + l2_host_interface_mtu: 9000 + tenant_dhcp: false + nxapi: false + nxapi_https_port: 443 + nxapi_http: true + nxapi_http_port: 80 + snmp_trap: false + anycast_border_gateway_advertise_physical_ip: true + greenfield_debug_flag: disable + tcam_allocation: false + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + bgp_loopback_ip_range: "10.22.0.0/22" + nve_loopback_ip_range: "10.23.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.252.0/24" + intra_fabric_subnet_range: "10.24.0.0/16" + l2_vni_range: "40000-59000" + l3_vni_range: "60000-69000" + network_vlan_range: "2400-3099" + vrf_vlan_range: "2100-2399" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" + banner: "^ Managed by Ansible ^" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: result + +- name: Replace fabric with only required fields (all optional settings revert to defaults) + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - name: my_fabric + category: fabric + management: + type: vxlanIbgp + bgp_asn: "65004" + site_id: "65004" + banner: "^ Managed by Ansible ^" + register: result + +- name: Enforce exact fabric inventory using state overridden (deletes unlisted fabrics) + cisco.nd.nd_manage_fabric_ibgp: + state: overridden + config: + - name: fabric_east + category: fabric + location: + latitude: 40.7128 + longitude: -74.0060 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65010" + site_id: "65010" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0010" + replication_mode: multicast + multicast_group_subnet: "239.1.10.0/25" + bgp_loopback_ip_range: "10.10.0.0/22" + nve_loopback_ip_range: "10.11.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.10.0/24" + intra_fabric_subnet_range: "10.12.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + - name: fabric_west + category: fabric + location: + latitude: 34.0522 + longitude: -118.2437 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65020" + site_id: "65020" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0020" + replication_mode: multicast + multicast_group_subnet: "239.1.20.0/25" + bgp_loopback_ip_range: "10.20.0.0/22" + nve_loopback_ip_range: "10.21.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.20.0/24" + intra_fabric_subnet_range: "10.22.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + register: result + +- name: Delete a specific fabric using state deleted + cisco.nd.nd_manage_fabric_ibgp: + state: deleted + config: + - name: my_fabric + register: result + +- name: Delete multiple fabrics in a single task + cisco.nd.nd_manage_fabric_ibgp: + state: deleted + config: + - name: fabric_east + - name: fabric_west + - name: fabric_old + register: result +""" + +RETURN = r""" +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.cisco.nd.plugins.module_utils.nd import nd_argument_spec +from ansible_collections.cisco.nd.plugins.module_utils.nd_state_machine import NDStateMachine +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ibgp import FabricIbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.manage_fabric_ibgp import ManageIbgpFabricOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.common.exceptions import NDStateMachineError + + +def main(): + argument_spec = nd_argument_spec() + argument_spec.update(FabricIbgpModel.get_argument_spec()) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + ) + + try: + # Initialize StateMachine + nd_state_machine = NDStateMachine( + module=module, + model_orchestrator=ManageIbgpFabricOrchestrator, + ) + + # Manage state + nd_state_machine.manage_state() + + module.exit_json(**nd_state_machine.output.format()) + + except NDStateMachineError as e: + module.fail_json(msg=str(e)) + except Exception as e: + module.fail_json(msg=f"Module execution failed: {str(e)}") + +if __name__ == "__main__": + main() diff --git a/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml new file mode 100644 index 00000000..f8cf517e --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml @@ -0,0 +1,1209 @@ +--- +# Test code for the ND modules +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Test that we have a Nexus Dashboard host, username and password + ansible.builtin.fail: + msg: 'Please define the following variables: ansible_host, ansible_user and ansible_password.' + when: ansible_host is not defined or ansible_user is not defined or ansible_password is not defined + +############################################################################# +# CLEANUP - Ensure clean state before tests +############################################################################# +- name: Clean up any existing test fabrics before starting tests + cisco.nd.nd_manage_fabric_ebgp: + state: deleted + config: + - name: "{{ ebgp_test_fabric_merged }}" + - name: "{{ ebgp_test_fabric_replaced }}" + - name: "{{ ebgp_test_fabric_deleted }}" + tags: always + +############################################################################# +# TEST 1: STATE MERGED - Create fabric using merged state +############################################################################# +- name: "TEST 1a: Create eBGP fabric using state merged (first run)" + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - "{{ {'name': ebgp_test_fabric_merged} | combine(common_ebgp_fabric_config) }}" + register: ebgp_merged_result_1 + tags: [test_merged, test_merged_create] + +- name: "TEST 1a: Verify eBGP fabric was created using merged state" + assert: + that: + - ebgp_merged_result_1 is changed + - ebgp_merged_result_1 is not failed + fail_msg: "eBGP fabric creation with state merged failed" + success_msg: "eBGP fabric successfully created with state merged" + tags: [test_merged, test_merged_create] + +- name: "TEST 1b: Create eBGP fabric using state merged (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - "{{ {'name': ebgp_test_fabric_merged} | combine(common_ebgp_fabric_config) }}" + register: ebgp_merged_result_2 + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1b: Verify merged state is idempotent" + assert: + that: + - ebgp_merged_result_2 is not changed + - ebgp_merged_result_2 is not failed + fail_msg: "Merged state is not idempotent - should not change when run twice with same config" + success_msg: "Merged state is idempotent - no changes on second run" + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1c: Update eBGP fabric using state merged (modify existing)" + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - name: "{{ ebgp_test_fabric_merged }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65002" # Changed from 65001 + bgp_asn_auto_allocation: false + site_id: "65002" # Changed from 65001 + bgp_as_mode: multiAS + bgp_allow_as_in_num: 1 + bgp_max_path: 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00bb" # Changed from 00aa + performance_monitoring: true # Changed from false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: ebgp_merged_result_3 + tags: [test_merged, test_merged_update] + +- name: "TEST 1c: Verify eBGP fabric was updated using merged state" + assert: + that: + - ebgp_merged_result_3 is changed + - ebgp_merged_result_3 is not failed + fail_msg: "eBGP fabric update with state merged failed" + success_msg: "eBGP fabric successfully updated with state merged" + tags: [test_merged, test_merged_update] + +############################################################################# +# VALIDATION: Query ebgp_test_fabric_merged and validate expected changes +############################################################################# +- name: "VALIDATION 1: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Query ebgp_test_fabric_merged configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ ebgp_test_fabric_merged }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: ebgp_merged_fabric_query + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Parse eBGP fabric configuration response" + set_fact: + ebgp_merged_fabric_config: "{{ ebgp_merged_fabric_query.json }}" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify BGP ASN was updated to 65002" + assert: + that: + - ebgp_merged_fabric_config.management.bgpAsn == "65002" + fail_msg: "BGP ASN validation failed. Expected: 65002, Actual: {{ ebgp_merged_fabric_config.management.bgpAsn }}" + success_msg: "✓ BGP ASN correctly updated to 65002" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Site ID was updated to 65002" + assert: + that: + - ebgp_merged_fabric_config.management.siteId == "65002" + fail_msg: "Site ID validation failed. Expected: 65002, Actual: {{ ebgp_merged_fabric_config.management.siteId }}" + success_msg: "✓ Site ID correctly updated to 65002" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Anycast Gateway MAC was updated to 2020.0000.00bb" + assert: + that: + - ebgp_merged_fabric_config.management.anycastGatewayMac == "2020.0000.00bb" + fail_msg: "Anycast Gateway MAC validation failed. Expected: 2020.0000.00bb, Actual: {{ ebgp_merged_fabric_config.management.anycastGatewayMac }}" + success_msg: "✓ Anycast Gateway MAC correctly updated to 2020.0000.00bb" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Performance Monitoring was enabled" + assert: + that: + - ebgp_merged_fabric_config.management.performanceMonitoring == true + fail_msg: "Performance Monitoring validation failed. Expected: true, Actual: {{ ebgp_merged_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly enabled" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify BGP AS Mode is multiAS" + assert: + that: + - ebgp_merged_fabric_config.management.bgpAsMode == "multiAS" + fail_msg: "BGP AS Mode validation failed. Expected: multiAS, Actual: {{ ebgp_merged_fabric_config.management.bgpAsMode }}" + success_msg: "✓ BGP AS Mode correctly set to multiAS" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Display successful validation summary for ebgp_test_fabric_merged" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for ebgp_test_fabric_merged: + ======================================== + ✓ BGP ASN: {{ ebgp_merged_fabric_config.management.bgpAsn }} + ✓ Site ID: {{ ebgp_merged_fabric_config.management.siteId }} + ✓ Anycast Gateway MAC: {{ ebgp_merged_fabric_config.management.anycastGatewayMac }} + ✓ Performance Monitoring: {{ ebgp_merged_fabric_config.management.performanceMonitoring }} + ✓ BGP AS Mode: {{ ebgp_merged_fabric_config.management.bgpAsMode }} + + All 5 expected changes validated successfully! + ======================================== + tags: [test_merged, test_merged_validation] + +############################################################################# +# TEST 2: STATE REPLACED - Create and manage fabric using replaced state +############################################################################# +- name: "TEST 2a: Create eBGP fabric using state replaced (first run)" + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - name: "{{ ebgp_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65004" # Different from default ASN + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + site_id: "65004" # Different from default site_id + bgp_as_mode: multiAS # Different from default multiAS + bgp_allow_as_in_num: 2 # Different from default 1 + bgp_max_path: 8 # Different from default 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" # Different from default MAC + performance_monitoring: true # Different from default false + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" # Different from default subnet + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 3 # Different from default 2 + rendezvous_point_loopback_id: 253 # Different from default 254 + vpc_peer_link_vlan: "3700" # Different from default 3600 + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 300 # Different from default 360 + vpc_delay_restore_timer: 120 # Different from default 150 + vpc_peer_link_port_channel_id: "600" # Different from default 500 + vpc_ipv6_neighbor_discovery_sync: false # Different from default true + advertise_physical_ip: true # Different from default false + vpc_domain_id_range: "1-800" # Different from default 1-1000 + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 # Different from default 9216 + l2_host_interface_mtu: 9000 # Different from default 9216 + tenant_dhcp: false # Different from default true + nxapi: false + nxapi_https_port: 443 + nxapi_http: true # Different from default false + nxapi_http_port: 80 + snmp_trap: false # Different from default true + anycast_border_gateway_advertise_physical_ip: true # Different from default false + greenfield_debug_flag: enable # Different from default disable + tcam_allocation: false # Different from default true + real_time_interface_statistics_collection: true # Different from default false + interface_statistics_load_interval: 30 # Different from default 10 + bgp_loopback_ip_range: "10.22.0.0/22" # Different from default range + nve_loopback_ip_range: "10.23.0.0/22" # Different from default range + anycast_rendezvous_point_ip_range: "10.254.252.0/24" # Different from default range + intra_fabric_subnet_range: "10.24.0.0/16" # Different from default range + l2_vni_range: "40000-59000" # Different from default range + l3_vni_range: "60000-69000" # Different from default range + network_vlan_range: "2400-3099" # Different from default range + vrf_vlan_range: "2100-2399" # Different from default range + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" # Different from default range + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" # Different from default range + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" # Different from default range + banner: "^ Updated via replaced state ^" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: ebgp_replaced_result_1 + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2a: Verify eBGP fabric was created using replaced state" + assert: + that: + - ebgp_replaced_result_1 is changed + - ebgp_replaced_result_1 is not failed + fail_msg: "eBGP fabric creation with state replaced failed" + success_msg: "eBGP fabric successfully created with state replaced" + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2b: Create eBGP fabric using state replaced (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - name: "{{ ebgp_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65004" # Different from default ASN + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + site_id: "65004" + bgp_as_mode: multiAS # Different from default multiAS + bgp_allow_as_in_num: 2 + bgp_max_path: 8 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" + performance_monitoring: true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 3 + rendezvous_point_loopback_id: 253 + vpc_peer_link_vlan: "3700" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 300 + vpc_delay_restore_timer: 120 + vpc_peer_link_port_channel_id: "600" + vpc_ipv6_neighbor_discovery_sync: false + advertise_physical_ip: true + vpc_domain_id_range: "1-800" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 + l2_host_interface_mtu: 9000 + tenant_dhcp: false + nxapi: false + nxapi_https_port: 443 + nxapi_http: true + nxapi_http_port: 80 + snmp_trap: false + anycast_border_gateway_advertise_physical_ip: true + greenfield_debug_flag: enable + tcam_allocation: false + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + bgp_loopback_ip_range: "10.22.0.0/22" + nve_loopback_ip_range: "10.23.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.252.0/24" + intra_fabric_subnet_range: "10.24.0.0/16" + l2_vni_range: "40000-59000" + l3_vni_range: "60000-69000" + network_vlan_range: "2400-3099" + vrf_vlan_range: "2100-2399" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" + banner: "^ Updated via replaced state ^" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: ebgp_replaced_result_2 + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2b: Verify replaced state is idempotent" + assert: + that: + - ebgp_replaced_result_2 is not changed + - ebgp_replaced_result_2 is not failed + fail_msg: "Replaced state is not idempotent - should not change when run twice with same config" + success_msg: "Replaced state is idempotent - no changes on second run" + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2c: Update eBGP fabric using state replaced (complete replacement with minimal config)" + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - name: "{{ ebgp_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65004" # Different from default ASN + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + site_id: "65004" + banner: "^ Updated via replaced state ^" + register: ebgp_replaced_result_3 + tags: [test_replaced, test_replaced_update] + +- name: "TEST 2c: Verify eBGP fabric was completely replaced (defaults restored)" + assert: + that: + - ebgp_replaced_result_3 is changed + - ebgp_replaced_result_3 is not failed + fail_msg: "eBGP fabric replacement with state replaced failed" + success_msg: "eBGP fabric successfully replaced with state replaced" + tags: [test_replaced, test_replaced_update] + +############################################################################# +# VALIDATION: Query ebgp_test_fabric_replaced and validate defaults are restored +############################################################################# +- name: "VALIDATION 2: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response_2 + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Query ebgp_test_fabric_replaced configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ ebgp_test_fabric_replaced }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response_2.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: ebgp_replaced_fabric_query + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Parse eBGP fabric configuration response" + set_fact: + ebgp_replaced_fabric_config: "{{ ebgp_replaced_fabric_query.json }}" + tags: [test_replaced, test_replaced_validation] + +# Network Range Validations - verify defaults were restored +- name: "VALIDATION 2: Verify L3 VNI Range was standardized to 50000-59000" + assert: + that: + - ebgp_replaced_fabric_config.management.l3VniRange == "50000-59000" + fail_msg: "L3 VNI Range validation failed. Expected: 50000-59000, Actual: {{ ebgp_replaced_fabric_config.management.l3VniRange }}" + success_msg: "✓ L3 VNI Range correctly standardized to 50000-59000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify L2 VNI Range was standardized to 30000-49000" + assert: + that: + - ebgp_replaced_fabric_config.management.l2VniRange == "30000-49000" + fail_msg: "L2 VNI Range validation failed. Expected: 30000-49000, Actual: {{ ebgp_replaced_fabric_config.management.l2VniRange }}" + success_msg: "✓ L2 VNI Range correctly standardized to 30000-49000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify BGP Loopback IP Range was standardized to 10.2.0.0/22" + assert: + that: + - ebgp_replaced_fabric_config.management.bgpLoopbackIpRange == "10.2.0.0/22" + fail_msg: "BGP Loopback IP Range validation failed. Expected: 10.2.0.0/22, Actual: {{ ebgp_replaced_fabric_config.management.bgpLoopbackIpRange }}" + success_msg: "✓ BGP Loopback IP Range correctly standardized to 10.2.0.0/22" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NVE Loopback IP Range was standardized to 10.3.0.0/22" + assert: + that: + - ebgp_replaced_fabric_config.management.nveLoopbackIpRange == "10.3.0.0/22" + fail_msg: "NVE Loopback IP Range validation failed. Expected: 10.3.0.0/22, Actual: {{ ebgp_replaced_fabric_config.management.nveLoopbackIpRange }}" + success_msg: "✓ NVE Loopback IP Range correctly standardized to 10.3.0.0/22" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Intra-Fabric Subnet Range was standardized to 10.4.0.0/16" + assert: + that: + - ebgp_replaced_fabric_config.management.intraFabricSubnetRange == "10.4.0.0/16" + fail_msg: "Intra-Fabric Subnet Range validation failed. Expected: 10.4.0.0/16, Actual: {{ ebgp_replaced_fabric_config.management.intraFabricSubnetRange }}" + success_msg: "✓ Intra-Fabric Subnet Range correctly standardized to 10.4.0.0/16" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VRF Lite Subnet Range was standardized to 10.33.0.0/16" + assert: + that: + - ebgp_replaced_fabric_config.management.vrfLiteSubnetRange == "10.33.0.0/16" + fail_msg: "VRF Lite Subnet Range validation failed. Expected: 10.33.0.0/16, Actual: {{ ebgp_replaced_fabric_config.management.vrfLiteSubnetRange }}" + success_msg: "✓ VRF Lite Subnet Range correctly standardized to 10.33.0.0/16" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Anycast RP IP Range was standardized to 10.254.254.0/24" + assert: + that: + - ebgp_replaced_fabric_config.management.anycastRendezvousPointIpRange == "10.254.254.0/24" + fail_msg: "Anycast RP IP Range validation failed. Expected: 10.254.254.0/24, Actual: {{ ebgp_replaced_fabric_config.management.anycastRendezvousPointIpRange }}" + success_msg: "✓ Anycast RP IP Range correctly standardized to 10.254.254.0/24" + tags: [test_replaced, test_replaced_validation] + +# VLAN Range Validations +- name: "VALIDATION 2: Verify Network VLAN Range was standardized to 2300-2999" + assert: + that: + - ebgp_replaced_fabric_config.management.networkVlanRange == "2300-2999" + fail_msg: "Network VLAN Range validation failed. Expected: 2300-2999, Actual: {{ ebgp_replaced_fabric_config.management.networkVlanRange }}" + success_msg: "✓ Network VLAN Range correctly standardized to 2300-2999" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VRF VLAN Range was standardized to 2000-2299" + assert: + that: + - ebgp_replaced_fabric_config.management.vrfVlanRange == "2000-2299" + fail_msg: "VRF VLAN Range validation failed. Expected: 2000-2299, Actual: {{ ebgp_replaced_fabric_config.management.vrfVlanRange }}" + success_msg: "✓ VRF VLAN Range correctly standardized to 2000-2299" + tags: [test_replaced, test_replaced_validation] + +# MTU Validations +- name: "VALIDATION 2: Verify Fabric MTU was restored to 9216" + assert: + that: + - ebgp_replaced_fabric_config.management.fabricMtu == 9216 + fail_msg: "Fabric MTU validation failed. Expected: 9216, Actual: {{ ebgp_replaced_fabric_config.management.fabricMtu }}" + success_msg: "✓ Fabric MTU correctly restored to 9216" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify L2 Host Interface MTU was restored to 9216" + assert: + that: + - ebgp_replaced_fabric_config.management.l2HostInterfaceMtu == 9216 + fail_msg: "L2 Host Interface MTU validation failed. Expected: 9216, Actual: {{ ebgp_replaced_fabric_config.management.l2HostInterfaceMtu }}" + success_msg: "✓ L2 Host Interface MTU correctly restored to 9216" + tags: [test_replaced, test_replaced_validation] + +# Gateway and Multicast Validations +- name: "VALIDATION 2: Verify Anycast Gateway MAC was standardized to 2020.0000.00aa" + assert: + that: + - ebgp_replaced_fabric_config.management.anycastGatewayMac == "2020.0000.00aa" + fail_msg: "Anycast Gateway MAC validation failed. Expected: 2020.0000.00aa, Actual: {{ ebgp_replaced_fabric_config.management.anycastGatewayMac }}" + success_msg: "✓ Anycast Gateway MAC correctly standardized to 2020.0000.00aa" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Multicast Group Subnet was standardized to 239.1.1.0/25" + assert: + that: + - ebgp_replaced_fabric_config.management.multicastGroupSubnet == "239.1.1.0/25" + fail_msg: "Multicast Group Subnet validation failed. Expected: 239.1.1.0/25, Actual: {{ ebgp_replaced_fabric_config.management.multicastGroupSubnet }}" + success_msg: "✓ Multicast Group Subnet correctly standardized to 239.1.1.0/25" + tags: [test_replaced, test_replaced_validation] + +# VPC Configuration Validations +- name: "VALIDATION 2: Verify VPC Auto Recovery Timer was standardized to 360" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcAutoRecoveryTimer == 360 + fail_msg: "VPC Auto Recovery Timer validation failed. Expected: 360, Actual: {{ ebgp_replaced_fabric_config.management.vpcAutoRecoveryTimer }}" + success_msg: "✓ VPC Auto Recovery Timer correctly standardized to 360" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Delay Restore Timer was standardized to 150" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcDelayRestoreTimer == 150 + fail_msg: "VPC Delay Restore Timer validation failed. Expected: 150, Actual: {{ ebgp_replaced_fabric_config.management.vpcDelayRestoreTimer }}" + success_msg: "✓ VPC Delay Restore Timer correctly standardized to 150" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Peer Link Port Channel ID was standardized to 500" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcPeerLinkPortChannelId == "500" + fail_msg: "VPC Peer Link Port Channel ID validation failed. Expected: 500, Actual: {{ ebgp_replaced_fabric_config.management.vpcPeerLinkPortChannelId }}" + success_msg: "✓ VPC Peer Link Port Channel ID correctly standardized to 500" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Peer Link VLAN was standardized to 3600" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcPeerLinkVlan == "3600" + fail_msg: "VPC Peer Link VLAN validation failed. Expected: 3600, Actual: {{ ebgp_replaced_fabric_config.management.vpcPeerLinkVlan }}" + success_msg: "✓ VPC Peer Link VLAN correctly standardized to 3600" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Domain ID Range was standardized to 1-1000" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcDomainIdRange == "1-1000" + fail_msg: "VPC Domain ID Range validation failed. Expected: 1-1000, Actual: {{ ebgp_replaced_fabric_config.management.vpcDomainIdRange }}" + success_msg: "✓ VPC Domain ID Range correctly standardized to 1-1000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC IPv6 Neighbor Discovery Sync was enabled" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync == true + fail_msg: "VPC IPv6 Neighbor Discovery Sync validation failed. Expected: true, Actual: {{ ebgp_replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync }}" + success_msg: "✓ VPC IPv6 Neighbor Discovery Sync correctly enabled" + tags: [test_replaced, test_replaced_validation] + +# Multicast Settings Validations +- name: "VALIDATION 2: Verify Rendezvous Point Count was standardized to 2" + assert: + that: + - ebgp_replaced_fabric_config.management.rendezvousPointCount == 2 + fail_msg: "Rendezvous Point Count validation failed. Expected: 2, Actual: {{ ebgp_replaced_fabric_config.management.rendezvousPointCount }}" + success_msg: "✓ Rendezvous Point Count correctly standardized to 2" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Rendezvous Point Loopback ID was standardized to 254" + assert: + that: + - ebgp_replaced_fabric_config.management.rendezvousPointLoopbackId == 254 + fail_msg: "Rendezvous Point Loopback ID validation failed. Expected: 254, Actual: {{ ebgp_replaced_fabric_config.management.rendezvousPointLoopbackId }}" + success_msg: "✓ Rendezvous Point Loopback ID correctly standardized to 254" + tags: [test_replaced, test_replaced_validation] + +# eBGP-specific Validations +- name: "VALIDATION 2: Verify BGP AS Mode was standardized to multiAS" + assert: + that: + - ebgp_replaced_fabric_config.management.bgpAsMode == "multiAS" + fail_msg: "BGP AS Mode validation failed. Expected: multiAS, Actual: {{ ebgp_replaced_fabric_config.management.bgpAsMode }}" + success_msg: "✓ BGP AS Mode correctly standardized to multiAS" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify BGP Allow AS In Num was standardized to 1" + assert: + that: + - ebgp_replaced_fabric_config.management.bgpAllowAsInNum == 1 + fail_msg: "BGP Allow AS In Num validation failed. Expected: 1, Actual: {{ ebgp_replaced_fabric_config.management.bgpAllowAsInNum }}" + success_msg: "✓ BGP Allow AS In Num correctly standardized to 1" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify BGP Max Path was standardized to 4" + assert: + that: + - ebgp_replaced_fabric_config.management.bgpMaxPath == 4 + fail_msg: "BGP Max Path validation failed. Expected: 4, Actual: {{ ebgp_replaced_fabric_config.management.bgpMaxPath }}" + success_msg: "✓ BGP Max Path correctly standardized to 4" + tags: [test_replaced, test_replaced_validation] + +# Feature Flag Validations +- name: "VALIDATION 2: Verify TCAM Allocation was re-enabled" + assert: + that: + - ebgp_replaced_fabric_config.management.tcamAllocation == true + fail_msg: "TCAM Allocation validation failed. Expected: true, Actual: {{ ebgp_replaced_fabric_config.management.tcamAllocation }}" + success_msg: "✓ TCAM Allocation correctly re-enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Real Time Interface Statistics Collection was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection == false + fail_msg: "Real Time Interface Statistics Collection validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }}" + success_msg: "✓ Real Time Interface Statistics Collection correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Performance Monitoring was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.performanceMonitoring == false + fail_msg: "Performance Monitoring validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Tenant DHCP was re-enabled" + assert: + that: + - ebgp_replaced_fabric_config.management.tenantDhcp == true + fail_msg: "Tenant DHCP validation failed. Expected: true, Actual: {{ ebgp_replaced_fabric_config.management.tenantDhcp }}" + success_msg: "✓ Tenant DHCP correctly re-enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify SNMP Trap was re-enabled" + assert: + that: + - ebgp_replaced_fabric_config.management.snmpTrap == true + fail_msg: "SNMP Trap validation failed. Expected: true, Actual: {{ ebgp_replaced_fabric_config.management.snmpTrap }}" + success_msg: "✓ SNMP Trap correctly re-enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Greenfield Debug Flag was set to disable (eBGP default)" + assert: + that: + - ebgp_replaced_fabric_config.management.greenfieldDebugFlag == "disable" + fail_msg: "Greenfield Debug Flag validation failed. Expected: disable, Actual: {{ ebgp_replaced_fabric_config.management.greenfieldDebugFlag }}" + success_msg: "✓ Greenfield Debug Flag correctly set to disable (eBGP default)" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI HTTP is always true for eBGP (ND enforced behavior)" + assert: + that: + - ebgp_replaced_fabric_config.management.nxapiHttp == true + fail_msg: "NXAPI HTTP validation failed. ND enforces nxapiHttp=true for eBGP fabrics, Actual: {{ ebgp_replaced_fabric_config.management.nxapiHttp }}" + success_msg: "✓ NXAPI HTTP is true (ND enforces this for eBGP fabrics regardless of configured value)" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.nxapi == false + fail_msg: "NXAPI validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.nxapi }}" + success_msg: "✓ NXAPI correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Per VRF Loopback Auto Provision was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvision == false + fail_msg: "Per VRF Loopback Auto Provision validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvision }}" + success_msg: "✓ Per VRF Loopback Auto Provision correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Per VRF Loopback Auto Provision IPv6 was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 == false + fail_msg: "Per VRF Loopback Auto Provision IPv6 validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 }}" + success_msg: "✓ Per VRF Loopback Auto Provision IPv6 correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Banner was preserved" + assert: + that: + - ebgp_replaced_fabric_config.management.banner == "^ Updated via replaced state ^" + fail_msg: "Banner validation failed. Expected: '^ Updated via replaced state ^', Actual: {{ ebgp_replaced_fabric_config.management.banner }}" + success_msg: "✓ Banner correctly preserved: '{{ ebgp_replaced_fabric_config.management.banner }}'" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Display successful validation summary for ebgp_test_fabric_replaced" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for ebgp_test_fabric_replaced: + ======================================== + Network Ranges (restored to defaults): + ✓ L3 VNI Range: {{ ebgp_replaced_fabric_config.management.l3VniRange }} + ✓ L2 VNI Range: {{ ebgp_replaced_fabric_config.management.l2VniRange }} + ✓ BGP Loopback IP Range: {{ ebgp_replaced_fabric_config.management.bgpLoopbackIpRange }} + ✓ NVE Loopback IP Range: {{ ebgp_replaced_fabric_config.management.nveLoopbackIpRange }} + ✓ Intra-Fabric Subnet Range: {{ ebgp_replaced_fabric_config.management.intraFabricSubnetRange }} + ✓ VRF Lite Subnet Range: {{ ebgp_replaced_fabric_config.management.vrfLiteSubnetRange }} + ✓ Anycast RP IP Range: {{ ebgp_replaced_fabric_config.management.anycastRendezvousPointIpRange }} + + VLAN Ranges: + ✓ Network VLAN Range: {{ ebgp_replaced_fabric_config.management.networkVlanRange }} + ✓ VRF VLAN Range: {{ ebgp_replaced_fabric_config.management.vrfVlanRange }} + + MTU Settings: + ✓ Fabric MTU: {{ ebgp_replaced_fabric_config.management.fabricMtu }} + ✓ L2 Host Interface MTU: {{ ebgp_replaced_fabric_config.management.l2HostInterfaceMtu }} + + VPC Configuration: + ✓ VPC Auto Recovery Timer: {{ ebgp_replaced_fabric_config.management.vpcAutoRecoveryTimer }} + ✓ VPC Delay Restore Timer: {{ ebgp_replaced_fabric_config.management.vpcDelayRestoreTimer }} + ✓ VPC Peer Link Port Channel ID: {{ ebgp_replaced_fabric_config.management.vpcPeerLinkPortChannelId }} + ✓ VPC Peer Link VLAN: {{ ebgp_replaced_fabric_config.management.vpcPeerLinkVlan }} + ✓ VPC Domain ID Range: {{ ebgp_replaced_fabric_config.management.vpcDomainIdRange }} + ✓ VPC IPv6 Neighbor Discovery Sync: {{ ebgp_replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync }} + + Gateway & Multicast: + ✓ Anycast Gateway MAC: {{ ebgp_replaced_fabric_config.management.anycastGatewayMac }} + ✓ Multicast Group Subnet: {{ ebgp_replaced_fabric_config.management.multicastGroupSubnet }} + ✓ Rendezvous Point Count: {{ ebgp_replaced_fabric_config.management.rendezvousPointCount }} + ✓ Rendezvous Point Loopback ID: {{ ebgp_replaced_fabric_config.management.rendezvousPointLoopbackId }} + + eBGP-specific: + ✓ BGP AS Mode: {{ ebgp_replaced_fabric_config.management.bgpAsMode }} + ✓ BGP Allow AS In Num: {{ ebgp_replaced_fabric_config.management.bgpAllowAsInNum }} + ✓ BGP Max Path: {{ ebgp_replaced_fabric_config.management.bgpMaxPath }} + + Feature Flags: + ✓ TCAM Allocation: {{ ebgp_replaced_fabric_config.management.tcamAllocation }} + ✓ Real Time Interface Statistics Collection: {{ ebgp_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }} + ✓ Performance Monitoring: {{ ebgp_replaced_fabric_config.management.performanceMonitoring }} + ✓ Tenant DHCP: {{ ebgp_replaced_fabric_config.management.tenantDhcp }} + ✓ SNMP Trap: {{ ebgp_replaced_fabric_config.management.snmpTrap }} + ✓ Greenfield Debug Flag (eBGP default): {{ ebgp_replaced_fabric_config.management.greenfieldDebugFlag }} + ✓ NXAPI HTTP (ND enforces true for eBGP): {{ ebgp_replaced_fabric_config.management.nxapiHttp }} + ✓ NXAPI: {{ ebgp_replaced_fabric_config.management.nxapi }} + + Auto-Provisioning: + ✓ Per VRF Loopback Auto Provision: {{ ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvision }} + ✓ Per VRF Loopback Auto Provision IPv6: {{ ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 }} + + Preserved Settings: + ✓ Banner: "{{ ebgp_replaced_fabric_config.management.banner }}" + + All 35+ expected changes validated successfully! + ======================================== + tags: [test_replaced, test_replaced_validation] + +############################################################################# +# TEST 3: Demonstrate difference between merged and replaced states +############################################################################# +- name: "TEST 3: Create eBGP fabric for merged vs replaced comparison" + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - "{{ {'name': ebgp_test_fabric_deleted} | combine(common_ebgp_fabric_config) }}" + register: ebgp_comparison_fabric_creation + tags: [test_comparison] + +- name: "TEST 3a: Partial update using merged state (should merge changes)" + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - name: "{{ ebgp_test_fabric_deleted }}" + category: fabric + management: + bgp_asn: "65004" # Different from default ASN + # bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + fabric_mtu: 8000 # Only updating MTU + register: ebgp_merged_partial_result + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3a: Verify merged state preserves existing configuration" + assert: + that: + - ebgp_merged_partial_result is changed + - ebgp_merged_partial_result is not failed + fail_msg: "Partial update with merged state failed" + success_msg: "Merged state successfully performed partial update" + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3b: Partial update using replaced state (should replace entire config)" + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - name: "{{ ebgp_test_fabric_deleted }}" + category: fabric + management: + type: vxlanEbgp + bgp_asn: "65100" + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + target_subnet_mask: 30 + register: ebgp_replaced_partial_result + tags: [test_comparison, test_replaced_partial] + +- name: "TEST 3b: Verify replaced state performs complete replacement" + assert: + that: + - ebgp_replaced_partial_result is changed + - ebgp_replaced_partial_result is not failed + fail_msg: "Partial replacement with replaced state failed" + success_msg: "Replaced state successfully performed complete replacement" + tags: [test_comparison, test_replaced_partial] + +############################################################################# +# TEST 4: STATE DELETED - Delete fabrics +############################################################################# +- name: "TEST 4a: Delete eBGP fabric using state deleted" + cisco.nd.nd_manage_fabric_ebgp: + state: deleted + config: + - name: "{{ ebgp_test_fabric_deleted }}" + register: ebgp_deleted_result_1 + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4a: Verify eBGP fabric was deleted" + assert: + that: + - ebgp_deleted_result_1 is changed + - ebgp_deleted_result_1 is not failed + fail_msg: "eBGP fabric deletion with state deleted failed" + success_msg: "eBGP fabric successfully deleted with state deleted" + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4b: Delete eBGP fabric using state deleted (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ebgp: + state: deleted + config: + - name: "{{ ebgp_test_fabric_deleted }}" + register: ebgp_deleted_result_2 + tags: [test_deleted, test_deleted_idempotent] + +- name: "TEST 4b: Verify deleted state is idempotent" + assert: + that: + - ebgp_deleted_result_2 is not changed + - ebgp_deleted_result_2 is not failed + fail_msg: "Deleted state is not idempotent - should not change when deleting non-existent fabric" + success_msg: "Deleted state is idempotent - no changes when deleting non-existent fabric" + tags: [test_deleted, test_deleted_idempotent] + +############################################################################# +# TEST 5: Multiple fabric operations in single task +############################################################################# +- name: "TEST 5: Multiple eBGP fabric operations in single task" + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - name: "multi_ebgp_fabric_1" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65101" + bgp_asn_auto_allocation: false + site_id: "65101" + bgp_as_mode: sameTierAS + bgp_allow_as_in_num: 1 + bgp_max_path: 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0001" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.101.0.0/22" + nve_loopback_ip_range: "10.103.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.101.0/24" + intra_fabric_subnet_range: "10.104.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.133.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.105.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + - name: "multi_ebgp_fabric_2" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65102" + bgp_asn_auto_allocation: false + site_id: "65102" + bgp_as_mode: sameTierAS + bgp_allow_as_in_num: 1 + bgp_max_path: 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0002" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.102.0.0/22" + nve_loopback_ip_range: "10.103.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.102.0/24" + intra_fabric_subnet_range: "10.104.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.134.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.106.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: ebgp_multi_fabric_result + tags: [test_multi, test_multi_create] + +- name: "TEST 5: Verify multiple eBGP fabrics were created" + assert: + that: + - ebgp_multi_fabric_result is changed + - ebgp_multi_fabric_result is not failed + fail_msg: "Multiple eBGP fabric creation failed" + success_msg: "Multiple eBGP fabrics successfully created" + tags: [test_multi, test_multi_create] + +############################################################################# +# FINAL CLEANUP - Clean up all test fabrics +############################################################################# +- name: "CLEANUP: Delete all test eBGP fabrics" + cisco.nd.nd_manage_fabric_ebgp: + state: deleted + config: + - name: "{{ ebgp_test_fabric_merged }}" + - name: "{{ ebgp_test_fabric_replaced }}" + - name: "{{ ebgp_test_fabric_deleted }}" + - name: "multi_ebgp_fabric_1" + - name: "multi_ebgp_fabric_2" + ignore_errors: true + tags: [cleanup, always] + +############################################################################# +# TEST SUMMARY +############################################################################# +- name: "TEST SUMMARY: Display eBGP test results" + debug: + msg: | + ======================================================== + TEST SUMMARY for cisco.nd.nd_manage_fabric_ebgp module: + ======================================================== + ✓ TEST 1: STATE MERGED + - Create fabric: {{ 'PASSED' if ebgp_merged_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ebgp_merged_result_2 is not changed else 'FAILED' }} + - Update fabric: {{ 'PASSED' if ebgp_merged_result_3 is changed else 'FAILED' }} + + ✓ TEST 2: STATE REPLACED + - Create fabric: {{ 'PASSED' if ebgp_replaced_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ebgp_replaced_result_2 is not changed else 'FAILED' }} + - Replace fabric: {{ 'PASSED' if ebgp_replaced_result_3 is changed else 'FAILED' }} + + ✓ TEST 3: MERGED vs REPLACED Comparison + - Merged partial: {{ 'PASSED' if ebgp_merged_partial_result is changed else 'FAILED' }} + - Replaced partial: {{ 'PASSED' if ebgp_replaced_partial_result is changed else 'FAILED' }} + + ✓ TEST 4: STATE DELETED + - Delete fabric: {{ 'PASSED' if ebgp_deleted_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ebgp_deleted_result_2 is not changed else 'FAILED' }} + + ✓ TEST 5: MULTIPLE FABRICS + - Multi-create: {{ 'PASSED' if ebgp_multi_fabric_result is changed else 'FAILED' }} + + All tests validate: + - State merged: Creates and updates eBGP fabrics by merging changes + - State replaced: Creates and completely replaces eBGP fabric configuration + - State deleted: Removes eBGP fabrics + - Idempotency: All operations are idempotent when run multiple times + - Difference: Merged preserves existing config, replaced overwrites completely + - eBGP-specific: bgpAsMode, bgpAllowAsInNum, bgpMaxPath defaults validated + ======================================== + tags: [summary, always] diff --git a/tests/integration/targets/nd_manage_fabric/tasks/fabric_external.yaml b/tests/integration/targets/nd_manage_fabric/tasks/fabric_external.yaml new file mode 100644 index 00000000..17b292f1 --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/tasks/fabric_external.yaml @@ -0,0 +1,700 @@ +--- +# Test code for the ND modules +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Test that we have a Nexus Dashboard host, username and password + ansible.builtin.fail: + msg: 'Please define the following variables: ansible_host, ansible_user and ansible_password.' + when: ansible_host is not defined or ansible_user is not defined or ansible_password is not defined + +############################################################################# +# CLEANUP - Ensure clean state before tests +############################################################################# +- name: Clean up any existing test fabrics before starting tests + cisco.nd.nd_manage_fabric_external: + state: deleted + config: + - name: "{{ ext_test_fabric_merged }}" + - name: "{{ ext_test_fabric_replaced }}" + - name: "{{ ext_test_fabric_deleted }}" + tags: always + +############################################################################# +# TEST 1: STATE MERGED - Create fabric using merged state +############################################################################# +- name: "TEST 1a: Create fabric using state merged (first run)" + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - "{{ {'name': ext_test_fabric_merged} | combine(common_external_fabric_config) }}" + register: ext_merged_result_1 + tags: [test_merged, test_merged_create] + +- name: "TEST 1a: Verify fabric was created using merged state" + assert: + that: + - ext_merged_result_1 is changed + - ext_merged_result_1 is not failed + fail_msg: "Fabric creation with state merged failed" + success_msg: "Fabric successfully created with state merged" + tags: [test_merged, test_merged_create] + +- name: "TEST 1b: Create fabric using state merged (second run - idempotency test)" + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - "{{ {'name': ext_test_fabric_merged} | combine(common_external_fabric_config) }}" + register: ext_merged_result_2 + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1b: Verify merged state is idempotent" + assert: + that: + - ext_merged_result_2 is not changed + - ext_merged_result_2 is not failed + fail_msg: "Merged state is not idempotent - should not change when run twice with same config" + success_msg: "Merged state is idempotent - no changes on second run" + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1c: Update fabric using state merged (modify existing)" + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - name: "{{ ext_test_fabric_merged }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65002" # Changed from 65001 + copp_policy: strict # Changed from manual + create_bgp_config: true + cdp: true # Changed from false + snmp_trap: false # Changed from true + nxapi: true # Changed from false + nxapi_http: true # Changed from false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: true # Changed from false + real_time_interface_statistics_collection: true # Changed from false + interface_statistics_load_interval: 30 # Changed from 10 + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: combined # Changed from redundant + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: ext_merged_result_3 + tags: [test_merged, test_merged_update] + +- name: "TEST 1c: Verify fabric was updated using merged state" + assert: + that: + - ext_merged_result_3 is changed + - ext_merged_result_3 is not failed + fail_msg: "Fabric update with state merged failed" + success_msg: "Fabric successfully updated with state merged" + tags: [test_merged, test_merged_update] + +############################################################################# +# VALIDATION: Query ext_test_fabric_merged and validate expected changes +############################################################################# +- name: "VALIDATION 1: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Query ext_test_fabric_merged configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ ext_test_fabric_merged }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: ext_merged_fabric_query + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Parse fabric configuration response" + set_fact: + ext_merged_fabric_config: "{{ ext_merged_fabric_query.json }}" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify BGP ASN was updated to 65002" + assert: + that: + - ext_merged_fabric_config.management.bgpAsn == "65002" + fail_msg: "BGP ASN validation failed. Expected: 65002, Actual: {{ ext_merged_fabric_config.management.bgpAsn }}" + success_msg: "✓ BGP ASN correctly updated to 65002" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify CoPP Policy was updated to strict" + assert: + that: + - ext_merged_fabric_config.management.coppPolicy == "strict" + fail_msg: "CoPP Policy validation failed. Expected: strict, Actual: {{ ext_merged_fabric_config.management.coppPolicy }}" + success_msg: "✓ CoPP Policy correctly updated to strict" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Performance Monitoring was enabled" + assert: + that: + - ext_merged_fabric_config.management.performanceMonitoring == true + fail_msg: "Performance Monitoring validation failed. Expected: true, Actual: {{ ext_merged_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly enabled" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify CDP was enabled" + assert: + that: + - ext_merged_fabric_config.management.cdp == true + fail_msg: "CDP validation failed. Expected: true, Actual: {{ ext_merged_fabric_config.management.cdp }}" + success_msg: "✓ CDP correctly enabled" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Display successful validation summary for ext_test_fabric_merged" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for ext_test_fabric_merged: + ======================================== + ✓ BGP ASN: {{ ext_merged_fabric_config.management.bgpAsn }} + ✓ CoPP Policy: {{ ext_merged_fabric_config.management.coppPolicy }} + ✓ Performance Monitoring: {{ ext_merged_fabric_config.management.performanceMonitoring }} + ✓ CDP: {{ ext_merged_fabric_config.management.cdp }} + + All 4 expected changes validated successfully! + ======================================== + tags: [test_merged, test_merged_validation] + +############################################################################# +# TEST 2: STATE REPLACED - Create and manage fabric using replaced state +############################################################################# +- name: "TEST 2a: Create fabric using state replaced (first run)" + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - name: "{{ ext_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65004" + copp_policy: strict # Different from default + create_bgp_config: true + cdp: true # Different from default + snmp_trap: false # Different from default + nxapi: true # Different from default + nxapi_http: true # Different from default + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: true # Different from default + real_time_interface_statistics_collection: true # Different from default + interface_statistics_load_interval: 30 # Different from default + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: combined # Different from default + ptp: true # Different from default + ptp_domain_id: 10 # Different from default + ptp_loopback_id: 5 # Different from default + mpls_handoff: false + mpls_loopback_ip_range: "10.102.0.0/25" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + extra_config_aaa: "" + extra_config_fabric: "" + register: ext_replaced_result_1 + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2a: Verify fabric was created using replaced state" + assert: + that: + - ext_replaced_result_1 is changed + - ext_replaced_result_1 is not failed + fail_msg: "Fabric creation with state replaced failed" + success_msg: "Fabric successfully created with state replaced" + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2b: Create fabric using state replaced (second run - idempotency test)" + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - name: "{{ ext_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65004" + copp_policy: strict + create_bgp_config: true + cdp: true + snmp_trap: false + nxapi: true + nxapi_http: true + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: true + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: combined + ptp: true + ptp_domain_id: 10 + ptp_loopback_id: 5 + mpls_handoff: false + mpls_loopback_ip_range: "10.102.0.0/25" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + extra_config_aaa: "" + extra_config_fabric: "" + register: ext_replaced_result_2 + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2b: Verify replaced state is idempotent" + assert: + that: + - ext_replaced_result_2 is not changed + - ext_replaced_result_2 is not failed + fail_msg: "Replaced state is not idempotent - should not change when run twice with same config" + success_msg: "Replaced state is idempotent - no changes on second run" + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2c: Update fabric using state replaced (complete replacement with minimal config)" + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - name: "{{ ext_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65004" + register: ext_replaced_result_3 + tags: [test_replaced, test_replaced_update] + +- name: "TEST 2c: Verify fabric was completely replaced" + assert: + that: + - ext_replaced_result_3 is changed + - ext_replaced_result_3 is not failed + fail_msg: "Fabric replacement with state replaced failed" + success_msg: "Fabric successfully replaced with state replaced" + tags: [test_replaced, test_replaced_update] + +############################################################################# +# VALIDATION: Query ext_test_fabric_replaced and validate defaults restored +############################################################################# +- name: "VALIDATION 2: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response_2 + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Query ext_test_fabric_replaced configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ ext_test_fabric_replaced }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response_2.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: ext_replaced_fabric_query + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Parse fabric configuration response" + set_fact: + ext_replaced_fabric_config: "{{ ext_replaced_fabric_query.json }}" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify CoPP Policy was standardized to manual (default)" + assert: + that: + - ext_replaced_fabric_config.management.coppPolicy == "manual" + fail_msg: "CoPP Policy validation failed. Expected: manual, Actual: {{ ext_replaced_fabric_config.management.coppPolicy }}" + success_msg: "✓ CoPP Policy correctly standardized to manual" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify SNMP Trap was restored to default (true)" + assert: + that: + - ext_replaced_fabric_config.management.snmpTrap == true + fail_msg: "SNMP Trap validation failed. Expected: true, Actual: {{ ext_replaced_fabric_config.management.snmpTrap }}" + success_msg: "✓ SNMP Trap correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify CDP was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.cdp == false + fail_msg: "CDP validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.cdp }}" + success_msg: "✓ CDP correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.nxapi == false + fail_msg: "NXAPI validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.nxapi }}" + success_msg: "✓ NXAPI correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI HTTP was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.nxapiHttp == false + fail_msg: "NXAPI HTTP validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.nxapiHttp }}" + success_msg: "✓ NXAPI HTTP correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Performance Monitoring was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.performanceMonitoring == false + fail_msg: "Performance Monitoring validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Real Time Interface Statistics Collection was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection == false + fail_msg: "Real Time Interface Statistics Collection validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }}" + success_msg: "✓ Real Time Interface Statistics Collection correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Power Redundancy Mode was restored to default (redundant)" + assert: + that: + - ext_replaced_fabric_config.management.powerRedundancyMode == "redundant" + fail_msg: "Power Redundancy Mode validation failed. Expected: redundant, Actual: {{ ext_replaced_fabric_config.management.powerRedundancyMode }}" + success_msg: "✓ Power Redundancy Mode correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify PTP was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.ptp == false + fail_msg: "PTP validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.ptp }}" + success_msg: "✓ PTP correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Display successful validation summary for ext_test_fabric_replaced" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for ext_test_fabric_replaced: + ======================================== + ✓ CoPP Policy: {{ ext_replaced_fabric_config.management.coppPolicy }} + ✓ SNMP Trap: {{ ext_replaced_fabric_config.management.snmpTrap }} + ✓ CDP: {{ ext_replaced_fabric_config.management.cdp }} + ✓ NXAPI: {{ ext_replaced_fabric_config.management.nxapi }} + ✓ NXAPI HTTP: {{ ext_replaced_fabric_config.management.nxapiHttp }} + ✓ Performance Monitoring: {{ ext_replaced_fabric_config.management.performanceMonitoring }} + ✓ Real Time Interface Statistics: {{ ext_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }} + ✓ Power Redundancy Mode: {{ ext_replaced_fabric_config.management.powerRedundancyMode }} + ✓ PTP: {{ ext_replaced_fabric_config.management.ptp }} + + All defaults correctly restored after replaced with minimal config! + ======================================== + tags: [test_replaced, test_replaced_validation] + +############################################################################# +# TEST 3: Demonstrate difference between merged and replaced states +############################################################################# +- name: "TEST 3: Create fabric for merged vs replaced comparison" + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - "{{ {'name': ext_test_fabric_deleted} | combine(common_external_fabric_config) }}" + register: ext_comparison_fabric_creation + tags: [test_comparison] + +- name: "TEST 3a: Partial update using merged state (should merge changes)" + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - name: "{{ ext_test_fabric_deleted }}" + category: fabric + management: + bgp_asn: "65099" # Only updating ASN + copp_policy: strict # Only updating CoPP policy + register: ext_merged_partial_result + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3a: Verify merged state preserves existing configuration" + assert: + that: + - ext_merged_partial_result is changed + - ext_merged_partial_result is not failed + fail_msg: "Partial update with merged state failed" + success_msg: "Merged state successfully performed partial update" + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3b: Partial update using replaced state (should replace entire config)" + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - name: "{{ ext_test_fabric_deleted }}" + category: fabric + management: + type: externalConnectivity + bgp_asn: "65100" # Only specifying minimal config for replaced + register: ext_replaced_partial_result + tags: [test_comparison, test_replaced_partial] + +- name: "TEST 3b: Verify replaced state performs complete replacement" + assert: + that: + - ext_replaced_partial_result is changed + - ext_replaced_partial_result is not failed + fail_msg: "Partial replacement with replaced state failed" + success_msg: "Replaced state successfully performed complete replacement" + tags: [test_comparison, test_replaced_partial] + +############################################################################# +# TEST 4: STATE DELETED - Delete fabrics +############################################################################# +- name: "TEST 4a: Delete fabric using state deleted" + cisco.nd.nd_manage_fabric_external: + state: deleted + config: + - name: "{{ ext_test_fabric_deleted }}" + register: ext_deleted_result_1 + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4a: Verify fabric was deleted" + assert: + that: + - ext_deleted_result_1 is changed + - ext_deleted_result_1 is not failed + fail_msg: "Fabric deletion with state deleted failed" + success_msg: "Fabric successfully deleted with state deleted" + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4b: Delete fabric using state deleted (second run - idempotency test)" + cisco.nd.nd_manage_fabric_external: + state: deleted + config: + - name: "{{ ext_test_fabric_deleted }}" + register: ext_deleted_result_2 + tags: [test_deleted, test_deleted_idempotent] + +- name: "TEST 4b: Verify deleted state is idempotent" + assert: + that: + - ext_deleted_result_2 is not changed + - ext_deleted_result_2 is not failed + fail_msg: "Deleted state is not idempotent - should not change when deleting non-existent fabric" + success_msg: "Deleted state is idempotent - no changes when deleting non-existent fabric" + tags: [test_deleted, test_deleted_idempotent] + +############################################################################# +# TEST 5: Multiple fabric operations in single task +############################################################################# +- name: "TEST 5: Multiple fabric operations in single task" + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - name: "ext_multi_fabric_1" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65101" + copp_policy: manual + create_bgp_config: true + cdp: false + snmp_trap: true + nxapi: false + nxapi_http: false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + sub_interface_dot1q_range: "2-511" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + - name: "ext_multi_fabric_2" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65102" + copp_policy: manual + create_bgp_config: true + cdp: false + snmp_trap: true + nxapi: false + nxapi_http: false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + sub_interface_dot1q_range: "2-511" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: ext_multi_fabric_result + tags: [test_multi, test_multi_create] + +- name: "TEST 5: Verify multiple fabrics were created" + assert: + that: + - ext_multi_fabric_result is changed + - ext_multi_fabric_result is not failed + fail_msg: "Multiple fabric creation failed" + success_msg: "Multiple fabrics successfully created" + tags: [test_multi, test_multi_create] + +############################################################################# +# FINAL CLEANUP - Clean up all test fabrics +############################################################################# +- name: "CLEANUP: Delete all test fabrics" + cisco.nd.nd_manage_fabric_external: + state: deleted + config: + - name: "{{ ext_test_fabric_merged }}" + - name: "{{ ext_test_fabric_replaced }}" + - name: "{{ ext_test_fabric_deleted }}" + - name: "ext_multi_fabric_1" + - name: "ext_multi_fabric_2" + ignore_errors: true + tags: [cleanup, always] + +############################################################################# +# TEST SUMMARY +############################################################################# +- name: "TEST SUMMARY: Display test results" + debug: + msg: | + ======================================================== + TEST SUMMARY for cisco.nd.nd_manage_fabric_external module: + ======================================================== + ✓ TEST 1: STATE MERGED + - Create fabric: {{ 'PASSED' if ext_merged_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ext_merged_result_2 is not changed else 'FAILED' }} + - Update fabric: {{ 'PASSED' if ext_merged_result_3 is changed else 'FAILED' }} + + ✓ TEST 2: STATE REPLACED + - Create fabric: {{ 'PASSED' if ext_replaced_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ext_replaced_result_2 is not changed else 'FAILED' }} + - Replace fabric: {{ 'PASSED' if ext_replaced_result_3 is changed else 'FAILED' }} + + ✓ TEST 3: MERGED vs REPLACED Comparison + - Merged partial: {{ 'PASSED' if ext_merged_partial_result is changed else 'FAILED' }} + - Replaced partial: {{ 'PASSED' if ext_replaced_partial_result is changed else 'FAILED' }} + + ✓ TEST 4: STATE DELETED + - Delete fabric: {{ 'PASSED' if ext_deleted_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ext_deleted_result_2 is not changed else 'FAILED' }} + + ✓ TEST 5: MULTIPLE FABRICS + - Multi-create: {{ 'PASSED' if ext_multi_fabric_result is changed else 'FAILED' }} + + All tests validate: + - State merged: Creates and updates fabrics by merging changes + - State replaced: Creates and completely replaces fabric configuration + - State deleted: Removes fabrics + - Idempotency: All operations are idempotent when run multiple times + - Difference: Merged preserves existing config, replaced overwrites completely + ======================================== + tags: [summary, always] diff --git a/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml new file mode 100644 index 00000000..30b77c59 --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml @@ -0,0 +1,1172 @@ +--- +# Test code for the ND modules +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Test that we have a Nexus Dashboard host, username and password + ansible.builtin.fail: + msg: 'Please define the following variables: ansible_host, ansible_user and ansible_password.' + when: ansible_host is not defined or ansible_user is not defined or ansible_password is not defined + +############################################################################# +# CLEANUP - Ensure clean state before tests +############################################################################# +- name: Clean up any existing test fabrics before starting tests + cisco.nd.nd_manage_fabric_ibgp: + state: deleted + config: + - name: "{{ test_fabric_merged }}" + - name: "{{ test_fabric_replaced }}" + - name: "{{ test_fabric_deleted }}" + tags: always + +############################################################################# +# TEST 1: STATE MERGED - Create fabric using merged state +############################################################################# +- name: "TEST 1a: Create fabric using state merged (first run)" + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - "{{ {'name': test_fabric_merged} | combine(common_fabric_config) }}" + register: merged_result_1 + tags: [test_merged, test_merged_create] + +- name: "TEST 1a: Verify fabric was created using merged state" + assert: + that: + - merged_result_1 is changed + - merged_result_1 is not failed + fail_msg: "Fabric creation with state merged failed" + success_msg: "Fabric successfully created with state merged" + tags: [test_merged, test_merged_create] + +- name: "TEST 1b: Create fabric using state merged (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - "{{ {'name': test_fabric_merged} | combine(common_fabric_config) }}" + register: merged_result_2 + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1b: Verify merged state is idempotent" + assert: + that: + - merged_result_2 is not changed + - merged_result_2 is not failed + fail_msg: "Merged state is not idempotent - should not change when run twice with same config" + success_msg: "Merged state is idempotent - no changes on second run" + tags: [test_merged, test_merged_idempotent] + +# - name: "PAUSE: Review TEST 1b results before continuing" +# ansible.builtin.pause: +# prompt: "TEST 1b complete. Review results and press Enter to continue, or Ctrl+C then A to abort" +# tags: [test_merged, test_merged_update] + +- name: "TEST 1c: Update fabric using state merged (modify existing)" + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - name: "{{ test_fabric_merged }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65002" # Changed from 65001 + site_id: "65002" # Changed from 65001 + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00bb" # Changed from 00aa + performance_monitoring: true # Changed from false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + # per_vrf_loopback_auto_provision_ipv6: false + # per_vrf_loopback_ipv6_range: "fd00::a05:0/112" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: merged_result_3 + tags: [test_merged, test_merged_update] + +- name: "TEST 1c: Verify fabric was updated using merged state" + assert: + that: + - merged_result_3 is changed + - merged_result_3 is not failed + fail_msg: "Fabric update with state merged failed" + success_msg: "Fabric successfully updated with state merged" + tags: [test_merged, test_merged_update] + +############################################################################# +# VALIDATION: Query test_fabric_merged and validate expected changes +############################################################################# +# Get authentication token first +- name: "VALIDATION 1: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Query test_fabric_merged configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ test_fabric_merged }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: merged_fabric_query + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +# - debug: msg="{{ merged_fabric_query }}" +# - meta: end_play + +- name: "VALIDATION 1: Parse fabric configuration response" + set_fact: + merged_fabric_config: "{{ merged_fabric_query.json }}" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify BGP ASN was updated to 65002" + assert: + that: + - merged_fabric_config.management.bgpAsn == "65002" + fail_msg: "BGP ASN validation failed. Expected: 65002, Actual: {{ merged_fabric_config.management.bgpAsn }}" + success_msg: "✓ BGP ASN correctly updated to 65002" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Site ID was updated to 65002" + assert: + that: + - merged_fabric_config.management.siteId == "65002" + fail_msg: "Site ID validation failed. Expected: 65002, Actual: {{ merged_fabric_config.management.siteId }}" + success_msg: "✓ Site ID correctly updated to 65002" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Anycast Gateway MAC was updated to 2020.0000.00bb" + assert: + that: + - merged_fabric_config.management.anycastGatewayMac == "2020.0000.00bb" + fail_msg: "Anycast Gateway MAC validation failed. Expected: 2020.0000.00bb, Actual: {{ merged_fabric_config.management.anycastGatewayMac }}" + success_msg: "✓ Anycast Gateway MAC correctly updated to 2020.0000.00bb" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Performance Monitoring was enabled" + assert: + that: + - merged_fabric_config.management.performanceMonitoring == true + fail_msg: "Performance Monitoring validation failed. Expected: true, Actual: {{ merged_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly enabled" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Display successful validation summary for test_fabric_merged" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for test_fabric_merged: + ======================================== + ✓ BGP ASN: {{ merged_fabric_config.management.bgpAsn }} + ✓ Site ID: {{ merged_fabric_config.management.siteId }} + ✓ Anycast Gateway MAC: {{ merged_fabric_config.management.anycastGatewayMac }} + ✓ Performance Monitoring: {{ merged_fabric_config.management.performanceMonitoring }} + + All 4 expected changes validated successfully! + ======================================== + tags: [test_merged, test_merged_validation] + +# - name: "PAUSE: Review TEST 1c results before continuing" +# ansible.builtin.pause: +# prompt: "TEST 1c complete. Review results and press Enter to continue, or Ctrl+C then A to abort" +# tags: [test_merged, test_merged_update] + +############################################################################# +# TEST 2: STATE REPLACED - Create and manage fabric using replaced state +############################################################################# +- name: "TEST 2a: Create fabric using state replaced (first run)" + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - name: "{{ test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65004" # DIfferent from default ASN + site_id: "65004" # DIfferent from default site_id + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" # DIfferent from default MAC + performance_monitoring: true # DIfferent from default to true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" # DIfferent from default subnet + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 3 # DIfferent from default count + rendezvous_point_loopback_id: 253 # DIfferent from default loopback + vpc_peer_link_vlan: "3700" # DIfferent from default VLAN + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 300 # DIfferent from default timer + vpc_delay_restore_timer: 120 # DIfferent from default timer + vpc_peer_link_port_channel_id: "600" # DIfferent from default port channel + vpc_ipv6_neighbor_discovery_sync: false # DIfferent from default to false + advertise_physical_ip: true # DIfferent from default to true + vpc_domain_id_range: "1-800" # DIfferent from default range + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 # DIfferent from default MTU + l2_host_interface_mtu: 9000 # DIfferent from default MTU + tenant_dhcp: false # DIfferent from default to false + nxapi: false # DIfferent from default to false + nxapi_https_port: 443 + nxapi_http: true # DIfferent from default to true + nxapi_http_port: 80 + snmp_trap: false # DIfferent from default to false + anycast_border_gateway_advertise_physical_ip: true # DIfferent from default to true + greenfield_debug_flag: disable # DIfferent from default to disable + tcam_allocation: false # DIfferent from default to false + real_time_interface_statistics_collection: true # DIfferent from default to true + interface_statistics_load_interval: 30 # DIfferent from default interval + bgp_loopback_ip_range: "10.22.0.0/22" # DIfferent from default range + nve_loopback_ip_range: "10.23.0.0/22" # DIfferent from default range + anycast_rendezvous_point_ip_range: "10.254.252.0/24" # DIfferent from default range + intra_fabric_subnet_range: "10.24.0.0/16" # DIfferent from default range + l2_vni_range: "40000-59000" # DIfferent from default range + l3_vni_range: "60000-69000" # DIfferent from default range + network_vlan_range: "2400-3099" # DIfferent from default range + vrf_vlan_range: "2100-2399" # DIfferent from default range + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" # DIfferent from default range + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" # DIfferent from default range + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" # DIfferent from default range + banner: "^ Updated via replaced state ^" # Added banner + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: replaced_result_1 + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2a: Verify fabric was created using replaced state" + assert: + that: + - replaced_result_1 is changed + - replaced_result_1 is not failed + fail_msg: "Fabric creation with state replaced failed" + success_msg: "Fabric successfully created with state replaced" + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2b: Create fabric using state replaced (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - name: "{{ test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65004" # DIfferent from default ASN + site_id: "65004" # DIfferent from default site_id + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" # DIfferent from default MAC + performance_monitoring: true # DIfferent from default to true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" # DIfferent from default subnet + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 3 # DIfferent from default count + rendezvous_point_loopback_id: 253 # DIfferent from default loopback + vpc_peer_link_vlan: "3700" # DIfferent from default VLAN + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 300 # DIfferent from default timer + vpc_delay_restore_timer: 120 # DIfferent from default timer + vpc_peer_link_port_channel_id: "600" # DIfferent from default port channel + vpc_ipv6_neighbor_discovery_sync: false # DIfferent from default to false + advertise_physical_ip: true # DIfferent from default to true + vpc_domain_id_range: "1-800" # DIfferent from default range + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 # DIfferent from default MTU + l2_host_interface_mtu: 9000 # DIfferent from default MTU + tenant_dhcp: false # DIfferent from default to false + nxapi: false # DIfferent from default to false + nxapi_https_port: 443 + nxapi_http: true # DIfferent from default to true + nxapi_http_port: 80 + snmp_trap: false # DIfferent from default to false + anycast_border_gateway_advertise_physical_ip: true # DIfferent from default to true + greenfield_debug_flag: disable # DIfferent from default to disable + tcam_allocation: false # DIfferent from default to false + real_time_interface_statistics_collection: true # DIfferent from default to true + interface_statistics_load_interval: 30 # DIfferent from default interval + bgp_loopback_ip_range: "10.22.0.0/22" # DIfferent from default range + nve_loopback_ip_range: "10.23.0.0/22" # DIfferent from default range + anycast_rendezvous_point_ip_range: "10.254.252.0/24" # DIfferent from default range + intra_fabric_subnet_range: "10.24.0.0/16" # DIfferent from default range + l2_vni_range: "40000-59000" # DIfferent from default range + l3_vni_range: "60000-69000" # DIfferent from default range + network_vlan_range: "2400-3099" # DIfferent from default range + vrf_vlan_range: "2100-2399" # DIfferent from default range + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" # DIfferent from default range + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" # DIfferent from default range + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" # DIfferent from default range + banner: "^ Updated via replaced state ^" # Added banner + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: replaced_result_2 + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2b: Verify replaced state is idempotent" + assert: + that: + - replaced_result_2 is not changed + - replaced_result_2 is not failed + fail_msg: "Replaced state is not idempotent - should not change when run twice with same config" + success_msg: "Replaced state is idempotent - no changes on second run" + tags: [test_replaced, test_replaced_idempotent] + +# - name: "PAUSE: Review TEST 2b results before continuing" +# ansible.builtin.pause: +# prompt: "TEST 2b complete. Review results and press Enter to continue, or Ctrl+C then A to abort" +# tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2c: Update fabric using state replaced (complete replacement)" + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - name: "{{ test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65004" # Changed ASN + site_id: "65004" # Changed site_id + banner: "^ Updated via replaced state ^" # Added banner + register: replaced_result_3 + tags: [test_replaced, test_replaced_update] + +- name: "TEST 2c: Verify fabric was completely replaced" + assert: + that: + - replaced_result_3 is changed + - replaced_result_3 is not failed + fail_msg: "Fabric replacement with state replaced failed" + success_msg: "Fabric successfully replaced with state replaced" + tags: [test_replaced, test_replaced_update] + +# ############################################################################# +# # VALIDATION: Query test_fabric_replaced and validate expected changes +# ############################################################################# +# Get authentication token first +- name: "VALIDATION 2: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response_2 + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Query test_fabric_replaced configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ test_fabric_replaced }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response_2.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: replaced_fabric_query + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Parse fabric configuration response" + set_fact: + replaced_fabric_config: "{{ replaced_fabric_query.json }}" + tags: [test_replaced, test_replaced_validation] + +# Network Range Validations +- name: "VALIDATION 2: Verify L3 VNI Range was standardized to 50000-59000" + assert: + that: + - replaced_fabric_config.management.l3VniRange == "50000-59000" + fail_msg: "L3 VNI Range validation failed. Expected: 50000-59000, Actual: {{ replaced_fabric_config.management.l3VniRange }}" + success_msg: "✓ L3 VNI Range correctly standardized to 50000-59000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify L2 VNI Range was standardized to 30000-49000" + assert: + that: + - replaced_fabric_config.management.l2VniRange == "30000-49000" + fail_msg: "L2 VNI Range validation failed. Expected: 30000-49000, Actual: {{ replaced_fabric_config.management.l2VniRange }}" + success_msg: "✓ L2 VNI Range correctly standardized to 30000-49000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify BGP Loopback IP Range was standardized to 10.2.0.0/22" + assert: + that: + - replaced_fabric_config.management.bgpLoopbackIpRange == "10.2.0.0/22" + fail_msg: "BGP Loopback IP Range validation failed. Expected: 10.2.0.0/22, Actual: {{ replaced_fabric_config.management.bgpLoopbackIpRange }}" + success_msg: "✓ BGP Loopback IP Range correctly standardized to 10.2.0.0/22" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NVE Loopback IP Range was standardized to 10.3.0.0/22" + assert: + that: + - replaced_fabric_config.management.nveLoopbackIpRange == "10.3.0.0/22" + fail_msg: "NVE Loopback IP Range validation failed. Expected: 10.3.0.0/22, Actual: {{ replaced_fabric_config.management.nveLoopbackIpRange }}" + success_msg: "✓ NVE Loopback IP Range correctly standardized to 10.3.0.0/22" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Intra-Fabric Subnet Range was standardized to 10.4.0.0/16" + assert: + that: + - replaced_fabric_config.management.intraFabricSubnetRange == "10.4.0.0/16" + fail_msg: "Intra-Fabric Subnet Range validation failed. Expected: 10.4.0.0/16, Actual: {{ replaced_fabric_config.management.intraFabricSubnetRange }}" + success_msg: "✓ Intra-Fabric Subnet Range correctly standardized to 10.4.0.0/16" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VRF Lite Subnet Range was standardized to 10.33.0.0/16" + assert: + that: + - replaced_fabric_config.management.vrfLiteSubnetRange == "10.33.0.0/16" + fail_msg: "VRF Lite Subnet Range validation failed. Expected: 10.33.0.0/16, Actual: {{ replaced_fabric_config.management.vrfLiteSubnetRange }}" + success_msg: "✓ VRF Lite Subnet Range correctly standardized to 10.33.0.0/16" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Anycast RP IP Range was standardized to 10.254.254.0/24" + assert: + that: + - replaced_fabric_config.management.anycastRendezvousPointIpRange == "10.254.254.0/24" + fail_msg: "Anycast RP IP Range validation failed. Expected: 10.254.254.0/24, Actual: {{ replaced_fabric_config.management.anycastRendezvousPointIpRange }}" + success_msg: "✓ Anycast RP IP Range correctly standardized to 10.254.254.0/24" + tags: [test_replaced, test_replaced_validation] + +# VLAN Range Validations +- name: "VALIDATION 2: Verify Network VLAN Range was standardized to 2300-2999" + assert: + that: + - replaced_fabric_config.management.networkVlanRange == "2300-2999" + fail_msg: "Network VLAN Range validation failed. Expected: 2300-2999, Actual: {{ replaced_fabric_config.management.networkVlanRange }}" + success_msg: "✓ Network VLAN Range correctly standardized to 2300-2999" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VRF VLAN Range was standardized to 2000-2299" + assert: + that: + - replaced_fabric_config.management.vrfVlanRange == "2000-2299" + fail_msg: "VRF VLAN Range validation failed. Expected: 2000-2299, Actual: {{ replaced_fabric_config.management.vrfVlanRange }}" + success_msg: "✓ VRF VLAN Range correctly standardized to 2000-2299" + tags: [test_replaced, test_replaced_validation] + +# MTU Validations +- name: "VALIDATION 2: Verify Fabric MTU was increased to 9216" + assert: + that: + - replaced_fabric_config.management.fabricMtu == 9216 + fail_msg: "Fabric MTU validation failed. Expected: 9216, Actual: {{ replaced_fabric_config.management.fabricMtu }}" + success_msg: "✓ Fabric MTU correctly increased to 9216" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify L2 Host Interface MTU was increased to 9216" + assert: + that: + - replaced_fabric_config.management.l2HostInterfaceMtu == 9216 + fail_msg: "L2 Host Interface MTU validation failed. Expected: 9216, Actual: {{ replaced_fabric_config.management.l2HostInterfaceMtu }}" + success_msg: "✓ L2 Host Interface MTU correctly increased to 9216" + tags: [test_replaced, test_replaced_validation] + +# Gateway and Multicast Validations +- name: "VALIDATION 2: Verify Anycast Gateway MAC was standardized to 2020.0000.00aa" + assert: + that: + - replaced_fabric_config.management.anycastGatewayMac == "2020.0000.00aa" + fail_msg: "Anycast Gateway MAC validation failed. Expected: 2020.0000.00aa, Actual: {{ replaced_fabric_config.management.anycastGatewayMac }}" + success_msg: "✓ Anycast Gateway MAC correctly standardized to 2020.0000.00aa" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Multicast Group Subnet was standardized to 239.1.1.0/25" + assert: + that: + - replaced_fabric_config.management.multicastGroupSubnet == "239.1.1.0/25" + fail_msg: "Multicast Group Subnet validation failed. Expected: 239.1.1.0/25, Actual: {{ replaced_fabric_config.management.multicastGroupSubnet }}" + success_msg: "✓ Multicast Group Subnet correctly standardized to 239.1.1.0/25" + tags: [test_replaced, test_replaced_validation] + +# VPC Configuration Validations +- name: "VALIDATION 2: Verify VPC Auto Recovery Timer was standardized to 360" + assert: + that: + - replaced_fabric_config.management.vpcAutoRecoveryTimer == 360 + fail_msg: "VPC Auto Recovery Timer validation failed. Expected: 360, Actual: {{ replaced_fabric_config.management.vpcAutoRecoveryTimer }}" + success_msg: "✓ VPC Auto Recovery Timer correctly standardized to 360" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Delay Restore Timer was standardized to 150" + assert: + that: + - replaced_fabric_config.management.vpcDelayRestoreTimer == 150 + fail_msg: "VPC Delay Restore Timer validation failed. Expected: 150, Actual: {{ replaced_fabric_config.management.vpcDelayRestoreTimer }}" + success_msg: "✓ VPC Delay Restore Timer correctly standardized to 150" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Peer Link Port Channel ID was standardized to 500" + assert: + that: + - replaced_fabric_config.management.vpcPeerLinkPortChannelId == "500" + fail_msg: "VPC Peer Link Port Channel ID validation failed. Expected: 500, Actual: {{ replaced_fabric_config.management.vpcPeerLinkPortChannelId }}" + success_msg: "✓ VPC Peer Link Port Channel ID correctly standardized to 500" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Peer Link VLAN was standardized to 3600" + assert: + that: + - replaced_fabric_config.management.vpcPeerLinkVlan == "3600" + fail_msg: "VPC Peer Link VLAN validation failed. Expected: 3600, Actual: {{ replaced_fabric_config.management.vpcPeerLinkVlan }}" + success_msg: "✓ VPC Peer Link VLAN correctly standardized to 3600" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Domain ID Range was standardized to 1-1000" + assert: + that: + - replaced_fabric_config.management.vpcDomainIdRange == "1-1000" + fail_msg: "VPC Domain ID Range validation failed. Expected: 1-1000, Actual: {{ replaced_fabric_config.management.vpcDomainIdRange }}" + success_msg: "✓ VPC Domain ID Range correctly standardized to 1-1000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC IPv6 Neighbor Discovery Sync was enabled" + assert: + that: + - replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync == true + fail_msg: "VPC IPv6 Neighbor Discovery Sync validation failed. Expected: true, Actual: {{ replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync }}" + success_msg: "✓ VPC IPv6 Neighbor Discovery Sync correctly enabled" + tags: [test_replaced, test_replaced_validation] + +# Multicast Settings Validations +- name: "VALIDATION 2: Verify Rendezvous Point Count was standardized to 2" + assert: + that: + - replaced_fabric_config.management.rendezvousPointCount == 2 + fail_msg: "Rendezvous Point Count validation failed. Expected: 2, Actual: {{ replaced_fabric_config.management.rendezvousPointCount }}" + success_msg: "✓ Rendezvous Point Count correctly standardized to 2" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Rendezvous Point Loopback ID was standardized to 254" + assert: + that: + - replaced_fabric_config.management.rendezvousPointLoopbackId == 254 + fail_msg: "Rendezvous Point Loopback ID validation failed. Expected: 254, Actual: {{ replaced_fabric_config.management.rendezvousPointLoopbackId }}" + success_msg: "✓ Rendezvous Point Loopback ID correctly standardized to 254" + tags: [test_replaced, test_replaced_validation] + +# Feature Flag Validations +- name: "VALIDATION 2: Verify TCAM Allocation was enabled" + assert: + that: + - replaced_fabric_config.management.tcamAllocation == true + fail_msg: "TCAM Allocation validation failed. Expected: true, Actual: {{ replaced_fabric_config.management.tcamAllocation }}" + success_msg: "✓ TCAM Allocation correctly enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Real Time Interface Statistics Collection was disabled" + assert: + that: + - replaced_fabric_config.management.realTimeInterfaceStatisticsCollection == false + fail_msg: "Real Time Interface Statistics Collection validation failed. Expected: false, Actual: {{ replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }}" + success_msg: "✓ Real Time Interface Statistics Collection correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Performance Monitoring was disabled" + assert: + that: + - replaced_fabric_config.management.performanceMonitoring == false + fail_msg: "Performance Monitoring validation failed. Expected: false, Actual: {{ replaced_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Tenant DHCP was enabled" + assert: + that: + - replaced_fabric_config.management.tenantDhcp == true + fail_msg: "Tenant DHCP validation failed. Expected: true, Actual: {{ replaced_fabric_config.management.tenantDhcp }}" + success_msg: "✓ Tenant DHCP correctly enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify SNMP Trap was enabled" + assert: + that: + - replaced_fabric_config.management.snmpTrap == true + fail_msg: "SNMP Trap validation failed. Expected: true, Actual: {{ replaced_fabric_config.management.snmpTrap }}" + success_msg: "✓ SNMP Trap correctly enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Greenfield Debug Flag was disabled" + assert: + that: + - replaced_fabric_config.management.greenfieldDebugFlag == "disable" + fail_msg: "Greenfield Debug Flag validation failed. Expected: disable, Actual: {{ replaced_fabric_config.management.greenfieldDebugFlag }}" + success_msg: "✓ Greenfield Debug Flag correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI HTTP was enabled" + assert: + that: + - replaced_fabric_config.management.nxapiHttp == true + fail_msg: "NXAPI HTTP validation failed. Expected: true, Actual: {{ replaced_fabric_config.management.nxapiHttp }}" + success_msg: "✓ NXAPI HTTP correctly enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI was disabled" + assert: + that: + - replaced_fabric_config.management.nxapi == false + fail_msg: "NXAPI validation failed. Expected: false, Actual: {{ replaced_fabric_config.management.nxapi }}" + success_msg: "✓ NXAPI correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Per VRF Loopback Auto Provision was disabled" + assert: + that: + - replaced_fabric_config.management.perVrfLoopbackAutoProvision == false + fail_msg: "Per VRF Loopback Auto Provision validation failed. Expected: false, Actual: {{ replaced_fabric_config.management.perVrfLoopbackAutoProvision }}" + success_msg: "✓ Per VRF Loopback Auto Provision correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Per VRF Loopback Auto Provision IPv6 was disabled" + assert: + that: + - replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 == false + fail_msg: "Per VRF Loopback Auto Provision IPv6 validation failed. Expected: false, Actual: {{ replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 }}" + success_msg: "✓ Per VRF Loopback Auto Provision IPv6 correctly disabled" + tags: [test_replaced, test_replaced_validation] + +# Verify banner was preserved +- name: "VALIDATION 2: Verify Banner was preserved" + assert: + that: + - replaced_fabric_config.management.banner == "^ Updated via replaced state ^" + fail_msg: "Banner validation failed. Expected: '^ Updated via replaced state ^', Actual: {{ replaced_fabric_config.management.banner }}" + success_msg: "✓ Banner correctly preserved: '{{ replaced_fabric_config.management.banner }}'" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Display successful validation summary for test_fabric_replaced" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for test_fabric_replaced: + ======================================== + Network Ranges: + ✓ L3 VNI Range: {{ replaced_fabric_config.management.l3VniRange }} + ✓ L2 VNI Range: {{ replaced_fabric_config.management.l2VniRange }} + ✓ BGP Loopback IP Range: {{ replaced_fabric_config.management.bgpLoopbackIpRange }} + ✓ NVE Loopback IP Range: {{ replaced_fabric_config.management.nveLoopbackIpRange }} + ✓ Intra-Fabric Subnet Range: {{ replaced_fabric_config.management.intraFabricSubnetRange }} + ✓ VRF Lite Subnet Range: {{ replaced_fabric_config.management.vrfLiteSubnetRange }} + ✓ Anycast RP IP Range: {{ replaced_fabric_config.management.anycastRendezvousPointIpRange }} + + VLAN Ranges: + ✓ Network VLAN Range: {{ replaced_fabric_config.management.networkVlanRange }} + ✓ VRF VLAN Range: {{ replaced_fabric_config.management.vrfVlanRange }} + + MTU Settings: + ✓ Fabric MTU: {{ replaced_fabric_config.management.fabricMtu }} + ✓ L2 Host Interface MTU: {{ replaced_fabric_config.management.l2HostInterfaceMtu }} + + VPC Configuration: + ✓ VPC Auto Recovery Timer: {{ replaced_fabric_config.management.vpcAutoRecoveryTimer }} + ✓ VPC Delay Restore Timer: {{ replaced_fabric_config.management.vpcDelayRestoreTimer }} + ✓ VPC Peer Link Port Channel ID: {{ replaced_fabric_config.management.vpcPeerLinkPortChannelId }} + ✓ VPC Peer Link VLAN: {{ replaced_fabric_config.management.vpcPeerLinkVlan }} + ✓ VPC Domain ID Range: {{ replaced_fabric_config.management.vpcDomainIdRange }} + ✓ VPC IPv6 Neighbor Discovery Sync: {{ replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync }} + + Gateway & Multicast: + ✓ Anycast Gateway MAC: {{ replaced_fabric_config.management.anycastGatewayMac }} + ✓ Multicast Group Subnet: {{ replaced_fabric_config.management.multicastGroupSubnet }} + ✓ Rendezvous Point Count: {{ replaced_fabric_config.management.rendezvousPointCount }} + ✓ Rendezvous Point Loopback ID: {{ replaced_fabric_config.management.rendezvousPointLoopbackId }} + + Feature Flags: + ✓ TCAM Allocation: {{ replaced_fabric_config.management.tcamAllocation }} + ✓ Real Time Interface Statistics Collection: {{ replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }} + ✓ Performance Monitoring: {{ replaced_fabric_config.management.performanceMonitoring }} + ✓ Tenant DHCP: {{ replaced_fabric_config.management.tenantDhcp }} + ✓ SNMP Trap: {{ replaced_fabric_config.management.snmpTrap }} + ✓ Greenfield Debug Flag: {{ replaced_fabric_config.management.greenfieldDebugFlag }} + ✓ NXAPI HTTP: {{ replaced_fabric_config.management.nxapiHttp }} + ✓ NXAPI: {{ replaced_fabric_config.management.nxapi }} + + Auto-Provisioning: + ✓ Per VRF Loopback Auto Provision: {{ replaced_fabric_config.management.perVrfLoopbackAutoProvision }} + ✓ Per VRF Loopback Auto Provision IPv6: {{ replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 }} + + Preserved Settings: + ✓ Banner: "{{ replaced_fabric_config.management.banner }}" + + All 30+ expected changes validated successfully! + ======================================== + tags: [test_replaced, test_replaced_validation] + +# - name: "PAUSE: Review TEST 2c results before continuing" +# ansible.builtin.pause: +# prompt: "TEST 2c complete. Review results and press Enter to continue, or Ctrl+C then A to abort" +# tags: [test_replaced, test_replaced_idempotent] + +############################################################################# +# TEST 3: Demonstrate difference between merged and replaced states +############################################################################# +- name: "TEST 3: Create fabric for merged vs replaced comparison" + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - "{{ {'name': test_fabric_deleted} | combine(common_fabric_config) }}" + register: comparison_fabric_creation + tags: [test_comparison] + +- name: "TEST 3a: Partial update using merged state (should merge changes)" + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - name: "{{ test_fabric_deleted }}" + category: fabric + management: + bgp_asn: "65099" # Only updating ASN + fabric_mtu: 8000 # Only updating MTU + register: merged_partial_result + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3a: Verify merged state preserves existing configuration" + assert: + that: + - merged_partial_result is changed + - merged_partial_result is not failed + fail_msg: "Partial update with merged state failed" + success_msg: "Merged state successfully performed partial update" + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3b: Partial update using replaced state (should replace entire config)" + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - name: "{{ test_fabric_deleted }}" + category: fabric + management: + type: vxlanIbgp + bgp_asn: "65100" # Only specifying minimal config for replaced + target_subnet_mask: 30 + register: replaced_partial_result + tags: [test_comparison, test_replaced_partial] + +- name: "TEST 3b: Verify replaced state performs complete replacement" + assert: + that: + - replaced_partial_result is changed + - replaced_partial_result is not failed + fail_msg: "Partial replacement with replaced state failed" + success_msg: "Replaced state successfully performed complete replacement" + tags: [test_comparison, test_replaced_partial] + +############################################################################# +# TEST 4: STATE DELETED - Delete fabrics +############################################################################# +- name: "TEST 4a: Delete fabric using state deleted" + cisco.nd.nd_manage_fabric_ibgp: + state: deleted + config: + - name: "{{ test_fabric_deleted }}" + register: deleted_result_1 + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4a: Verify fabric was deleted" + assert: + that: + - deleted_result_1 is changed + - deleted_result_1 is not failed + fail_msg: "Fabric deletion with state deleted failed" + success_msg: "Fabric successfully deleted with state deleted" + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4b: Delete fabric using state deleted (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ibgp: + state: deleted + config: + - name: "{{ test_fabric_deleted }}" + register: deleted_result_2 + tags: [test_deleted, test_deleted_idempotent] + +- name: "TEST 4b: Verify deleted state is idempotent" + assert: + that: + - deleted_result_2 is not changed + - deleted_result_2 is not failed + fail_msg: "Deleted state is not idempotent - should not change when deleting non-existent fabric" + success_msg: "Deleted state is idempotent - no changes when deleting non-existent fabric" + tags: [test_deleted, test_deleted_idempotent] + +############################################################################# +# TEST 5: Multiple fabric operations in single task +############################################################################# +- name: "TEST 5: Multiple fabric operations in single task" + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - name: "multi_fabric_1" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65101" + site_id: "65101" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0001" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + # vpc_ipv6_neighbor_discovery_sync: true + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.101.0.0/22" + nve_loopback_ip_range: "10.103.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.101.0/24" + intra_fabric_subnet_range: "10.104.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.133.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.105.0.0/22" + # per_vrf_loopback_auto_provision_ipv6: false + # per_vrf_loopback_ipv6_range: "fd00::a105:0/112" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + # management_ipv6_prefix: 64 + - name: "multi_fabric_2" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65102" + site_id: "65102" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0002" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + # vpc_ipv6_neighbor_discovery_sync: true + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.102.0.0/22" + nve_loopback_ip_range: "10.103.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.102.0/24" + intra_fabric_subnet_range: "10.104.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.134.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.106.0.0/22" + # per_vrf_loopback_auto_provision_ipv6: false + # per_vrf_loopback_ipv6_range: "fd00::a106:0/112" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + # management_ipv6_prefix: 64 + register: multi_fabric_result + tags: [test_multi, test_multi_create] + +- name: "TEST 5: Verify multiple fabrics were created" + assert: + that: + - multi_fabric_result is changed + - multi_fabric_result is not failed + fail_msg: "Multiple fabric creation failed" + success_msg: "Multiple fabrics successfully created" + tags: [test_multi, test_multi_create] + +############################################################################# +# FINAL CLEANUP - Clean up all test fabrics +############################################################################# +- name: "CLEANUP: Delete all test fabrics" + cisco.nd.nd_manage_fabric_ibgp: + state: deleted + config: + - name: "{{ test_fabric_merged }}" + - name: "{{ test_fabric_replaced }}" + - name: "{{ test_fabric_deleted }}" + - name: "multi_fabric_1" + - name: "multi_fabric_2" + ignore_errors: true + tags: [cleanup, always] + +############################################################################# +# TEST SUMMARY +############################################################################# +- name: "TEST SUMMARY: Display test results" + debug: + msg: | + ======================================================== + TEST SUMMARY for cisco.nd.nd_manage_fabric_ibgp module: + ======================================================== + ✓ TEST 1: STATE MERGED + - Create fabric: {{ 'PASSED' if merged_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if merged_result_2 is not changed else 'FAILED' }} + - Update fabric: {{ 'PASSED' if merged_result_3 is changed else 'FAILED' }} + + ✓ TEST 2: STATE REPLACED + - Create fabric: {{ 'PASSED' if replaced_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if replaced_result_2 is not changed else 'FAILED' }} + - Replace fabric: {{ 'PASSED' if replaced_result_3 is changed else 'FAILED' }} + + ✓ TEST 3: MERGED vs REPLACED Comparison + - Merged partial: {{ 'PASSED' if merged_partial_result is changed else 'FAILED' }} + - Replaced partial: {{ 'PASSED' if replaced_partial_result is changed else 'FAILED' }} + + ✓ TEST 4: STATE DELETED + - Delete fabric: {{ 'PASSED' if deleted_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if deleted_result_2 is not changed else 'FAILED' }} + + ✓ TEST 5: MULTIPLE FABRICS + - Multi-create: {{ 'PASSED' if multi_fabric_result is changed else 'FAILED' }} + + All tests validate: + - State merged: Creates and updates fabrics by merging changes + - State replaced: Creates and completely replaces fabric configuration + - State deleted: Removes fabrics + - Idempotency: All operations are idempotent when run multiple times + - Difference: Merged preserves existing config, replaced overwrites completely + ======================================== + tags: [summary, always] \ No newline at end of file diff --git a/tests/integration/targets/nd_manage_fabric/tasks/main.yaml b/tests/integration/targets/nd_manage_fabric/tasks/main.yaml new file mode 100644 index 00000000..eacc3be3 --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Run nd_manage_fabric iBGP tests + ansible.builtin.include_tasks: fabric_ibgp.yaml + +- name: Run nd_manage_fabric eBGP tests + ansible.builtin.include_tasks: fabric_ebgp.yaml + +- name: Run nd_manage_fabric External Connectivity tests + ansible.builtin.include_tasks: fabric_external.yaml diff --git a/tests/integration/targets/nd_manage_fabric/vars/main.yaml b/tests/integration/targets/nd_manage_fabric/vars/main.yaml new file mode 100644 index 00000000..d15748d5 --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/vars/main.yaml @@ -0,0 +1,209 @@ +--- + +test_fabric_merged: "ibgp_test_fabric_merged" +test_fabric_replaced: "ibgp_test_fabric_replaced" +test_fabric_deleted: "ibgp_test_fabric_deleted" + +ebgp_test_fabric_merged: "ebgp_test_fabric_merged" +ebgp_test_fabric_replaced: "ebgp_test_fabric_replaced" +ebgp_test_fabric_deleted: "ebgp_test_fabric_deleted" + +ext_test_fabric_merged: "ext_test_fabric_merged" +ext_test_fabric_replaced: "ext_test_fabric_replaced" +ext_test_fabric_deleted: "ext_test_fabric_deleted" + +# Common fabric configuration for all tests +common_fabric_config: + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65001.55" + site_id: "65001" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + +# Common External Connectivity fabric configuration for all External tests +common_external_fabric_config: + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65001" + copp_policy: manual + create_bgp_config: true + cdp: false + snmp_trap: true + nxapi: false + nxapi_http: false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: redundant + ptp: false + ptp_domain_id: 0 + ptp_loopback_id: 0 + mpls_handoff: false + mpls_loopback_ip_range: "10.102.0.0/25" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + +# Common eBGP fabric configuration for all eBGP tests +common_ebgp_fabric_config: + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65001" + bgp_asn_auto_allocation: false + site_id: "65001" + bgp_as_mode: multiAS + bgp_allow_as_in_num: 1 + bgp_max_path: 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 From f8b924bdcd3aec321ef46046c1cfd07a8017762a Mon Sep 17 00:00:00 2001 From: mwiebe Date: Fri, 27 Mar 2026 15:36:32 -0400 Subject: [PATCH 2/4] Update ibgp model enums --- .../models/manage_fabric/enums.py | 144 ++++++++++++++++++ .../manage_fabric/manage_fabric_ibgp.py | 72 +++++---- .../nd_manage_fabric/tasks/fabric_ebgp.yaml | 4 +- .../nd_manage_fabric/tasks/fabric_ibgp.yaml | 4 +- 4 files changed, 188 insertions(+), 36 deletions(-) diff --git a/plugins/module_utils/models/manage_fabric/enums.py b/plugins/module_utils/models/manage_fabric/enums.py index 5d36756c..2386db54 100644 --- a/plugins/module_utils/models/manage_fabric/enums.py +++ b/plugins/module_utils/models/manage_fabric/enums.py @@ -64,10 +64,12 @@ class LicenseTierEnum(str, Enum): ## Values - `ESSENTIALS` - Essentials license tier + - `ADVANTAGE` - Advantage license tier - `PREMIER` - Premier license tier """ ESSENTIALS = "essentials" + ADVANTAGE = "advantage" PREMIER = "premier" @@ -249,3 +251,145 @@ class FirstHopRedundancyProtocolEnum(str, Enum): HSRP = "hsrp" VRRP = "vrrp" + + +class AimlQosPolicyEnum(str, Enum): + """ + # Summary + + Enumeration for AI/ML QoS policy options based on fabric link speed. + """ + + V_800G = "800G" + V_400G = "400G" + V_100G = "100G" + V_25G = "25G" + USER_DEFINED = "User-defined" + + +class AllowVlanOnLeafTorPairingEnum(str, Enum): + """ + # Summary + + Enumeration for allowed VLAN on leaf-TOR pairing port-channels. + """ + + NONE = "none" + ALL = "all" + + +class BgpAuthenticationKeyTypeEnum(str, Enum): + """ + # Summary + + Enumeration for BGP authentication key encryption types. + """ + + THREE_DES = "3des" + TYPE6 = "type6" + TYPE7 = "type7" + + +class DlbMixedModeDefaultEnum(str, Enum): + """ + # Summary + + Enumeration for DLB mixed mode default options. + """ + + ECMP = "ecmp" + FLOWLET = "flowlet" + PER_PACKET = "per-packet" + + +class DlbModeEnum(str, Enum): + """ + # Summary + + Enumeration for DLB mode options. + """ + + FLOWLET = "flowlet" + PER_PACKET = "per-packet" + POLICY_DRIVEN_FLOWLET = "policy-driven-flowlet" + POLICY_DRIVEN_PER_PACKET = "policy-driven-per-packet" + POLICY_DRIVEN_MIXED_MODE = "policy-driven-mixed-mode" + + +class MacsecAlgorithmEnum(str, Enum): + """ + # Summary + + Enumeration for MACsec cryptographic algorithm options. + """ + + AES_128_CMAC = "AES_128_CMAC" + AES_256_CMAC = "AES_256_CMAC" + + +class MacsecCipherSuiteEnum(str, Enum): + """ + # Summary + + Enumeration for MACsec cipher suite options. + """ + + GCM_AES_128 = "GCM-AES-128" + GCM_AES_256 = "GCM-AES-256" + GCM_AES_XPN_128 = "GCM-AES-XPN-128" + GCM_AES_XPN_256 = "GCM-AES-XPN-256" + + +class RendezvousPointCountEnum(int, Enum): + """ + # Summary + + Enumeration for number of spines acting as Rendezvous-Points. + """ + + TWO = 2 + FOUR = 4 + + +class RendezvousPointModeEnum(str, Enum): + """ + # Summary + + Enumeration for multicast rendezvous point mode. + """ + + ASM = "asm" + BIDIR = "bidir" + + +class RouteReflectorCountEnum(int, Enum): + """ + # Summary + + Enumeration for number of spines acting as Route-Reflectors. + """ + + TWO = 2 + FOUR = 4 + + +class UnderlayMulticastGroupAddressLimitEnum(int, Enum): + """ + # Summary + + Enumeration for underlay multicast group address limit. + """ + + V_128 = 128 + V_512 = 512 + + +class VrfLiteAutoConfigEnum(str, Enum): + """ + # Summary + + Enumeration for VRF Lite auto-config deployment options. + """ + + MANUAL = "manual" + BACK2BACK_AND_TO_EXTERNAL = "back2BackAndToExternal" diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py b/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py index 5e8169de..b68aeaf6 100644 --- a/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py @@ -38,6 +38,20 @@ SecurityGroupStatusEnum, StpRootOptionEnum, VpcPeerKeepAliveOptionEnum, + AimlQosPolicyEnum, + AllowVlanOnLeafTorPairingEnum, + BgpAuthenticationKeyTypeEnum, + DhcpProtocolVersionEnum, + DlbMixedModeDefaultEnum, + DlbModeEnum, + MacsecAlgorithmEnum, + MacsecCipherSuiteEnum, + PowerRedundancyModeEnum, + RendezvousPointCountEnum, + RendezvousPointModeEnum, + RouteReflectorCountEnum, + UnderlayMulticastGroupAddressLimitEnum, + VrfLiteAutoConfigEnum, ) @@ -547,12 +561,10 @@ class VxlanIbgpManagementModel(NDNestedModel): description="Auto-generate multicast group addresses", default=False ) - underlay_multicast_group_address_limit: int = Field( + underlay_multicast_group_address_limit: UnderlayMulticastGroupAddressLimitEnum = Field( alias="underlayMulticastGroupAddressLimit", description="Underlay multicast group address limit", - ge=1, - le=255, - default=128 + default=UnderlayMulticastGroupAddressLimitEnum.V_128 ) tenant_routed_multicast: bool = Field( alias="tenantRoutedMulticast", @@ -616,12 +628,10 @@ class VxlanIbgpManagementModel(NDNestedModel): # Loopback Configuration bgp_loopback_id: int = Field(alias="bgpLoopbackId", description="BGP loopback interface ID", ge=0, le=1023, default=0) nve_loopback_id: int = Field(alias="nveLoopbackId", description="NVE loopback interface ID", ge=0, le=1023, default=1) - route_reflector_count: int = Field( + route_reflector_count: RouteReflectorCountEnum = Field( alias="routeReflectorCount", description="Number of route reflectors", - ge=1, - le=4, - default=2 + default=RouteReflectorCountEnum.TWO ) # Templates @@ -650,10 +660,10 @@ class VxlanIbgpManagementModel(NDNestedModel): # Protocol Settings bgp_authentication: bool = Field(alias="bgpAuthentication", description="Enable BGP authentication", default=False) - bgp_authentication_key_type: str = Field( + bgp_authentication_key_type: BgpAuthenticationKeyTypeEnum = Field( alias="bgpAuthenticationKeyType", description="BGP authentication key type", - default="3des" + default=BgpAuthenticationKeyTypeEnum.THREE_DES ) bfd: bool = Field(description="Enable BFD", default=False) bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD for iBGP", default=False) @@ -680,12 +690,10 @@ class VxlanIbgpManagementModel(NDNestedModel): ) # Multicast Settings - rendezvous_point_count: int = Field( + rendezvous_point_count: RendezvousPointCountEnum = Field( alias="rendezvousPointCount", description="Number of rendezvous points", - ge=1, - le=4, - default=2 + default=RendezvousPointCountEnum.TWO ) rendezvous_point_loopback_id: int = Field( alias="rendezvousPointLoopbackId", @@ -722,7 +730,7 @@ class VxlanIbgpManagementModel(NDNestedModel): # Bootstrap / Day-0 / DHCP local_dhcp_server: bool = Field(alias="localDhcpServer", description="Enable local DHCP server", default=False) - dhcp_protocol_version: str = Field(alias="dhcpProtocolVersion", description="DHCP protocol version", default="dhcpv4") + dhcp_protocol_version: DhcpProtocolVersionEnum = Field(alias="dhcpProtocolVersion", description="DHCP protocol version", default=DhcpProtocolVersionEnum.DHCPV4) dhcp_start_address: str = Field(alias="dhcpStartAddress", description="DHCP start address", default="") dhcp_end_address: str = Field(alias="dhcpEndAddress", description="DHCP end address", default="") management_gateway: str = Field(alias="managementGateway", description="Management gateway", default="") @@ -775,7 +783,7 @@ class VxlanIbgpManagementModel(NDNestedModel): ) l3vni_multicast_group: str = Field(alias="l3vniMulticastGroup", description="L3 VNI multicast group", default="239.1.1.0") l3_vni_ipv6_multicast_group: str = Field(alias="l3VniIpv6MulticastGroup", description="L3 VNI IPv6 multicast group", default="ff1e::") - rendezvous_point_mode: str = Field(alias="rendezvousPointMode", description="Rendezvous point mode", default="asm") + rendezvous_point_mode: RendezvousPointModeEnum = Field(alias="rendezvousPointMode", description="Rendezvous point mode", default=RendezvousPointModeEnum.ASM) phantom_rendezvous_point_loopback_id1: int = Field( alias="phantomRendezvousPointLoopbackId1", description="Phantom RP loopback ID 1", default=2 ) @@ -792,7 +800,7 @@ class VxlanIbgpManagementModel(NDNestedModel): # VRF Lite / Sub-Interface sub_interface_dot1q_range: str = Field(alias="subInterfaceDot1qRange", description="Sub-interface 802.1q range", default="2-511") - vrf_lite_auto_config: str = Field(alias="vrfLiteAutoConfig", description="VRF lite auto-config mode", default="manual") + vrf_lite_auto_config: VrfLiteAutoConfigEnum = Field(alias="vrfLiteAutoConfig", description="VRF lite auto-config mode", default=VrfLiteAutoConfigEnum.MANUAL) vrf_lite_subnet_range: str = Field(alias="vrfLiteSubnetRange", description="VRF lite subnet range", default="10.33.0.0/16") vrf_lite_subnet_target_mask: int = Field(alias="vrfLiteSubnetTargetMask", description="VRF lite subnet target mask", default=30) auto_unique_vrf_lite_ip_prefix: bool = Field( @@ -868,27 +876,27 @@ class VxlanIbgpManagementModel(NDNestedModel): # MACsec macsec: bool = Field(description="Enable MACsec", default=False) - macsec_cipher_suite: str = Field(alias="macsecCipherSuite", description="MACsec cipher suite", default="GCM-AES-XPN-256") + macsec_cipher_suite: MacsecCipherSuiteEnum = Field(alias="macsecCipherSuite", description="MACsec cipher suite", default=MacsecCipherSuiteEnum.GCM_AES_XPN_256) macsec_key_string: str = Field(alias="macsecKeyString", description="MACsec key string", default="") - macsec_algorithm: str = Field(alias="macsecAlgorithm", description="MACsec algorithm", default="AES_128_CMAC") + macsec_algorithm: MacsecAlgorithmEnum = Field(alias="macsecAlgorithm", description="MACsec algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC) macsec_fallback_key_string: str = Field(alias="macsecFallbackKeyString", description="MACsec fallback key string", default="") - macsec_fallback_algorithm: str = Field(alias="macsecFallbackAlgorithm", description="MACsec fallback algorithm", default="AES_128_CMAC") + macsec_fallback_algorithm: MacsecAlgorithmEnum = Field(alias="macsecFallbackAlgorithm", description="MACsec fallback algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC) macsec_report_timer: int = Field(alias="macsecReportTimer", description="MACsec report timer", default=5) # VRF Lite MACsec vrf_lite_macsec: bool = Field(alias="vrfLiteMacsec", description="Enable VRF lite MACsec", default=False) - vrf_lite_macsec_cipher_suite: str = Field( - alias="vrfLiteMacsecCipherSuite", description="VRF lite MACsec cipher suite", default="GCM-AES-XPN-256" + vrf_lite_macsec_cipher_suite: MacsecCipherSuiteEnum = Field( + alias="vrfLiteMacsecCipherSuite", description="VRF lite MACsec cipher suite", default=MacsecCipherSuiteEnum.GCM_AES_XPN_256 ) vrf_lite_macsec_key_string: str = Field(alias="vrfLiteMacsecKeyString", description="VRF lite MACsec key string", default="") - vrf_lite_macsec_algorithm: str = Field( - alias="vrfLiteMacsecAlgorithm", description="VRF lite MACsec algorithm", default="AES_128_CMAC" + vrf_lite_macsec_algorithm: MacsecAlgorithmEnum = Field( + alias="vrfLiteMacsecAlgorithm", description="VRF lite MACsec algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC ) vrf_lite_macsec_fallback_key_string: str = Field( alias="vrfLiteMacsecFallbackKeyString", description="VRF lite MACsec fallback key string", default="" ) - vrf_lite_macsec_fallback_algorithm: str = Field( - alias="vrfLiteMacsecFallbackAlgorithm", description="VRF lite MACsec fallback algorithm", default="AES_128_CMAC" + vrf_lite_macsec_fallback_algorithm: MacsecAlgorithmEnum = Field( + alias="vrfLiteMacsecFallbackAlgorithm", description="VRF lite MACsec fallback algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC ) # Quantum Key Distribution / Trustpoint @@ -945,7 +953,7 @@ class VxlanIbgpManagementModel(NDNestedModel): alias="defaultQueuingPolicyOther", description="Default queuing policy other", default="queuing_policy_default_other" ) aiml_qos: bool = Field(alias="aimlQos", description="Enable AI/ML QoS", default=False) - aiml_qos_policy: str = Field(alias="aimlQosPolicy", description="AI/ML QoS policy", default="400G") + aiml_qos_policy: AimlQosPolicyEnum = Field(alias="aimlQosPolicy", description="AI/ML QoS policy", default=AimlQosPolicyEnum.V_400G) roce_v2: str = Field(alias="roceV2", description="RoCEv2 DSCP value", default="26") cnp: str = Field(description="CNP value", default="48") wred_min: int = Field(alias="wredMin", description="WRED minimum threshold", default=950) @@ -954,8 +962,8 @@ class VxlanIbgpManagementModel(NDNestedModel): wred_weight: int = Field(alias="wredWeight", description="WRED weight", default=0) bandwidth_remaining: int = Field(alias="bandwidthRemaining", description="Bandwidth remaining percentage", default=50) dlb: bool = Field(description="Enable dynamic load balancing", default=False) - dlb_mode: str = Field(alias="dlbMode", description="DLB mode", default="flowlet") - dlb_mixed_mode_default: str = Field(alias="dlbMixedModeDefault", description="DLB mixed mode default", default="ecmp") + dlb_mode: DlbModeEnum = Field(alias="dlbMode", description="DLB mode", default=DlbModeEnum.FLOWLET) + dlb_mixed_mode_default: DlbMixedModeDefaultEnum = Field(alias="dlbMixedModeDefault", description="DLB mixed mode default", default=DlbMixedModeDefaultEnum.ECMP) flowlet_aging: int = Field(alias="flowletAging", description="Flowlet aging interval", default=1) flowlet_dscp: str = Field(alias="flowletDscp", description="Flowlet DSCP value", default="") per_packet_dscp: str = Field(alias="perPacketDscp", description="Per-packet DSCP value", default="") @@ -989,8 +997,8 @@ class VxlanIbgpManagementModel(NDNestedModel): description="Default private VLAN secondary network template", default="Pvlan_Secondary_Network" ) - allow_vlan_on_leaf_tor_pairing: str = Field( - alias="allowVlanOnLeafTorPairing", description="Allow VLAN on leaf/TOR pairing", default="none" + allow_vlan_on_leaf_tor_pairing: AllowVlanOnLeafTorPairingEnum = Field( + alias="allowVlanOnLeafTorPairing", description="Allow VLAN on leaf/TOR pairing", default=AllowVlanOnLeafTorPairingEnum.NONE ) # Leaf / TOR @@ -1063,7 +1071,7 @@ class VxlanIbgpManagementModel(NDNestedModel): ) advanced_ssh_option: bool = Field(alias="advancedSshOption", description="Enable advanced SSH option", default=False) copp_policy: CoppPolicyEnum = Field(alias="coppPolicy", description="CoPP policy", default=CoppPolicyEnum.STRICT) - power_redundancy_mode: str = Field(alias="powerRedundancyMode", description="Power redundancy mode", default="redundant") + power_redundancy_mode: PowerRedundancyModeEnum = Field(alias="powerRedundancyMode", description="Power redundancy mode", default=PowerRedundancyModeEnum.REDUNDANT) host_interface_admin_state: bool = Field( alias="hostInterfaceAdminState", description="Host interface admin state", default=True ) diff --git a/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml index f8cf517e..1d22adb2 100644 --- a/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml +++ b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml @@ -286,7 +286,7 @@ auto_generate_multicast_group_address: false underlay_multicast_group_address_limit: 128 tenant_routed_multicast: false - rendezvous_point_count: 3 # Different from default 2 + rendezvous_point_count: 4 # Different from default 2 rendezvous_point_loopback_id: 253 # Different from default 254 vpc_peer_link_vlan: "3700" # Different from default 3600 vpc_peer_link_enable_native_vlan: false @@ -386,7 +386,7 @@ auto_generate_multicast_group_address: false underlay_multicast_group_address_limit: 128 tenant_routed_multicast: false - rendezvous_point_count: 3 + rendezvous_point_count: 4 rendezvous_point_loopback_id: 253 vpc_peer_link_vlan: "3700" vpc_peer_link_enable_native_vlan: false diff --git a/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml index 30b77c59..b4385dc2 100644 --- a/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml +++ b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml @@ -282,7 +282,7 @@ auto_generate_multicast_group_address: false underlay_multicast_group_address_limit: 128 tenant_routed_multicast: false - rendezvous_point_count: 3 # DIfferent from default count + rendezvous_point_count: 4 # DIfferent from default count rendezvous_point_loopback_id: 253 # DIfferent from default loopback vpc_peer_link_vlan: "3700" # DIfferent from default VLAN vpc_peer_link_enable_native_vlan: false @@ -376,7 +376,7 @@ auto_generate_multicast_group_address: false underlay_multicast_group_address_limit: 128 tenant_routed_multicast: false - rendezvous_point_count: 3 # DIfferent from default count + rendezvous_point_count: 4 # DIfferent from default count rendezvous_point_loopback_id: 253 # DIfferent from default loopback vpc_peer_link_vlan: "3700" # DIfferent from default VLAN vpc_peer_link_enable_native_vlan: false From a4f7f9189f65c65a935f4d0f665186ede6391a11 Mon Sep 17 00:00:00 2001 From: mwiebe Date: Fri, 27 Mar 2026 17:37:46 -0400 Subject: [PATCH 3/4] Update pydantic model and module docstrings for ibgp --- .../manage_fabric/manage_fabric_ibgp.py | 1343 +++++++++++++---- plugins/modules/nd_manage_fabric_ibgp.py | 583 ++++++- 2 files changed, 1610 insertions(+), 316 deletions(-) diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py b/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py index b68aeaf6..4275dbd9 100644 --- a/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py @@ -464,7 +464,11 @@ class ExternalStreamingSettingsModel(NDNestedModel): ) email: List[Dict[str, Any]] = Field(description="Email streaming configuration", default_factory=list) - message_bus: List[Dict[str, Any]] = Field(alias="messageBus", description="Message bus configuration", default_factory=list) + message_bus: List[Dict[str, Any]] = Field( + alias="messageBus", + description="Message bus configuration", + default_factory=list + ) syslog: Dict[str, Any] = Field( description="Syslog streaming configuration", default_factory=lambda: { @@ -499,11 +503,18 @@ class VxlanIbgpManagementModel(NDNestedModel): ) # Fabric Type (required for discriminated union) - type: Literal[FabricTypeEnum.VXLAN_IBGP] = Field(description="Fabric management type", default=FabricTypeEnum.VXLAN_IBGP) + type: Literal[FabricTypeEnum.VXLAN_IBGP] = Field( + description="Type of the fabric", + default=FabricTypeEnum.VXLAN_IBGP + ) # Core iBGP Configuration - bgp_asn: str = Field(alias="bgpAsn", description="BGP Autonomous System Number 1-4294967295 | 1-65535[.0-65535]") - site_id: Optional[str] = Field(alias="siteId", description="Site identifier for the fabric", default="") + bgp_asn: str = Field(alias="bgpAsn", description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]") + site_id: Optional[str] = Field( + alias="siteId", + description="For EVPN Multi-Site Support. Defaults to Fabric ASN", + default="" + ) # Name under management section is optional for backward compatibility, but if provided must be non-empty string name: Optional[str] = Field(description="Fabric name", min_length=1, max_length=64, default="") @@ -519,509 +530,1191 @@ class VxlanIbgpManagementModel(NDNestedModel): # Network Addressing bgp_loopback_ip_range: str = Field( alias="bgpLoopbackIpRange", - description="BGP loopback IP range", + description="Typically Loopback0 IP Address Range", default="10.2.0.0/22" ) nve_loopback_ip_range: str = Field( alias="nveLoopbackIpRange", - description="NVE loopback IP range", + description="Typically Loopback1 IP Address Range", default="10.3.0.0/22" ) anycast_rendezvous_point_ip_range: str = Field( alias="anycastRendezvousPointIpRange", - description="Anycast RP IP range", + description="Anycast or Phantom RP IP Address Range", default="10.254.254.0/24" ) intra_fabric_subnet_range: str = Field( alias="intraFabricSubnetRange", - description="Intra-fabric subnet range", + description="Address range to assign numbered and peer link SVI IPs", default="10.4.0.0/16" ) # VLAN and VNI Ranges - l2_vni_range: str = Field(alias="l2VniRange", description="Layer 2 VNI range", default="30000-49000") - l3_vni_range: str = Field(alias="l3VniRange", description="Layer 3 VNI range", default="50000-59000") - network_vlan_range: str = Field(alias="networkVlanRange", description="Network VLAN range", default="2300-2999") - vrf_vlan_range: str = Field(alias="vrfVlanRange", description="VRF VLAN range", default="2000-2299") + l2_vni_range: str = Field( + alias="l2VniRange", + description="Overlay network identifier range (minimum: 1, maximum: 16777214)", + default="30000-49000" + ) + l3_vni_range: str = Field( + alias="l3VniRange", + description="Overlay VRF identifier range (minimum: 1, maximum: 16777214)", + default="50000-59000" + ) + network_vlan_range: str = Field( + alias="networkVlanRange", + description="Per Switch Overlay Network VLAN Range (minimum: 2, maximum: 4094)", + default="2300-2999" + ) + vrf_vlan_range: str = Field( + alias="vrfVlanRange", + description="Per Switch Overlay VRF VLAN Range (minimum: 2, maximum: 4094)", + default="2000-2299" + ) # Overlay Configuration - overlay_mode: OverlayModeEnum = Field(alias="overlayMode", description="Overlay configuration mode", default=OverlayModeEnum.CLI) + overlay_mode: OverlayModeEnum = Field( + alias="overlayMode", + description="Overlay Mode. VRF/Network configuration using config-profile or CLI", + default=OverlayModeEnum.CLI + ) replication_mode: ReplicationModeEnum = Field( alias="replicationMode", - description="Multicast replication mode", + description="Replication Mode for BUM Traffic", default=ReplicationModeEnum.MULTICAST ) multicast_group_subnet: str = Field( alias="multicastGroupSubnet", - description="Multicast group subnet", + description=( + "Multicast pool prefix between 8 to 30. A multicast group ipv4 from this pool is used for BUM traffic for " + "each overlay network." + ), default="239.1.1.0/25" ) auto_generate_multicast_group_address: bool = Field( alias="autoGenerateMulticastGroupAddress", - description="Auto-generate multicast group addresses", + description="Generate a new multicast group address from the multicast pool using a round-robin approach", default=False ) underlay_multicast_group_address_limit: UnderlayMulticastGroupAddressLimitEnum = Field( alias="underlayMulticastGroupAddressLimit", - description="Underlay multicast group address limit", + description=( + "The maximum supported value is 128 for NX-OS version 10.2(1) or earlier " + "and 512 for versions above 10.2(1)" + ), default=UnderlayMulticastGroupAddressLimitEnum.V_128 ) tenant_routed_multicast: bool = Field( alias="tenantRoutedMulticast", - description="Enable tenant routed multicast", + description="For Overlay ipv4 Multicast Support In VXLAN Fabrics", default=False ) # Underlay Configuration link_state_routing_protocol: LinkStateRoutingProtocolEnum = Field( alias="linkStateRoutingProtocol", - description="Underlay routing protocol", + description="Underlay Routing Protocol. Used for Spine-Leaf Connectivity", default=LinkStateRoutingProtocolEnum.OSPF ) - ospf_area_id: str = Field(alias="ospfAreaId", description="OSPF area ID", default="0.0.0.0") - fabric_interface_type: FabricInterfaceTypeEnum = Field(alias="fabricInterfaceType", description="Fabric interface type", default=FabricInterfaceTypeEnum.P2P) + ospf_area_id: str = Field(alias="ospfAreaId", description="OSPF Area Id in IP address format", default="0.0.0.0") + fabric_interface_type: FabricInterfaceTypeEnum = Field( + alias="fabricInterfaceType", + description="Numbered(Point-to-Point) or unNumbered", + default=FabricInterfaceTypeEnum.P2P + ) # Advanced Features - target_subnet_mask: int = Field(alias="targetSubnetMask", description="Target subnet mask", ge=24, le=31, default=30) + target_subnet_mask: int = Field( + alias="targetSubnetMask", + description="Mask for underlay subnet IP range", + ge=24, + le=31, + default=30 + ) anycast_gateway_mac: str = Field( alias="anycastGatewayMac", - description="Anycast gateway MAC address", + description="Shared anycast gateway MAC address for all VTEPs", default="2020.0000.00aa" ) - fabric_mtu: int = Field(alias="fabricMtu", description="Fabric MTU size", ge=1500, le=9216, default=9216) + fabric_mtu: int = Field( + alias="fabricMtu", + description="Intra Fabric Interface MTU. Must be an even number", + ge=1500, + le=9216, + default=9216 + ) l2_host_interface_mtu: int = Field( alias="l2HostInterfaceMtu", - description="L2 host interface MTU", + description="Layer 2 host interface MTU. Must be an even number", ge=1500, le=9216, default=9216 ) # VPC Configuration - vpc_domain_id_range: str = Field(alias="vpcDomainIdRange", description="vPC domain ID range", default="1-1000") - vpc_peer_link_vlan: str = Field(alias="vpcPeerLinkVlan", description="vPC peer link VLAN", default="3600") + vpc_domain_id_range: str = Field( + alias="vpcDomainIdRange", + description="vPC Domain id range (minimum: 1, maximum: 1000) to use for new pairings", + default="1-1000" + ) + vpc_peer_link_vlan: str = Field( + alias="vpcPeerLinkVlan", + description="VLAN range (minimum: 2, maximum: 4094) for vPC Peer Link SVI", + default="3600" + ) vpc_peer_link_enable_native_vlan: bool = Field( alias="vpcPeerLinkEnableNativeVlan", - description="Enable native VLAN on vPC peer link", + description="Enable VpcPeer Link for Native Vlan", default=False ) vpc_peer_keep_alive_option: VpcPeerKeepAliveOptionEnum = Field( alias="vpcPeerKeepAliveOption", - description="vPC peer keep-alive option", + description="Use vPC Peer Keep Alive with Loopback or Management", default=VpcPeerKeepAliveOptionEnum.MANAGEMENT ) vpc_auto_recovery_timer: int = Field( alias="vpcAutoRecoveryTimer", - description="vPC auto recovery timer", + description="vPC auto recovery timer (in seconds)", ge=240, le=3600, default=360 ) vpc_delay_restore_timer: int = Field( alias="vpcDelayRestoreTimer", - description="vPC delay restore timer", + description="vPC delay restore timer (in seconds)", ge=1, le=3600, default=150 ) # Loopback Configuration - bgp_loopback_id: int = Field(alias="bgpLoopbackId", description="BGP loopback interface ID", ge=0, le=1023, default=0) - nve_loopback_id: int = Field(alias="nveLoopbackId", description="NVE loopback interface ID", ge=0, le=1023, default=1) + bgp_loopback_id: int = Field( + alias="bgpLoopbackId", + description="Underlay Routing Loopback Id", + ge=0, + le=1023, + default=0 + ) + nve_loopback_id: int = Field( + alias="nveLoopbackId", + description="Underlay VTEP loopback Id associated with the Network Virtualization Edge (nve) interface", + ge=0, + le=1023, + default=1 + ) route_reflector_count: RouteReflectorCountEnum = Field( alias="routeReflectorCount", - description="Number of route reflectors", + description="Number of spines acting as Route-Reflectors", default=RouteReflectorCountEnum.TWO ) # Templates - vrf_template: str = Field(alias="vrfTemplate", description="VRF template", default="Default_VRF_Universal") - network_template: str = Field(alias="networkTemplate", description="Network template", default="Default_Network_Universal") + vrf_template: str = Field( + alias="vrfTemplate", + description="Default overlay VRF template for leafs", + default="Default_VRF_Universal" + ) + network_template: str = Field( + alias="networkTemplate", + description="Default overlay network template for leafs", + default="Default_Network_Universal" + ) vrf_extension_template: str = Field( alias="vrfExtensionTemplate", - description="VRF extension template", + description="Default overlay VRF template for borders", default="Default_VRF_Extension_Universal" ) network_extension_template: str = Field( alias="networkExtensionTemplate", - description="Network extension template", + description="Default overlay network template for borders", default="Default_Network_Extension_Universal" ) # Optional Advanced Settings - performance_monitoring: bool = Field(alias="performanceMonitoring", description="Enable performance monitoring", default=False) - tenant_dhcp: bool = Field(alias="tenantDhcp", description="Enable tenant DHCP", default=True) - advertise_physical_ip: bool = Field(alias="advertisePhysicalIp", description="Advertise physical IP", default=False) + performance_monitoring: bool = Field( + alias="performanceMonitoring", + description=( + "If enabled, switch metrics are collected through periodic SNMP polling. " + "Alternative to real-time telemetry" + ), + default=False + ) + tenant_dhcp: bool = Field(alias="tenantDhcp", description="Enable Tenant DHCP", default=True) + advertise_physical_ip: bool = Field( + alias="advertisePhysicalIp", + description="For Primary VTEP IP Advertisement As Next-Hop Of Prefix Routes", + default=False + ) advertise_physical_ip_on_border: bool = Field( alias="advertisePhysicalIpOnBorder", - description="Advertise physical IP on border", + description=( + "Enable advertise-pip on vPC borders and border gateways only. Applicable only when vPC advertise-pip is " + "not enabled" + ), default=True ) # Protocol Settings - bgp_authentication: bool = Field(alias="bgpAuthentication", description="Enable BGP authentication", default=False) + bgp_authentication: bool = Field( + alias="bgpAuthentication", + description="Enables or disables the BGP authentication", + default=False + ) bgp_authentication_key_type: BgpAuthenticationKeyTypeEnum = Field( alias="bgpAuthenticationKeyType", - description="BGP authentication key type", + description="BGP key encryption type: 3 - 3DES, 6 - Cisco type 6, 7 - Cisco type 7", default=BgpAuthenticationKeyTypeEnum.THREE_DES ) - bfd: bool = Field(description="Enable BFD", default=False) - bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD for iBGP", default=False) + bfd: bool = Field(description="Enable BFD. Valid for IPv4 Underlay only", default=False) + bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD For iBGP", default=False) # Management Settings - nxapi: bool = Field(description="Enable NX-API", default=False) - nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API HTTP", default=False) - nxapi_https_port: int = Field(alias="nxapiHttpsPort", description="NX-API HTTPS port", ge=1, le=65535, default=443) - nxapi_http_port: int = Field(alias="nxapiHttpPort", description="NX-API HTTP port", ge=1, le=65535, default=80) + nxapi: bool = Field(description="Enable NX-API over HTTPS", default=False) + nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API over HTTP", default=False) + nxapi_https_port: int = Field( + alias="nxapiHttpsPort", + description="HTTPS port for NX-API", + ge=1, + le=65535, + default=443 + ) + nxapi_http_port: int = Field(alias="nxapiHttpPort", description="HTTP port for NX-API", ge=1, le=65535, default=80) # Bootstrap Settings - day0_bootstrap: bool = Field(alias="day0Bootstrap", description="Enable day-0 bootstrap", default=False) + day0_bootstrap: bool = Field(alias="day0Bootstrap", description="Automatic IP Assignment For POAP", default=False) bootstrap_subnet_collection: List[BootstrapSubnetModel] = Field( alias="bootstrapSubnetCollection", - description="Bootstrap subnet collection", + description="List of IPv4 or IPv6 subnets to be used for bootstrap", default_factory=list ) # Netflow Settings netflow_settings: NetflowSettingsModel = Field( alias="netflowSettings", - description="Netflow configuration", + description="Settings associated with netflow", default_factory=NetflowSettingsModel ) # Multicast Settings rendezvous_point_count: RendezvousPointCountEnum = Field( alias="rendezvousPointCount", - description="Number of rendezvous points", + description="Number of spines acting as Rendezvous-Points (RPs)", default=RendezvousPointCountEnum.TWO ) rendezvous_point_loopback_id: int = Field( alias="rendezvousPointLoopbackId", - description="RP loopback interface ID", + description="Rendezvous point loopback Id", ge=0, le=1023, default=254 ) # System Settings - snmp_trap: bool = Field(alias="snmpTrap", description="Enable SNMP traps", default=True) - cdp: bool = Field(description="Enable CDP", default=False) + snmp_trap: bool = Field(alias="snmpTrap", description="Configure ND as a receiver for SNMP traps", default=True) + cdp: bool = Field(description="Enable CDP on management interface", default=False) real_time_interface_statistics_collection: bool = Field( alias="realTimeInterfaceStatisticsCollection", - description="Enable real-time interface statistics", + description="Enable Real Time Interface Statistics Collection. Valid for NX-OS only", default=False ) - tcam_allocation: bool = Field(alias="tcamAllocation", description="Enable TCAM allocation", default=True) + tcam_allocation: bool = Field( + alias="tcamAllocation", + description="TCAM commands are automatically generated for VxLAN and vPC Fabric Peering when Enabled", + default=True + ) # VPC Extended Configuration - vpc_peer_link_port_channel_id: str = Field(alias="vpcPeerLinkPortChannelId", description="vPC peer link port-channel ID", default="500") + vpc_peer_link_port_channel_id: str = Field( + alias="vpcPeerLinkPortChannelId", + description="vPC Peer Link Port Channel ID (minimum: 1, maximum: 4096)", + default="500" + ) vpc_ipv6_neighbor_discovery_sync: bool = Field( - alias="vpcIpv6NeighborDiscoverySync", description="Enable vPC IPv6 ND sync", default=True + alias="vpcIpv6NeighborDiscoverySync", + description="Enable IPv6 ND synchronization between vPC peers", + default=True + ) + vpc_layer3_peer_router: bool = Field( + alias="vpcLayer3PeerRouter", + description="Enable Layer-3 Peer-Router on all Leaf switches", + default=True + ) + vpc_tor_delay_restore_timer: int = Field( + alias="vpcTorDelayRestoreTimer", + description="vPC delay restore timer for ToR switches (in seconds)", + default=30 + ) + fabric_vpc_domain_id: bool = Field( + alias="fabricVpcDomainId", + description="Enable the same vPC Domain Id for all vPC Pairs. Not Recommended.", + default=False + ) + shared_vpc_domain_id: int = Field( + alias="sharedVpcDomainId", + description="vPC Domain Id to be used on all vPC pairs", + default=1 + ) + fabric_vpc_qos: bool = Field( + alias="fabricVpcQos", + description="Qos on spines for guaranteed delivery of vPC Fabric Peering communication", + default=False ) - vpc_layer3_peer_router: bool = Field(alias="vpcLayer3PeerRouter", description="Enable vPC layer-3 peer router", default=True) - vpc_tor_delay_restore_timer: int = Field(alias="vpcTorDelayRestoreTimer", description="vPC TOR delay restore timer", default=30) - fabric_vpc_domain_id: bool = Field(alias="fabricVpcDomainId", description="Enable fabric vPC domain ID", default=False) - shared_vpc_domain_id: int = Field(alias="sharedVpcDomainId", description="Shared vPC domain ID", default=1) - fabric_vpc_qos: bool = Field(alias="fabricVpcQos", description="Enable fabric vPC QoS", default=False) fabric_vpc_qos_policy_name: str = Field( - alias="fabricVpcQosPolicyName", description="Fabric vPC QoS policy name", default="spine_qos_for_fabric_vpc_peering" + alias="fabricVpcQosPolicyName", + description="Qos Policy name should be same on all spines", + default="spine_qos_for_fabric_vpc_peering" + ) + enable_peer_switch: bool = Field( + alias="enablePeerSwitch", + description="Enable the vPC peer-switch feature on ToR switches", + default=False ) - enable_peer_switch: bool = Field(alias="enablePeerSwitch", description="Enable peer switch", default=False) # Bootstrap / Day-0 / DHCP - local_dhcp_server: bool = Field(alias="localDhcpServer", description="Enable local DHCP server", default=False) - dhcp_protocol_version: DhcpProtocolVersionEnum = Field(alias="dhcpProtocolVersion", description="DHCP protocol version", default=DhcpProtocolVersionEnum.DHCPV4) - dhcp_start_address: str = Field(alias="dhcpStartAddress", description="DHCP start address", default="") - dhcp_end_address: str = Field(alias="dhcpEndAddress", description="DHCP end address", default="") - management_gateway: str = Field(alias="managementGateway", description="Management gateway", default="") - management_ipv4_prefix: int = Field(alias="managementIpv4Prefix", description="Management IPv4 prefix length", default=24) - management_ipv6_prefix: int = Field(alias="managementIpv6Prefix", description="Management IPv6 prefix length", default=64) - extra_config_nxos_bootstrap: str = Field(alias="extraConfigNxosBootstrap", description="Extra NX-OS bootstrap config", default="") + local_dhcp_server: bool = Field( + alias="localDhcpServer", + description="Automatic IP Assignment For POAP From Local DHCP Server", + default=False + ) + dhcp_protocol_version: DhcpProtocolVersionEnum = Field( + alias="dhcpProtocolVersion", + description="IP protocol version for Local DHCP Server", + default=DhcpProtocolVersionEnum.DHCPV4 + ) + dhcp_start_address: str = Field( + alias="dhcpStartAddress", + description="DHCP Scope Start Address For Switch POAP", + default="" + ) + dhcp_end_address: str = Field( + alias="dhcpEndAddress", + description="DHCP Scope End Address For Switch POAP", + default="" + ) + management_gateway: str = Field( + alias="managementGateway", + description="Default Gateway For Management VRF On The Switch", + default="" + ) + management_ipv4_prefix: int = Field( + alias="managementIpv4Prefix", + description="Switch Mgmt IP Subnet Prefix if ipv4", + default=24 + ) + management_ipv6_prefix: int = Field( + alias="managementIpv6Prefix", + description="Switch Management IP Subnet Prefix if ipv6", + default=64 + ) + extra_config_nxos_bootstrap: str = Field( + alias="extraConfigNxosBootstrap", + description="Additional CLIs required during device bootup/login e.g. AAA/Radius", + default="" + ) un_numbered_bootstrap_loopback_id: int = Field( - alias="unNumberedBootstrapLoopbackId", description="Unnumbered bootstrap loopback ID", default=253 + alias="unNumberedBootstrapLoopbackId", description="Bootstrap Seed Switch Loopback Interface ID", default=253 + ) + un_numbered_dhcp_start_address: str = Field( + alias="unNumberedDhcpStartAddress", + description="Switch Loopback DHCP Scope Start Address. Must be a subset of IGP/BGP Loopback Prefix Pool", + default="" + ) + un_numbered_dhcp_end_address: str = Field( + alias="unNumberedDhcpEndAddress", + description="Switch Loopback DHCP Scope End Address. Must be a subset of IGP/BGP Loopback Prefix Pool", + default="" + ) + inband_management: bool = Field( + alias="inbandManagement", + description="Manage switches with only Inband connectivity", + default=False + ) + inband_dhcp_servers: List[str] = Field( + alias="inbandDhcpServers", + description="List of external DHCP server IP addresses (Max 3)", + default_factory=list ) - un_numbered_dhcp_start_address: str = Field(alias="unNumberedDhcpStartAddress", description="Unnumbered DHCP start address", default="") - un_numbered_dhcp_end_address: str = Field(alias="unNumberedDhcpEndAddress", description="Unnumbered DHCP end address", default="") - inband_management: bool = Field(alias="inbandManagement", description="Enable in-band management", default=False) - inband_dhcp_servers: List[str] = Field(alias="inbandDhcpServers", description="In-band DHCP servers", default_factory=list) seed_switch_core_interfaces: List[str] = Field( - alias="seedSwitchCoreInterfaces", description="Seed switch core interfaces", default_factory=list + alias="seedSwitchCoreInterfaces", + description="Seed switch fabric interfaces. Core-facing interface list on seed switch", + default_factory=list ) spine_switch_core_interfaces: List[str] = Field( - alias="spineSwitchCoreInterfaces", description="Spine switch core interfaces", default_factory=list + alias="spineSwitchCoreInterfaces", + description="Spine switch fabric interfaces. Core-facing interface list on all spines", + default_factory=list ) # Backup / Restore - real_time_backup: bool = Field(alias="realTimeBackup", description="Enable real-time backup", default=False) - scheduled_backup: bool = Field(alias="scheduledBackup", description="Enable scheduled backup", default=False) - scheduled_backup_time: str = Field(alias="scheduledBackupTime", description="Scheduled backup time", default="") + real_time_backup: bool = Field( + alias="realTimeBackup", + description="Backup hourly only if there is any config deployment since last backup", + default=False + ) + scheduled_backup: bool = Field( + alias="scheduledBackup", + description="Enable backup at the specified time daily", + default=False + ) + scheduled_backup_time: str = Field( + alias="scheduledBackupTime", + description="Time (UTC) in 24 hour format to take a daily backup if enabled (00:00 to 23:59)", + default="" + ) # IPv6 / Dual-Stack - underlay_ipv6: bool = Field(alias="underlayIpv6", description="Enable IPv6 underlay", default=False) + underlay_ipv6: bool = Field( + alias="underlayIpv6", + description="If not enabled, IPv4 underlay is used", + default=False + ) ipv6_multicast_group_subnet: str = Field( - alias="ipv6MulticastGroupSubnet", description="IPv6 multicast group subnet", default="ff1e::/121" + alias="ipv6MulticastGroupSubnet", + description="IPv6 Multicast address with prefix 112 to 128", + default="ff1e::/121" ) tenant_routed_multicast_ipv6: bool = Field( - alias="tenantRoutedMulticastIpv6", description="Enable tenant routed multicast IPv6", default=False + alias="tenantRoutedMulticastIpv6", + description="For Overlay IPv6 Multicast Support In VXLAN Fabrics", + default=False + ) + ipv6_link_local: bool = Field( + alias="ipv6LinkLocal", + description="If not enabled, Spine-Leaf interfaces will use global IPv6 addresses", + default=True + ) + ipv6_subnet_target_mask: int = Field( + alias="ipv6SubnetTargetMask", + description="Mask for Underlay Subnet IPv6 Range", + default=126 + ) + ipv6_subnet_range: str = Field( + alias="ipv6SubnetRange", + description="Underlay Subnet ipv6 range to assign Numbered and Peer Link SVI IPs", + default="fd00::a04:0/112" + ) + bgp_loopback_ipv6_range: str = Field( + alias="bgpLoopbackIpv6Range", + description="Typically Loopback0 IPv6 Address Range", + default="fd00::a02:0/119" + ) + nve_loopback_ipv6_range: str = Field( + alias="nveLoopbackIpv6Range", + description="Typically Loopback1 and Anycast Loopback IPv6 Address Range", + default="fd00::a03:0/118" ) - ipv6_link_local: bool = Field(alias="ipv6LinkLocal", description="Enable IPv6 link-local", default=True) - ipv6_subnet_target_mask: int = Field(alias="ipv6SubnetTargetMask", description="IPv6 subnet target mask", default=126) - ipv6_subnet_range: str = Field(alias="ipv6SubnetRange", description="IPv6 subnet range", default="fd00::a04:0/112") - bgp_loopback_ipv6_range: str = Field(alias="bgpLoopbackIpv6Range", description="BGP loopback IPv6 range", default="fd00::a02:0/119") - nve_loopback_ipv6_range: str = Field(alias="nveLoopbackIpv6Range", description="NVE loopback IPv6 range", default="fd00::a03:0/118") ipv6_anycast_rendezvous_point_ip_range: str = Field( - alias="ipv6AnycastRendezvousPointIpRange", description="IPv6 anycast RP IP range", default="fd00::254:254:0/118" + alias="ipv6AnycastRendezvousPointIpRange", + description="Anycast RP IPv6 Address Range", + default="fd00::254:254:0/118" ) # Multicast / Rendezvous Point Extended - mvpn_vrf_route_import_id: bool = Field(alias="mvpnVrfRouteImportId", description="Enable MVPN VRF route import ID", default=True) + mvpn_vrf_route_import_id: bool = Field( + alias="mvpnVrfRouteImportId", + description="Enable MVPN VRI ID Generation For Tenant Routed Multicast With IPv4 Underlay", + default=True + ) mvpn_vrf_route_import_id_range: str = Field( - alias="mvpnVrfRouteImportIdRange", description="MVPN VRF route import ID range", default="" + alias="mvpnVrfRouteImportIdRange", + description=( + "MVPN VRI ID (minimum: 1, maximum: 65535) for vPC, applicable when TRM enabled with IPv6 underlay, or " + "mvpnVrfRouteImportId enabled with IPv4 underlay" + ), + default="" ) vrf_route_import_id_reallocation: bool = Field( - alias="vrfRouteImportIdReallocation", description="Enable VRF route import ID reallocation", default=False + alias="vrfRouteImportIdReallocation", + description="One time VRI ID re-allocation based on 'MVPN VRI ID Range'", + default=False + ) + l3vni_multicast_group: str = Field( + alias="l3vniMulticastGroup", + description="Default Underlay Multicast group IPv4 address assigned for every overlay VRF", + default="239.1.1.0" + ) + l3_vni_ipv6_multicast_group: str = Field( + alias="l3VniIpv6MulticastGroup", + description="Default Underlay Multicast group IP6 address assigned for every overlay VRF", + default="ff1e::" + ) + rendezvous_point_mode: RendezvousPointModeEnum = Field( + alias="rendezvousPointMode", + description="Multicast rendezvous point Mode. For ipv6 underlay, please use asm only", + default=RendezvousPointModeEnum.ASM ) - l3vni_multicast_group: str = Field(alias="l3vniMulticastGroup", description="L3 VNI multicast group", default="239.1.1.0") - l3_vni_ipv6_multicast_group: str = Field(alias="l3VniIpv6MulticastGroup", description="L3 VNI IPv6 multicast group", default="ff1e::") - rendezvous_point_mode: RendezvousPointModeEnum = Field(alias="rendezvousPointMode", description="Rendezvous point mode", default=RendezvousPointModeEnum.ASM) phantom_rendezvous_point_loopback_id1: int = Field( - alias="phantomRendezvousPointLoopbackId1", description="Phantom RP loopback ID 1", default=2 + alias="phantomRendezvousPointLoopbackId1", + description="Underlay phantom rendezvous point loopback primary Id for PIM Bi-dir deployments", + default=2 ) phantom_rendezvous_point_loopback_id2: int = Field( - alias="phantomRendezvousPointLoopbackId2", description="Phantom RP loopback ID 2", default=3 + alias="phantomRendezvousPointLoopbackId2", + description="Underlay phantom rendezvous point loopback secondary Id for PIM Bi-dir deployments", + default=3 ) phantom_rendezvous_point_loopback_id3: int = Field( - alias="phantomRendezvousPointLoopbackId3", description="Phantom RP loopback ID 3", default=4 + alias="phantomRendezvousPointLoopbackId3", + description="Underlay phantom rendezvous point loopback tertiary Id for PIM Bi-dir deployments", + default=4 ) phantom_rendezvous_point_loopback_id4: int = Field( - alias="phantomRendezvousPointLoopbackId4", description="Phantom RP loopback ID 4", default=5 + alias="phantomRendezvousPointLoopbackId4", + description="Underlay phantom rendezvous point loopback quaternary Id for PIM Bi-dir deployments", + default=5 + ) + anycast_loopback_id: int = Field( + alias="anycastLoopbackId", + description="Underlay Anycast Loopback Id. Used for vPC Peering in VXLANv6 Fabrics", + default=10 ) - anycast_loopback_id: int = Field(alias="anycastLoopbackId", description="Anycast loopback ID", default=10) # VRF Lite / Sub-Interface - sub_interface_dot1q_range: str = Field(alias="subInterfaceDot1qRange", description="Sub-interface 802.1q range", default="2-511") - vrf_lite_auto_config: VrfLiteAutoConfigEnum = Field(alias="vrfLiteAutoConfig", description="VRF lite auto-config mode", default=VrfLiteAutoConfigEnum.MANUAL) - vrf_lite_subnet_range: str = Field(alias="vrfLiteSubnetRange", description="VRF lite subnet range", default="10.33.0.0/16") - vrf_lite_subnet_target_mask: int = Field(alias="vrfLiteSubnetTargetMask", description="VRF lite subnet target mask", default=30) + sub_interface_dot1q_range: str = Field( + alias="subInterfaceDot1qRange", + description="Per aggregation dot1q range for VRF-Lite connectivity (minimum: 2, maximum: 4093)", + default="2-511" + ) + vrf_lite_auto_config: VrfLiteAutoConfigEnum = Field( + alias="vrfLiteAutoConfig", + description=( + "VRF Lite Inter-Fabric Connection Deployment Options. If 'back2BackAndToExternal' is selected, VRF Lite " + "IFCs are auto created between border devices of two Easy Fabrics, and between border devices in Easy " + "Fabric and edge routers in External Fabric. The IP address is taken from the 'VRF Lite Subnet IP Range' " + "pool." + ), + default=VrfLiteAutoConfigEnum.MANUAL + ) + vrf_lite_subnet_range: str = Field( + alias="vrfLiteSubnetRange", + description="Address range to assign P2P Interfabric Connections", + default="10.33.0.0/16" + ) + vrf_lite_subnet_target_mask: int = Field( + alias="vrfLiteSubnetTargetMask", + description="VRF Lite Subnet Mask", + default=30 + ) auto_unique_vrf_lite_ip_prefix: bool = Field( - alias="autoUniqueVrfLiteIpPrefix", description="Auto unique VRF lite IP prefix", default=False + alias="autoUniqueVrfLiteIpPrefix", + description=( + "When enabled, IP prefix allocated to the VRF LITE IFC is not reused on VRF extension over VRF LITE IFC. " + "Instead, unique IP Subnet is allocated for each VRF extension over VRF LITE IFC." + ), + default=False + ) + auto_symmetric_vrf_lite: bool = Field( + alias="autoSymmetricVrfLite", + description=( + "Whether to auto generate VRF LITE sub-interface and BGP peering configuration on managed " + "neighbor devices. If set, auto created VRF Lite IFC links will have " + "'Auto Deploy for Peer' enabled." + ), + default=False + ) + auto_vrf_lite_default_vrf: bool = Field( + alias="autoVrfLiteDefaultVrf", + description=( + "For ipv4 underlay, whether to auto generate BGP peering in Default VRF for VRF Lite IFC auto deployment " + "option. If set, will auto create VRF Lite Inter-Fabric links with 'Auto Deploy Default VRF' knob enabled" + ), + default=False + ) + auto_symmetric_default_vrf: bool = Field( + alias="autoSymmetricDefaultVrf", + description=( + "Whether to auto generate Default VRF interface and BGP peering configuration on managed neighbor devices. " + "If set, auto created VRF Lite IFC links will have 'Auto Deploy Default VRF for Peer' enabled." + ), + default=False ) - auto_symmetric_vrf_lite: bool = Field(alias="autoSymmetricVrfLite", description="Auto symmetric VRF lite", default=False) - auto_vrf_lite_default_vrf: bool = Field(alias="autoVrfLiteDefaultVrf", description="Auto VRF lite default VRF", default=False) - auto_symmetric_default_vrf: bool = Field(alias="autoSymmetricDefaultVrf", description="Auto symmetric default VRF", default=False) default_vrf_redistribution_bgp_route_map: str = Field( - alias="defaultVrfRedistributionBgpRouteMap", description="Default VRF redistribution BGP route map", default="extcon-rmap-filter" + alias="defaultVrfRedistributionBgpRouteMap", + description=( + "Route Map used to redistribute BGP routes to IGP in default vrf " + "in auto created VRF Lite IFC links" + ), + default="extcon-rmap-filter" ) # Per-VRF Loopback per_vrf_loopback_auto_provision: bool = Field( - alias="perVrfLoopbackAutoProvision", description="Per-VRF loopback auto-provision", default=False + alias="perVrfLoopbackAutoProvision", + description=( + "Auto provision an IPv4 loopback on a VTEP on VRF attachment. Note: Enabling this option auto-provisions " + "loopback on existing VRF attachments and also when Edit, QuickAttach, or Multiattach actions are " + "performed. Provisioned loopbacks cannot be deleted until VRFs are unattached." + ), + default=False ) per_vrf_loopback_ip_range: str = Field( - alias="perVrfLoopbackIpRange", description="Per-VRF loopback IP range", default="10.5.0.0/22" + alias="perVrfLoopbackIpRange", + description="Prefix pool to assign IPv4 addresses to loopbacks on VTEPs on a per VRF basis", + default="10.5.0.0/22" ) per_vrf_loopback_auto_provision_ipv6: bool = Field( - alias="perVrfLoopbackAutoProvisionIpv6", description="Per-VRF loopback auto-provision IPv6", default=False + alias="perVrfLoopbackAutoProvisionIpv6", + description="Auto provision an IPv6 loopback on a VTEP on VRF attachment.", + default=False ) per_vrf_loopback_ipv6_range: str = Field( - alias="perVrfLoopbackIpv6Range", description="Per-VRF loopback IPv6 range", default="fd00::a05:0/112" + alias="perVrfLoopbackIpv6Range", + description="Prefix pool to assign IPv6 addresses to loopbacks on VTEPs on a per VRF basis", + default="fd00::a05:0/112" ) per_vrf_unique_loopback_auto_provision: bool = Field( - alias="perVrfUniqueLoopbackAutoProvision", description="Per-VRF unique loopback auto-provision", default=False + alias="perVrfUniqueLoopbackAutoProvision", + description=( + "Auto provision a unique IPV4 loopback on a VTEP on VRF attachment. Note: Enabling this option " + "auto-provisions unique loopback in the fabric per request. This option and per VRF per VTEP loopback " + "auto-provisioning are mutually exclusive. Provisioned unique loopbacks will be released upon VRF " + "unattachment or per request." + ), + default=False ) per_vrf_unique_loopback_ip_range: str = Field( - alias="perVrfUniqueLoopbackIpRange", description="Per-VRF unique loopback IP range", default="10.6.0.0/22" + alias="perVrfUniqueLoopbackIpRange", + description="Prefix pool to assign unique IPv4 addresses to loopbacks on VTEPs on a per VRF basis", + default="10.6.0.0/22" ) per_vrf_unique_loopback_auto_provision_v6: bool = Field( - alias="perVrfUniqueLoopbackAutoProvisionV6", description="Per-VRF unique loopback auto-provision IPv6", default=False + alias="perVrfUniqueLoopbackAutoProvisionV6", + description="Auto provision a unique IPV6 loopback on a VTEP on VRF attachment.", + default=False ) per_vrf_unique_loopback_ipv6_range: str = Field( - alias="perVrfUniqueLoopbackIpv6Range", description="Per-VRF unique loopback IPv6 range", default="fd00::a06:0/112" + alias="perVrfUniqueLoopbackIpv6Range", + description="Prefix pool to assign unique IPv6 addresses to loopbacks on VTEPs on a per VRF basis", + default="fd00::a06:0/112" ) # Authentication — BGP Extended - bgp_authentication_key: str = Field(alias="bgpAuthenticationKey", description="BGP authentication key", default="") + bgp_authentication_key: str = Field( + alias="bgpAuthenticationKey", + description="Encrypted BGP authentication key based on type", + default="" + ) # Authentication — PIM - pim_hello_authentication: bool = Field(alias="pimHelloAuthentication", description="Enable PIM hello authentication", default=False) - pim_hello_authentication_key: str = Field(alias="pimHelloAuthenticationKey", description="PIM hello authentication key", default="") + pim_hello_authentication: bool = Field( + alias="pimHelloAuthentication", + description="Valid for IPv4 Underlay only", + default=False + ) + pim_hello_authentication_key: str = Field( + alias="pimHelloAuthenticationKey", + description="3DES Encrypted", + default="" + ) # Authentication — BFD - bfd_authentication: bool = Field(alias="bfdAuthentication", description="Enable BFD authentication", default=False) - bfd_authentication_key_id: int = Field(alias="bfdAuthenticationKeyId", description="BFD authentication key ID", default=100) - bfd_authentication_key: str = Field(alias="bfdAuthenticationKey", description="BFD authentication key", default="") - bfd_ospf: bool = Field(alias="bfdOspf", description="Enable BFD for OSPF", default=False) - bfd_isis: bool = Field(alias="bfdIsis", description="Enable BFD for IS-IS", default=False) - bfd_pim: bool = Field(alias="bfdPim", description="Enable BFD for PIM", default=False) + bfd_authentication: bool = Field( + alias="bfdAuthentication", + description="Enable BFD Authentication. Valid for P2P Interfaces only", + default=False + ) + bfd_authentication_key_id: int = Field( + alias="bfdAuthenticationKeyId", + description="BFD Authentication Key ID", + default=100 + ) + bfd_authentication_key: str = Field( + alias="bfdAuthenticationKey", + description="Encrypted SHA1 secret value", + default="" + ) + bfd_ospf: bool = Field(alias="bfdOspf", description="Enable BFD For OSPF", default=False) + bfd_isis: bool = Field(alias="bfdIsis", description="Enable BFD For ISIS", default=False) + bfd_pim: bool = Field(alias="bfdPim", description="Enable BFD For PIM", default=False) # Authentication — OSPF - ospf_authentication: bool = Field(alias="ospfAuthentication", description="Enable OSPF authentication", default=False) - ospf_authentication_key_id: int = Field(alias="ospfAuthenticationKeyId", description="OSPF authentication key ID", default=127) - ospf_authentication_key: str = Field(alias="ospfAuthenticationKey", description="OSPF authentication key", default="") + ospf_authentication: bool = Field( + alias="ospfAuthentication", + description="Enable OSPF Authentication", + default=False + ) + ospf_authentication_key_id: int = Field( + alias="ospfAuthenticationKeyId", + description="(Min:0, Max:255)", + default=127 + ) + ospf_authentication_key: str = Field( + alias="ospfAuthenticationKey", + description="OSPF Authentication Key. 3DES Encrypted", + default="" + ) # IS-IS - isis_level: IsisLevelEnum = Field(alias="isisLevel", description="IS-IS level", default=IsisLevelEnum.LEVEL_2) - isis_area_number: str = Field(alias="isisAreaNumber", description="IS-IS area number", default="0001") - isis_point_to_point: bool = Field(alias="isisPointToPoint", description="IS-IS point-to-point", default=True) - isis_authentication: bool = Field(alias="isisAuthentication", description="Enable IS-IS authentication", default=False) + isis_level: IsisLevelEnum = Field(alias="isisLevel", description="IS-IS Level", default=IsisLevelEnum.LEVEL_2) + isis_area_number: str = Field( + alias="isisAreaNumber", + description=( + "NET in form of XX.<4-hex-digit Custom Area Number>.XXXX.XXXX.XXXX.00, default Area Number " + "is 0001. If area number in existing NETs matches the previous area number set in fabric " + "settings and is different from the " + "current area number, these NETs will be updated by Recalculate and Deploy." + ), + default="0001" + ) + isis_point_to_point: bool = Field( + alias="isisPointToPoint", + description="This will enable network point-to-point on fabric interfaces which are numbered", + default=True + ) + isis_authentication: bool = Field( + alias="isisAuthentication", + description="Enable IS-IS Authentication", + default=False + ) isis_authentication_keychain_name: str = Field( - alias="isisAuthenticationKeychainName", description="IS-IS authentication keychain name", default="" + alias="isisAuthenticationKeychainName", description="IS-IS Authentication Keychain Name", default="" ) isis_authentication_keychain_key_id: int = Field( - alias="isisAuthenticationKeychainKeyId", description="IS-IS authentication keychain key ID", default=127 + alias="isisAuthenticationKeychainKeyId", description="IS-IS Authentication Key ID", default=127 + ) + isis_authentication_key: str = Field( + alias="isisAuthenticationKey", + description="IS-IS Authentication Key. Cisco Type 7 Encrypted", + default="" + ) + isis_overload: bool = Field( + alias="isisOverload", + description="Set IS-IS Overload Bit. When enabled, set the overload bit for an elapsed time after a reload", + default=True + ) + isis_overload_elapse_time: int = Field( + alias="isisOverloadElapseTime", + description="IS-IS Overload Bit Elapsed Time. Clear the overload bit after an elapsed time in seconds", + default=60 ) - isis_authentication_key: str = Field(alias="isisAuthenticationKey", description="IS-IS authentication key", default="") - isis_overload: bool = Field(alias="isisOverload", description="Enable IS-IS overload bit", default=True) - isis_overload_elapse_time: int = Field(alias="isisOverloadElapseTime", description="IS-IS overload elapse time", default=60) # MACsec - macsec: bool = Field(description="Enable MACsec", default=False) - macsec_cipher_suite: MacsecCipherSuiteEnum = Field(alias="macsecCipherSuite", description="MACsec cipher suite", default=MacsecCipherSuiteEnum.GCM_AES_XPN_256) - macsec_key_string: str = Field(alias="macsecKeyString", description="MACsec key string", default="") - macsec_algorithm: MacsecAlgorithmEnum = Field(alias="macsecAlgorithm", description="MACsec algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC) - macsec_fallback_key_string: str = Field(alias="macsecFallbackKeyString", description="MACsec fallback key string", default="") - macsec_fallback_algorithm: MacsecAlgorithmEnum = Field(alias="macsecFallbackAlgorithm", description="MACsec fallback algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC) - macsec_report_timer: int = Field(alias="macsecReportTimer", description="MACsec report timer", default=5) + macsec: bool = Field( + description=( + "Enable MACsec in the fabric. MACsec fabric parameters are used for configuring MACsec on a fabric link if " + "MACsec is enabled on the link." + ), + default=False + ) + macsec_cipher_suite: MacsecCipherSuiteEnum = Field( + alias="macsecCipherSuite", + description="Configure Cipher Suite", + default=MacsecCipherSuiteEnum.GCM_AES_XPN_256 + ) + macsec_key_string: str = Field( + alias="macsecKeyString", + description="MACsec Primary Key String. Cisco Type 7 Encrypted Octet String", + default="" + ) + macsec_algorithm: MacsecAlgorithmEnum = Field( + alias="macsecAlgorithm", + description="MACsec Primary Cryptographic Algorithm. AES_128_CMAC or AES_256_CMAC", + default=MacsecAlgorithmEnum.AES_128_CMAC + ) + macsec_fallback_key_string: str = Field( + alias="macsecFallbackKeyString", + description="MACsec Fallback Key String. Cisco Type 7 Encrypted Octet String", + default="" + ) + macsec_fallback_algorithm: MacsecAlgorithmEnum = Field( + alias="macsecFallbackAlgorithm", + description="MACsec Fallback Cryptographic Algorithm. AES_128_CMAC or AES_256_CMAC", + default=MacsecAlgorithmEnum.AES_128_CMAC + ) + macsec_report_timer: int = Field( + alias="macsecReportTimer", + description="MACsec Operational Status periodic report timer in minutes", + default=5 + ) # VRF Lite MACsec - vrf_lite_macsec: bool = Field(alias="vrfLiteMacsec", description="Enable VRF lite MACsec", default=False) + vrf_lite_macsec: bool = Field( + alias="vrfLiteMacsec", + description=( + "Enable MACsec on DCI links. DCI MACsec fabric parameters are used for configuring MACsec on a DCI link if " + "'Use Link MACsec Setting' is disabled on the link." + ), + default=False + ) vrf_lite_macsec_cipher_suite: MacsecCipherSuiteEnum = Field( - alias="vrfLiteMacsecCipherSuite", description="VRF lite MACsec cipher suite", default=MacsecCipherSuiteEnum.GCM_AES_XPN_256 + alias="vrfLiteMacsecCipherSuite", + description="DCI MACsec Cipher Suite", + default=MacsecCipherSuiteEnum.GCM_AES_XPN_256 + ) + vrf_lite_macsec_key_string: str = Field( + alias="vrfLiteMacsecKeyString", + description="DCI MACsec Primary Key String. Cisco Type 7 Encrypted Octet String", + default="" ) - vrf_lite_macsec_key_string: str = Field(alias="vrfLiteMacsecKeyString", description="VRF lite MACsec key string", default="") vrf_lite_macsec_algorithm: MacsecAlgorithmEnum = Field( - alias="vrfLiteMacsecAlgorithm", description="VRF lite MACsec algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC + alias="vrfLiteMacsecAlgorithm", + description="DCI MACsec Primary Cryptographic Algorithm", + default=MacsecAlgorithmEnum.AES_128_CMAC ) vrf_lite_macsec_fallback_key_string: str = Field( - alias="vrfLiteMacsecFallbackKeyString", description="VRF lite MACsec fallback key string", default="" + alias="vrfLiteMacsecFallbackKeyString", + description=( + "DCI MACsec Fallback Key String. Cisco Type 7 Encrypted Octet String. " + "This parameter is used when DCI link has QKD disabled." + ), + default="" ) vrf_lite_macsec_fallback_algorithm: MacsecAlgorithmEnum = Field( - alias="vrfLiteMacsecFallbackAlgorithm", description="VRF lite MACsec fallback algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC + alias="vrfLiteMacsecFallbackAlgorithm", + description="AES_128_CMAC or AES_256_CMAC. This parameter is used when DCI link has QKD disabled.", + default=MacsecAlgorithmEnum.AES_128_CMAC ) # Quantum Key Distribution / Trustpoint - quantum_key_distribution: bool = Field(alias="quantumKeyDistribution", description="Enable quantum key distribution", default=False) + quantum_key_distribution: bool = Field( + alias="quantumKeyDistribution", + description=( + "Enable Data Center Interconnect Media Access Control Security " + "with Quantum Key Distribution config" + ), + default=False + ) quantum_key_distribution_profile_name: str = Field( - alias="quantumKeyDistributionProfileName", description="Quantum key distribution profile name", default="" + alias="quantumKeyDistributionProfileName", description="Name of crypto profile (Max Size 63)", default="" ) key_management_entity_server_ip: str = Field( - alias="keyManagementEntityServerIp", description="Key management entity server IP", default="" + alias="keyManagementEntityServerIp", description="Key Management Entity server ipv4 address", default="" ) key_management_entity_server_port: int = Field( - alias="keyManagementEntityServerPort", description="Key management entity server port", default=0 + alias="keyManagementEntityServerPort", description="Key Management Entity server port number", default=0 + ) + trustpoint_label: str = Field( + alias="trustpointLabel", + description="Tls authentication type trustpoint label", + default="" ) - trustpoint_label: str = Field(alias="trustpointLabel", description="Trustpoint label", default="") skip_certificate_verification: bool = Field( - alias="skipCertificateVerification", description="Skip certificate verification", default=False + alias="skipCertificateVerification", description="Skip verification of incoming certificate", default=False ) # BGP / Routing Enhancements auto_bgp_neighbor_description: bool = Field( - alias="autoBgpNeighborDescription", description="Auto BGP neighbor description", default=True + alias="autoBgpNeighborDescription", description="Generate BGP EVPN Neighbor Description", default=True + ) + ibgp_peer_template: str = Field( + alias="ibgpPeerTemplate", + description=( + "Specifies the iBGP Peer-Template config used for Route Reflectors and spines with border " + "or border gateway role. This field should begin with ' template peer' or " + "' template peer-session'. This must have 2 " + "leading spaces. Note ! All configs should strictly match show run output, with respect to case and " + "newlines. Any mismatches will yield unexpected diffs during deploy." + ), + default="" + ) + leaf_ibgp_peer_template: str = Field( + alias="leafIbgpPeerTemplate", + description=( + "Specifies the config used for leaf, border or border gateway. If this field is empty, the peer template " + "defined in iBGP Peer-Template Config is used on all BGP enabled devices (RRs, leafs, border or border " + "gateway roles). This field should begin with ' template peer' or ' template peer-session'. This must " + "have 2 leading spaces. Note ! All configs should strictly match 'show run' output, with respect to case " + "and newlines. Any mismatches will yield unexpected diffs during deploy." + ), + default="" + ) + link_state_routing_tag: str = Field( + alias="linkStateRoutingTag", + description="Underlay routing protocol process tag", + default="UNDERLAY" ) - ibgp_peer_template: str = Field(alias="ibgpPeerTemplate", description="iBGP peer template", default="") - leaf_ibgp_peer_template: str = Field(alias="leafIbgpPeerTemplate", description="Leaf iBGP peer template", default="") - link_state_routing_tag: str = Field(alias="linkStateRoutingTag", description="Link state routing tag", default="UNDERLAY") static_underlay_ip_allocation: bool = Field( - alias="staticUnderlayIpAllocation", description="Static underlay IP allocation", default=False + alias="staticUnderlayIpAllocation", + description="Checking this will disable Dynamic Underlay IP Address Allocations", + default=False + ) + router_id_range: str = Field( + alias="routerIdRange", + description="BGP Router ID Range in IPv4 subnet format used for IPv6 Underlay.", + default="10.2.0.0/23" ) - router_id_range: str = Field(alias="routerIdRange", description="Router ID range", default="10.2.0.0/23") # Security Group Tags (SGT) - security_group_tag: bool = Field(alias="securityGroupTag", description="Enable security group tag", default=False) - security_group_tag_prefix: str = Field(alias="securityGroupTagPrefix", description="SGT prefix", default="SG_") + security_group_tag: bool = Field( + alias="securityGroupTag", + description="Security group can be enabled only with cli overlay mode", + default=False + ) + security_group_tag_prefix: str = Field( + alias="securityGroupTagPrefix", + description="Prefix to be used when a new security group is created", + default="SG_" + ) security_group_tag_mac_segmentation: bool = Field( - alias="securityGroupTagMacSegmentation", description="Enable SGT MAC segmentation", default=False + alias="securityGroupTagMacSegmentation", + description="Enable MAC based segmentation for security groups", + default=False ) security_group_tag_id_range: str = Field( - alias="securityGroupTagIdRange", description="SGT ID range", default="10000-14000" + alias="securityGroupTagIdRange", + description="Security group tag (SGT) identifier range (minimum: 16, maximum: 65535)", + default="10000-14000" ) security_group_tag_preprovision: bool = Field( - alias="securityGroupTagPreprovision", description="Enable SGT preprovision", default=False + alias="securityGroupTagPreprovision", + description="Generate security groups configuration for non-enforced VRFs", + default=False + ) + security_group_status: SecurityGroupStatusEnum = Field( + alias="securityGroupStatus", + description="Security group status", + default=SecurityGroupStatusEnum.DISABLED ) - security_group_status: SecurityGroupStatusEnum = Field(alias="securityGroupStatus", description="Security group status", default=SecurityGroupStatusEnum.DISABLED) # Queuing / QoS - default_queuing_policy: bool = Field(alias="defaultQueuingPolicy", description="Enable default queuing policy", default=False) + default_queuing_policy: bool = Field( + alias="defaultQueuingPolicy", + description="Enable Default Queuing Policies", + default=False + ) default_queuing_policy_cloudscale: str = Field( - alias="defaultQueuingPolicyCloudscale", description="Default queuing policy cloudscale", default="queuing_policy_default_8q_cloudscale" + alias="defaultQueuingPolicyCloudscale", + description="Queuing Policy for all 92xx, -EX, -FX, -FX2, -FX3, -GX series switches in the fabric", + default="queuing_policy_default_8q_cloudscale" ) default_queuing_policy_r_series: str = Field( - alias="defaultQueuingPolicyRSeries", description="Default queuing policy R-Series", default="queuing_policy_default_r_series" + alias="defaultQueuingPolicyRSeries", + description="Queueing policy for all Nexus R-series switches", + default="queuing_policy_default_r_series" ) default_queuing_policy_other: str = Field( - alias="defaultQueuingPolicyOther", description="Default queuing policy other", default="queuing_policy_default_other" - ) - aiml_qos: bool = Field(alias="aimlQos", description="Enable AI/ML QoS", default=False) - aiml_qos_policy: AimlQosPolicyEnum = Field(alias="aimlQosPolicy", description="AI/ML QoS policy", default=AimlQosPolicyEnum.V_400G) - roce_v2: str = Field(alias="roceV2", description="RoCEv2 DSCP value", default="26") - cnp: str = Field(description="CNP value", default="48") - wred_min: int = Field(alias="wredMin", description="WRED minimum threshold", default=950) - wred_max: int = Field(alias="wredMax", description="WRED maximum threshold", default=3000) - wred_drop_probability: int = Field(alias="wredDropProbability", description="WRED drop probability", default=7) - wred_weight: int = Field(alias="wredWeight", description="WRED weight", default=0) - bandwidth_remaining: int = Field(alias="bandwidthRemaining", description="Bandwidth remaining percentage", default=50) - dlb: bool = Field(description="Enable dynamic load balancing", default=False) - dlb_mode: DlbModeEnum = Field(alias="dlbMode", description="DLB mode", default=DlbModeEnum.FLOWLET) - dlb_mixed_mode_default: DlbMixedModeDefaultEnum = Field(alias="dlbMixedModeDefault", description="DLB mixed mode default", default=DlbMixedModeDefaultEnum.ECMP) - flowlet_aging: int = Field(alias="flowletAging", description="Flowlet aging interval", default=1) - flowlet_dscp: str = Field(alias="flowletDscp", description="Flowlet DSCP value", default="") - per_packet_dscp: str = Field(alias="perPacketDscp", description="Per-packet DSCP value", default="") - ai_load_sharing: bool = Field(alias="aiLoadSharing", description="Enable AI load sharing", default=False) + alias="defaultQueuingPolicyOther", + description="Queuing Policy for all other switches in the fabric", + default="queuing_policy_default_other" + ) + aiml_qos: bool = Field( + alias="aimlQos", + description=( + "Configures QoS and Queuing Policies specific to N9K Cloud Scale (CS) & Silicon One (S1) switch fabric for " + "AI network workloads" + ), + default=False + ) + aiml_qos_policy: AimlQosPolicyEnum = Field( + alias="aimlQosPolicy", + description=( + "Queuing Policy based on predominant fabric link speed: 800G / 400G / 100G / 25G. User-defined allows for " + "custom configuration." + ), + default=AimlQosPolicyEnum.V_400G + ) + roce_v2: str = Field( + alias="roceV2", + description=( + "DSCP for RDMA traffic: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="26" + ) + cnp: str = Field( + description=( + "DSCP value for Congestion Notification: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="48" + ) + wred_min: int = Field(alias="wredMin", description="WRED minimum threshold (in kbytes)", default=950) + wred_max: int = Field(alias="wredMax", description="WRED maximum threshold (in kbytes)", default=3000) + wred_drop_probability: int = Field(alias="wredDropProbability", description="Drop probability %", default=7) + wred_weight: int = Field( + alias="wredWeight", + description="Influences how quickly WRED reacts to queue depth changes", + default=0 + ) + bandwidth_remaining: int = Field( + alias="bandwidthRemaining", + description="Percentage of remaining bandwidth allocated to AI traffic queues", + default=50 + ) + dlb: bool = Field( + description=( + "Enables fabric-level Dynamic Load Balancing (DLB) configuration. Note: Inter-Switch-Links (ISL) will be " + "configured as DLB Interfaces" + ), + default=False + ) + dlb_mode: DlbModeEnum = Field( + alias="dlbMode", + description=( + "Select system-wide flowlet, per-packet (packet spraying) or policy driven mixed mode. Note: Mixed mode is " + "supported on Silicon One (S1) platform only." + ), + default=DlbModeEnum.FLOWLET + ) + dlb_mixed_mode_default: DlbMixedModeDefaultEnum = Field( + alias="dlbMixedModeDefault", + description="Default load balancing mode for policy driven mixed mode DLB", + default=DlbMixedModeDefaultEnum.ECMP + ) + flowlet_aging: int = Field( + alias="flowletAging", + description=( + "Flowlet aging timer in microseconds. Valid range depends on platform: Cloud Scale (CS)=1-2000000 (default " + "500), Silicon One (S1)=1-1024 (default 256)" + ), + default=1 + ) + flowlet_dscp: str = Field( + alias="flowletDscp", + description=( + "DSCP values for flowlet load balancing: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="" + ) + per_packet_dscp: str = Field( + alias="perPacketDscp", + description=( + "DSCP values for per-packet load balancing: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="" + ) + ai_load_sharing: bool = Field( + alias="aiLoadSharing", + description="Enable IP load sharing using source and destination address for AI workloads", + default=False + ) priority_flow_control_watch_interval: int = Field( - alias="priorityFlowControlWatchInterval", description="Priority flow control watch interval", default=101 + alias="priorityFlowControlWatchInterval", + description="Acceptable values from 101 to 1000 (milliseconds). Leave blank for system default (100ms).", + default=101 ) # PTP - ptp: bool = Field(description="Enable PTP", default=False) - ptp_loopback_id: int = Field(alias="ptpLoopbackId", description="PTP loopback ID", default=0) - ptp_domain_id: int = Field(alias="ptpDomainId", description="PTP domain ID", default=0) - ptp_vlan_id: int = Field(alias="ptpVlanId", description="PTP VLAN ID", default=2) + ptp: bool = Field(description="Enable Precision Time Protocol (PTP)", default=False) + ptp_loopback_id: int = Field( + alias="ptpLoopbackId", + description="Precision Time Protocol Source Loopback Id", + default=0 + ) + ptp_domain_id: int = Field( + alias="ptpDomainId", + description="Multiple Independent PTP Clocking Subdomains on a Single Network", + default=0 + ) + ptp_vlan_id: int = Field( + alias="ptpVlanId", + description="Precision Time Protocol (PTP) Source VLAN ID. SVI used for ptp source on ToRs", + default=2 + ) # STP - stp_root_option: StpRootOptionEnum = Field(alias="stpRootOption", description="STP root option", default=StpRootOptionEnum.UNMANAGED) - stp_vlan_range: str = Field(alias="stpVlanRange", description="STP VLAN range", default="1-3967") - mst_instance_range: str = Field(alias="mstInstanceRange", description="MST instance range", default="0") - stp_bridge_priority: int = Field(alias="stpBridgePriority", description="STP bridge priority", default=0) + stp_root_option: StpRootOptionEnum = Field( + alias="stpRootOption", + description=( + "Which protocol to use for configuring root bridge? rpvst+: Rapid Per-VLAN Spanning Tree, mst: Multiple " + "Spanning Tree, unmanaged (default): STP Root not managed by ND" + ), + default=StpRootOptionEnum.UNMANAGED + ) + stp_vlan_range: str = Field( + alias="stpVlanRange", + description="Spanning tree Vlan range (minimum: 1, maximum: 4094)", + default="1-3967" + ) + mst_instance_range: str = Field( + alias="mstInstanceRange", + description="Minimum Spanning Tree instance range (minimum: 0, maximum: 4094)", + default="0" + ) + stp_bridge_priority: int = Field( + alias="stpBridgePriority", + description="Bridge priority for the spanning tree in increments of 4096", + default=0 + ) # MPLS Handoff - mpls_handoff: bool = Field(alias="mplsHandoff", description="Enable MPLS handoff", default=False) - mpls_loopback_identifier: int = Field(alias="mplsLoopbackIdentifier", description="MPLS loopback identifier", default=101) - mpls_isis_area_number: str = Field(alias="mplsIsisAreaNumber", description="MPLS IS-IS area number", default="0001") - mpls_loopback_ip_range: str = Field(alias="mplsLoopbackIpRange", description="MPLS loopback IP range", default="10.101.0.0/25") + mpls_handoff: bool = Field(alias="mplsHandoff", description="Enable MPLS Handoff", default=False) + mpls_loopback_identifier: int = Field( + alias="mplsLoopbackIdentifier", + description="Used for VXLAN to MPLS SR/LDP Handoff", + default=101 + ) + mpls_isis_area_number: str = Field( + alias="mplsIsisAreaNumber", + description=( + "NET in form of XX.<4-hex-digit Custom Area Number>.XXXX.XXXX.XXXX.00, default Area Number is 0001, used " + "only if routing protocol on DCI MPLS link is is-is" + ), + default="0001" + ) + mpls_loopback_ip_range: str = Field( + alias="mplsLoopbackIpRange", + description="Used for VXLAN to MPLS SR/LDP Handoff", + default="10.101.0.0/25" + ) # Private VLAN - private_vlan: bool = Field(alias="privateVlan", description="Enable private VLAN", default=False) + private_vlan: bool = Field( + alias="privateVlan", + description="Enable PVLAN on switches except spines and super spines", + default=False + ) default_private_vlan_secondary_network_template: str = Field( alias="defaultPrivateVlanSecondaryNetworkTemplate", - description="Default private VLAN secondary network template", + description="Default PVLAN secondary network template", default="Pvlan_Secondary_Network" ) allow_vlan_on_leaf_tor_pairing: AllowVlanOnLeafTorPairingEnum = Field( - alias="allowVlanOnLeafTorPairing", description="Allow VLAN on leaf/TOR pairing", default=AllowVlanOnLeafTorPairingEnum.NONE + alias="allowVlanOnLeafTorPairing", + description="Set trunk allowed vlan to 'none' or 'all' for leaf-tor pairing port-channels", + default=AllowVlanOnLeafTorPairingEnum.NONE ) # Leaf / TOR - leaf_tor_id_range: bool = Field(alias="leafTorIdRange", description="Enable leaf/TOR ID range", default=False) + leaf_tor_id_range: bool = Field( + alias="leafTorIdRange", + description="Use specific vPC/Port-channel ID range for leaf-tor pairings", + default=False + ) leaf_tor_vpc_port_channel_id_range: str = Field( - alias="leafTorVpcPortChannelIdRange", description="Leaf/TOR vPC port-channel ID range", default="1-499" + alias="leafTorVpcPortChannelIdRange", + description=( + "Specify vPC/Port-channel ID range (minimum: 1, maximum: 4096), this range is used for auto-allocating " + "vPC/Port-Channel IDs for leaf-tor pairings" + ), + default="1-499" ) # Resource ID Ranges l3_vni_no_vlan_default_option: bool = Field( - alias="l3VniNoVlanDefaultOption", description="L3 VNI no-VLAN default option", default=False + alias="l3VniNoVlanDefaultOption", + description=( + "L3 VNI configuration without VLAN configuration. This value is propagated on vrf creation as the default " + "value of 'Enable L3VNI w/o VLAN' in vrf" + ), + default=False ) ip_service_level_agreement_id_range: str = Field( - alias="ipServiceLevelAgreementIdRange", description="IP SLA ID range", default="10000-19999" + alias="ipServiceLevelAgreementIdRange", + description=( + "Service Level Agreement (SLA) ID Range " + "(minimum: 1, maximum: 655214748364735). Per switch SLA ID Range" + ), + default="10000-19999" ) object_tracking_number_range: str = Field( - alias="objectTrackingNumberRange", description="Object tracking number range", default="100-299" + alias="objectTrackingNumberRange", + description="Tracked Object ID Range (minimum: 1, maximum: 512) Per switch tracked object ID Range", + default="100-299" ) service_network_vlan_range: str = Field( - alias="serviceNetworkVlanRange", description="Service network VLAN range", default="3000-3199" + alias="serviceNetworkVlanRange", + description=( + "Service Network VLAN Range (minimum: 2, maximum: 4094). " + "Per Switch Overlay Service Network VLAN Range" + ), + default="3000-3199" ) route_map_sequence_number_range: str = Field( - alias="routeMapSequenceNumberRange", description="Route map sequence number range", default="1-65534" + alias="routeMapSequenceNumberRange", + description="Route Map Sequence Number Range (minimum: 1, maximum: 65534)", + default="1-65534" ) # DNS / NTP / Syslog Collections @@ -1030,61 +1723,172 @@ class VxlanIbgpManagementModel(NDNestedModel): dns_collection: List[str] = Field(default_factory=lambda: ["5.192.28.174"], alias="dnsCollection") dns_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="dnsVrfCollection") syslog_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerCollection") - syslog_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerVrfCollection") - syslog_severity_collection: List[int] = Field(default_factory=lambda: [7], alias="syslogSeverityCollection", description="Syslog severity levels (0-7)") + syslog_server_vrf_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="syslogServerVrfCollection" + ) + syslog_severity_collection: List[int] = Field( + default_factory=lambda: [7], + alias="syslogSeverityCollection", + description="List of Syslog severity values, one per Syslog server" + ) # Extra Config / Pre-Interface Config / AAA / Banner - banner: str = Field(description="Fabric banner text", default="") - extra_config_leaf: str = Field(alias="extraConfigLeaf", description="Extra leaf config", default="") - extra_config_spine: str = Field(alias="extraConfigSpine", description="Extra spine config", default="") - extra_config_tor: str = Field(alias="extraConfigTor", description="Extra TOR config", default="") + banner: str = Field( + description=( + "Message of the Day (motd) banner. Delimiter char (very first char is delimiter char) followed by message " + "ending with delimiter" + ), + default="" + ) + extra_config_leaf: str = Field( + alias="extraConfigLeaf", + description=( + "Additional CLIs as captured from the show running configuration, added after interface configurations for " + "all switches with a VTEP unless they have some spine role" + ), + default="" + ) + extra_config_spine: str = Field( + alias="extraConfigSpine", + description=( + "Additional CLIs as captured from the show running configuration, added after interface configurations for " + "all switches with some spine role" + ), + default="" + ) + extra_config_tor: str = Field( + alias="extraConfigTor", + description=( + "Additional CLIs as captured from the show running configuration, added after interface configurations for " + "all ToRs" + ), + default="" + ) extra_config_intra_fabric_links: str = Field( - alias="extraConfigIntraFabricLinks", description="Extra intra-fabric links config", default="" + alias="extraConfigIntraFabricLinks", description="Additional CLIs for all Intra-Fabric links", default="" + ) + extra_config_aaa: str = Field(alias="extraConfigAaa", description="AAA Configurations", default="") + aaa: bool = Field(description="Include AAA configs from Manageability tab during device bootup", default=False) + pre_interface_config_leaf: str = Field( + alias="preInterfaceConfigLeaf", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " + "configurations for all switches with a VTEP unless they have some spine role" + ), + default="" + ) + pre_interface_config_spine: str = Field( + alias="preInterfaceConfigSpine", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " + "configurations for all switches with some spine role" + ), + default="" + ) + pre_interface_config_tor: str = Field( + alias="preInterfaceConfigTor", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " + "configurations for all ToRs" + ), + default="" ) - extra_config_aaa: str = Field(alias="extraConfigAaa", description="Extra AAA config", default="") - aaa: bool = Field(description="Enable AAA", default=False) - pre_interface_config_leaf: str = Field(alias="preInterfaceConfigLeaf", description="Pre-interface leaf config", default="") - pre_interface_config_spine: str = Field(alias="preInterfaceConfigSpine", description="Pre-interface spine config", default="") - pre_interface_config_tor: str = Field(alias="preInterfaceConfigTor", description="Pre-interface TOR config", default="") # System / Compliance / OAM / Misc anycast_border_gateway_advertise_physical_ip: bool = Field( - alias="anycastBorderGatewayAdvertisePhysicalIp", description="Anycast border gateway advertise physical IP", default=False + alias="anycastBorderGatewayAdvertisePhysicalIp", + description="To advertise Anycast Border Gateway PIP as VTEP. Effective on MSD fabric 'Recalculate Config'", + default=False + ) + greenfield_debug_flag: GreenfieldDebugFlagEnum = Field( + alias="greenfieldDebugFlag", + description="Allow switch configuration to be cleared without a reload when preserveConfig is set to false", + default=GreenfieldDebugFlagEnum.DISABLE ) - greenfield_debug_flag: GreenfieldDebugFlagEnum = Field(alias="greenfieldDebugFlag", description="Greenfield debug flag", default=GreenfieldDebugFlagEnum.DISABLE) interface_statistics_load_interval: int = Field( - alias="interfaceStatisticsLoadInterval", description="Interface statistics load interval", default=10 + alias="interfaceStatisticsLoadInterval", + description="Interface Statistics Load Interval. Time in seconds", + default=10 + ) + nve_hold_down_timer: int = Field( + alias="nveHoldDownTimer", + description="NVE Source Inteface HoldDown Time in seconds", + default=180 + ) + next_generation_oam: bool = Field( + alias="nextGenerationOAM", + description=( + "Enable the Next Generation (NG) OAM feature for all switches in the fabric to aid in trouble-shooting " + "VXLAN EVPN fabrics" + ), + default=True ) - nve_hold_down_timer: int = Field(alias="nveHoldDownTimer", description="NVE hold-down timer", default=180) - next_generation_oam: bool = Field(alias="nextGenerationOAM", description="Enable next-generation OAM", default=True) ngoam_south_bound_loop_detect: bool = Field( - alias="ngoamSouthBoundLoopDetect", description="Enable NGOAM south bound loop detect", default=False + alias="ngoamSouthBoundLoopDetect", + description="Enable the Next Generation (NG) OAM southbound loop detection", + default=False ) ngoam_south_bound_loop_detect_probe_interval: int = Field( - alias="ngoamSouthBoundLoopDetectProbeInterval", description="NGOAM south bound loop detect probe interval", default=300 + alias="ngoamSouthBoundLoopDetectProbeInterval", + description="Set Next Generation (NG) OAM southbound loop detection probe interval in seconds.", + default=300 ) ngoam_south_bound_loop_detect_recovery_interval: int = Field( - alias="ngoamSouthBoundLoopDetectRecoveryInterval", description="NGOAM south bound loop detect recovery interval", default=600 + alias="ngoamSouthBoundLoopDetectRecoveryInterval", + description="Set the Next Generation (NG) OAM southbound loop detection recovery interval in seconds", + default=600 ) strict_config_compliance_mode: bool = Field( - alias="strictConfigComplianceMode", description="Enable strict config compliance mode", default=False + alias="strictConfigComplianceMode", + description=( + "Enable bi-directional compliance checks to flag additional configs in the running config that are not in " + "the intent/expected config" + ), + default=False + ) + advanced_ssh_option: bool = Field( + alias="advancedSshOption", + description="Enable AAA IP Authorization. Enable only, when IP Authorization is enabled in the AAA Server", + default=False + ) + copp_policy: CoppPolicyEnum = Field( + alias="coppPolicy", + description="Fabric wide CoPP policy. Customized CoPP policy should be provided when 'manual' is selected.", + default=CoppPolicyEnum.STRICT + ) + power_redundancy_mode: PowerRedundancyModeEnum = Field( + alias="powerRedundancyMode", + description="Default Power Supply Mode for NX-OS Switches", + default=PowerRedundancyModeEnum.REDUNDANT ) - advanced_ssh_option: bool = Field(alias="advancedSshOption", description="Enable advanced SSH option", default=False) - copp_policy: CoppPolicyEnum = Field(alias="coppPolicy", description="CoPP policy", default=CoppPolicyEnum.STRICT) - power_redundancy_mode: PowerRedundancyModeEnum = Field(alias="powerRedundancyMode", description="Power redundancy mode", default=PowerRedundancyModeEnum.REDUNDANT) host_interface_admin_state: bool = Field( - alias="hostInterfaceAdminState", description="Host interface admin state", default=True + alias="hostInterfaceAdminState", description="Unshut Host Interfaces by Default", default=True + ) + heartbeat_interval: int = Field( + alias="heartbeatInterval", + description="XConnect heartbeat interval for periodic link status checks", + default=190 + ) + policy_based_routing: bool = Field( + alias="policyBasedRouting", + description="Enable feature pbr, sla sender, epbr, or enable feature pbr, based on the L4-L7 Services use case", + default=False ) - heartbeat_interval: int = Field(alias="heartbeatInterval", description="Heartbeat interval", default=190) - policy_based_routing: bool = Field(alias="policyBasedRouting", description="Enable policy-based routing", default=False) brownfield_network_name_format: str = Field( - alias="brownfieldNetworkNameFormat", description="Brownfield network name format", default="Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$" + alias="brownfieldNetworkNameFormat", + description="Generated network name should be less than 64 characters", + default="Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$" ) brownfield_skip_overlay_network_attachments: bool = Field( - alias="brownfieldSkipOverlayNetworkAttachments", description="Skip brownfield overlay network attachments", default=False + alias="brownfieldSkipOverlayNetworkAttachments", + description="Skip Overlay Network Interface Attachments for Brownfield and Host Port Resync cases", + default=False ) allow_smart_switch_onboarding: bool = Field( - alias="allowSmartSwitchOnboarding", description="Allow smart switch onboarding", default=False + alias="allowSmartSwitchOnboarding", + description="Enable onboarding of smart switches to Hypershield for firewall service", + default=False ) # Hypershield / Connectivity @@ -1208,17 +2012,44 @@ class FabricIbgpModel(NDBaseModel): location: Optional[LocationModel] = Field(description="Geographic location of the fabric", default=None) # License and Operations - license_tier: LicenseTierEnum = Field(alias="licenseTier", description="License tier", default=LicenseTierEnum.PREMIER) - alert_suspend: AlertSuspendEnum = Field(alias="alertSuspend", description="Alert suspension state", default=AlertSuspendEnum.DISABLED) - telemetry_collection: bool = Field(alias="telemetryCollection", description="Enable telemetry collection", default=False) - telemetry_collection_type: str = Field(alias="telemetryCollectionType", description="Telemetry collection type", default="outOfBand") - telemetry_streaming_protocol: str = Field(alias="telemetryStreamingProtocol", description="Telemetry streaming protocol", default="ipv4") - telemetry_source_interface: str = Field(alias="telemetrySourceInterface", description="Telemetry source interface", default="") + license_tier: LicenseTierEnum = Field( + alias="licenseTier", + description="License tier", + default=LicenseTierEnum.PREMIER + ) + alert_suspend: AlertSuspendEnum = Field( + alias="alertSuspend", + description="Alert suspension state", + default=AlertSuspendEnum.DISABLED + ) + telemetry_collection: bool = Field( + alias="telemetryCollection", + description="Enable telemetry collection", + default=False + ) + telemetry_collection_type: str = Field( + alias="telemetryCollectionType", + description="Telemetry collection type", + default="outOfBand" + ) + telemetry_streaming_protocol: str = Field( + alias="telemetryStreamingProtocol", + description="Telemetry streaming protocol", + default="ipv4" + ) + telemetry_source_interface: str = Field( + alias="telemetrySourceInterface", + description="Telemetry source interface", + default="" + ) telemetry_source_vrf: str = Field(alias="telemetrySourceVrf", description="Telemetry source VRF", default="") security_domain: str = Field(alias="securityDomain", description="Security domain", default="all") # Core Management Configuration - management: Optional[VxlanIbgpManagementModel] = Field(description="iBGP VXLAN management configuration", default=None) + management: Optional[VxlanIbgpManagementModel] = Field( + description="iBGP VXLAN management configuration", + default=None + ) # Optional Advanced Settings telemetry_settings: Optional[TelemetrySettingsModel] = Field( diff --git a/plugins/modules/nd_manage_fabric_ibgp.py b/plugins/modules/nd_manage_fabric_ibgp.py index 9d857fc6..8f834e4f 100644 --- a/plugins/modules/nd_manage_fabric_ibgp.py +++ b/plugins/modules/nd_manage_fabric_ibgp.py @@ -60,7 +60,7 @@ - The license tier for the fabric. type: str default: premier - choices: [ essentials, premier ] + choices: [ essentials, advantage, premier ] alert_suspend: description: - The alert suspension state for the fabric. @@ -111,19 +111,19 @@ bgp_asn: description: - The BGP Autonomous System Number for the fabric. - - Must be a numeric value between 1 and 4294967295. + - Accepts a plain integer (1-4294967295) or dotted notation (1-65535.0-65535). type: str required: true site_id: description: - - The site identifier for the fabric. - - Must be a numeric value between 1 and 65535. + - The site identifier for the fabric (for EVPN Multi-Site support). + - Must be a numeric value between 1 and 281474976710655. - Defaults to the value of O(config.management.bgp_asn) if not provided. type: str default: "" target_subnet_mask: description: - - The target subnet mask for intra-fabric links. + - The target subnet mask for intra-fabric links (24-31). type: int default: 30 anycast_gateway_mac: @@ -149,9 +149,11 @@ default: false underlay_multicast_group_address_limit: description: - - The underlay multicast group address limit (1-255). + - The underlay multicast group address limit. + - The maximum supported value is 128 for NX-OS version 10.2(1) or earlier and 512 for versions above 10.2(1). type: int default: 128 + choices: [ 128, 512 ] tenant_routed_multicast: description: - Enable tenant routed multicast. @@ -159,9 +161,10 @@ default: false rendezvous_point_count: description: - - The number of rendezvous points (1-4). + - The number of spines acting as Rendezvous-Points (RPs). type: int default: 2 + choices: [ 2, 4 ] rendezvous_point_loopback_id: description: - The rendezvous point loopback interface ID (0-1023). @@ -186,9 +189,10 @@ default: "0.0.0.0" fabric_interface_type: description: - - The fabric interface type. + - The fabric interface type. Numbered (Point-to-Point) or unnumbered. type: str default: p2p + choices: [ p2p, unNumbered ] bgp_loopback_id: description: - The BGP loopback interface ID (0-1023). @@ -201,9 +205,10 @@ default: 1 route_reflector_count: description: - - The number of BGP route reflectors (1-4). + - The number of spines acting as BGP route reflectors. type: int default: 2 + choices: [ 2, 4 ] bgp_loopback_ip_range: description: - The BGP loopback IP address pool. @@ -226,7 +231,7 @@ default: "10.4.0.0/16" router_id_range: description: - - The router ID IP address pool. + - The BGP router ID range in IPv4 subnet format. Used for IPv6 underlay. type: str default: "10.2.0.0/23" l2_vni_range: @@ -251,14 +256,9 @@ default: "2000-2299" sub_interface_dot1q_range: description: - - The sub-interface 802.1q range. + - The sub-interface 802.1q range (minimum 2, maximum 4093). type: str default: "2-511" - service_network_vlan_range: - description: - - The service network VLAN range. - type: str - default: "3000-3199" l3_vni_no_vlan_default_option: description: - Enable L3 VNI no-VLAN default option. @@ -293,7 +293,8 @@ description: - The vPC peer keep-alive option. type: str - default: loopback + default: management + choices: [ loopback, management ] vpc_auto_recovery_timer: description: - The vPC auto recovery timer in seconds (240-3600). @@ -421,9 +422,10 @@ default: 10 greenfield_debug_flag: description: - - The greenfield debug flag. + - Allow switch configuration to be cleared without a reload when preserveConfig is set to false. type: str - default: enable + default: disable + choices: [ enable, disable ] nxapi: description: - Enable NX-API (HTTPS). @@ -436,9 +438,9 @@ default: 443 nxapi_http: description: - - Enable NX-API HTTP. + - Enable NX-API over HTTP. type: bool - default: true + default: false nxapi_http_port: description: - The NX-API HTTP port (1-65535). @@ -451,9 +453,10 @@ default: false bgp_authentication_key_type: description: - - The BGP authentication key type. + - "BGP key encryption type: 3 - 3DES, 6 - Cisco type 6, 7 - Cisco type 7." type: str default: 3des + choices: [ 3des, type6, type7 ] bgp_authentication_key: description: - The BGP authentication key. @@ -529,6 +532,7 @@ - The IS-IS level. type: str default: level-2 + choices: [ level-1, level-2 ] isis_area_number: description: - The IS-IS area number. @@ -579,6 +583,7 @@ - The MACsec cipher suite. type: str default: GCM-AES-XPN-256 + choices: [ GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, GCM-AES-XPN-256 ] macsec_key_string: description: - The MACsec primary key string. @@ -586,9 +591,10 @@ default: "" macsec_algorithm: description: - - The MACsec algorithm. + - The MACsec primary cryptographic algorithm. type: str default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] macsec_fallback_key_string: description: - The MACsec fallback key string. @@ -596,9 +602,10 @@ default: "" macsec_fallback_algorithm: description: - - The MACsec fallback algorithm. + - The MACsec fallback cryptographic algorithm. type: str default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] macsec_report_timer: description: - The MACsec report timer. @@ -606,9 +613,39 @@ default: 5 vrf_lite_macsec: description: - - Enable MACsec on VRF lite links. + - Enable MACsec on DCI links. type: bool default: false + vrf_lite_macsec_cipher_suite: + description: + - The DCI MACsec cipher suite. + type: str + default: GCM-AES-XPN-256 + choices: [ GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, GCM-AES-XPN-256 ] + vrf_lite_macsec_key_string: + description: + - The DCI MACsec primary key string (Cisco Type 7 Encrypted Octet String). + type: str + default: "" + vrf_lite_macsec_algorithm: + description: + - The DCI MACsec primary cryptographic algorithm. + type: str + default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] + vrf_lite_macsec_fallback_key_string: + description: + - The DCI MACsec fallback key string (Cisco Type 7 Encrypted Octet String). + - This parameter is used when DCI link has QKD disabled. + type: str + default: "" + vrf_lite_macsec_fallback_algorithm: + description: + - The DCI MACsec fallback cryptographic algorithm. + - This parameter is used when DCI link has QKD disabled. + type: str + default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] quantum_key_distribution: description: - Enable quantum key distribution. @@ -631,14 +668,22 @@ default: 0 trustpoint_label: description: - - The trustpoint label. + - The trustpoint label for TLS authentication. type: str default: "" + skip_certificate_verification: + description: + - Skip verification of incoming certificate. + type: bool + default: false vrf_lite_auto_config: description: - - The VRF lite auto-configuration mode. + - "VRF Lite Inter-Fabric Connection deployment options. If C(back2BackAndToExternal) is selected, + VRF Lite IFCs are auto created between border devices of two Easy Fabrics, and between + border devices in Easy Fabric and edge routers in External Fabric." type: str default: manual + choices: [ manual, back2BackAndToExternal ] vrf_lite_subnet_range: description: - The VRF lite subnet IP address pool. @@ -649,16 +694,6 @@ - The VRF lite subnet target mask. type: int default: 30 - vrf_lite_ipv6_subnet_range: - description: - - The VRF lite IPv6 subnet range. - type: str - default: "fd00::a33:0/112" - vrf_lite_ipv6_subnet_target_mask: - description: - - The VRF lite IPv6 subnet target mask (112-128). - type: int - default: 126 auto_unique_vrf_lite_ip_prefix: description: - Enable auto unique VRF lite IP prefix. @@ -679,6 +714,11 @@ - Enable auto symmetric default VRF. type: bool default: false + default_vrf_redistribution_bgp_route_map: + description: + - Route Map used to redistribute BGP routes to IGP in default VRF in auto created VRF Lite IFC links. + type: str + default: extcon-rmap-filter per_vrf_loopback_auto_provision: description: - Enable per-VRF loopback auto-provisioning. @@ -699,6 +739,27 @@ - The per-VRF loopback IPv6 address pool. type: str default: "fd00::a05:0/112" + per_vrf_unique_loopback_auto_provision: + description: + - Auto provision a unique IPv4 loopback on a VTEP on VRF attachment. + - This option and per VRF per VTEP loopback auto-provisioning are mutually exclusive. + type: bool + default: false + per_vrf_unique_loopback_ip_range: + description: + - Prefix pool to assign unique IPv4 addresses to loopbacks on VTEPs on a per VRF basis. + type: str + default: "10.6.0.0/22" + per_vrf_unique_loopback_auto_provision_v6: + description: + - Auto provision a unique IPv6 loopback on a VTEP on VRF attachment. + type: bool + default: false + per_vrf_unique_loopback_ipv6_range: + description: + - Prefix pool to assign unique IPv6 addresses to loopbacks on VTEPs on a per VRF basis. + type: str + default: "fd00::a06:0/112" underlay_ipv6: description: - Enable IPv6 underlay. @@ -744,6 +805,63 @@ - The IPv6 anycast rendezvous point IP address pool. type: str default: "fd00::254:254:0/118" + mvpn_vrf_route_import_id: + description: + - Enable MVPN VRI ID generation for Tenant Routed Multicast with IPv4 underlay. + type: bool + default: true + mvpn_vrf_route_import_id_range: + description: + - MVPN VRI ID range (minimum 1, maximum 65535) for vPC. + - Applicable when TRM is enabled with IPv6 underlay, or mvpn_vrf_route_import_id is enabled with IPv4 underlay. + type: str + default: "" + vrf_route_import_id_reallocation: + description: + - One time VRI ID re-allocation based on MVPN VRI ID Range. + type: bool + default: false + l3vni_multicast_group: + description: + - Default underlay multicast group IPv4 address assigned for every overlay VRF. + type: str + default: "239.1.1.0" + l3_vni_ipv6_multicast_group: + description: + - Default underlay multicast group IPv6 address assigned for every overlay VRF. + type: str + default: "ff1e::" + rendezvous_point_mode: + description: + - Multicast rendezvous point mode. For IPv6 underlay, use C(asm) only. + type: str + default: asm + choices: [ asm, bidir ] + phantom_rendezvous_point_loopback_id1: + description: + - Underlay phantom RP loopback primary ID for PIM Bi-dir deployments. + type: int + default: 2 + phantom_rendezvous_point_loopback_id2: + description: + - Underlay phantom RP loopback secondary ID for PIM Bi-dir deployments. + type: int + default: 3 + phantom_rendezvous_point_loopback_id3: + description: + - Underlay phantom RP loopback tertiary ID for PIM Bi-dir deployments. + type: int + default: 4 + phantom_rendezvous_point_loopback_id4: + description: + - Underlay phantom RP loopback quaternary ID for PIM Bi-dir deployments. + type: int + default: 5 + anycast_loopback_id: + description: + - Underlay Anycast Loopback ID. Used for vPC Peering in VXLANv6 Fabrics. + type: int + default: 10 auto_bgp_neighbor_description: description: - Enable automatic BGP neighbor description. @@ -798,32 +916,119 @@ description: - The security group status. type: str - default: enabled + default: disabled + choices: [ enabled, enabledStrict, enabledLoose, enablePending, enablePendingStrict, enablePendingLoose, disablePending, disabled ] default_queuing_policy: description: - - Enable default queuing policy. + - Enable default queuing policies. type: bool default: false + default_queuing_policy_cloudscale: + description: + - Queuing policy for all 92xx, -EX, -FX, -FX2, -FX3, -GX series switches in the fabric. + type: str + default: queuing_policy_default_8q_cloudscale + default_queuing_policy_r_series: + description: + - Queuing policy for all Nexus R-series switches. + type: str + default: queuing_policy_default_r_series + default_queuing_policy_other: + description: + - Queuing policy for all other switches in the fabric. + type: str + default: queuing_policy_default_other aiml_qos: description: - - Enable AI/ML QoS. + - Enable AI/ML QoS. Configures QoS and queuing policies specific to N9K Cloud Scale and Silicon One switch fabric + for AI network workloads. type: bool default: false aiml_qos_policy: description: - - The AI/ML QoS policy. + - Queuing policy based on predominant fabric link speed. type: str default: 400G + choices: [ 800G, 400G, 100G, 25G, User-defined ] + roce_v2: + description: + - DSCP for RDMA traffic. Numeric (0-63) with ranges/comma, or named values. + type: str + default: "26" + cnp: + description: + - DSCP value for Congestion Notification. Numeric (0-63) with ranges/comma, or named values. + type: str + default: "48" + wred_min: + description: + - WRED minimum threshold (in kbytes). + type: int + default: 950 + wred_max: + description: + - WRED maximum threshold (in kbytes). + type: int + default: 3000 + wred_drop_probability: + description: + - WRED drop probability percentage. + type: int + default: 7 + wred_weight: + description: + - Influences how quickly WRED reacts to queue depth changes. + type: int + default: 0 + bandwidth_remaining: + description: + - Percentage of remaining bandwidth allocated to AI traffic queues. + type: int + default: 50 dlb: description: - - Enable dynamic load balancing. + - Enable fabric-level Dynamic Load Balancing (DLB). Inter-Switch-Links will be configured as DLB interfaces. type: bool default: false dlb_mode: description: - - The DLB mode. + - "Select system-wide DLB mode: flowlet, per-packet (packet spraying), or policy driven mixed mode. + Mixed mode is supported on Silicon One (S1) platform only." type: str default: flowlet + choices: [ flowlet, per-packet, policy-driven-flowlet, policy-driven-per-packet, policy-driven-mixed-mode ] + dlb_mixed_mode_default: + description: + - Default load balancing mode for policy driven mixed mode DLB. + type: str + default: ecmp + choices: [ ecmp, flowlet, per-packet ] + flowlet_aging: + description: + - "Flowlet aging timer in microseconds. Valid range depends on platform: Cloud Scale (CS)=1-2000000, + Silicon One (S1)=1-1024." + type: int + default: 1 + flowlet_dscp: + description: + - DSCP values for flowlet load balancing. Numeric (0-63) with ranges/comma, or named values. + type: str + default: "" + per_packet_dscp: + description: + - DSCP values for per-packet load balancing. Numeric (0-63) with ranges/comma, or named values. + type: str + default: "" + ai_load_sharing: + description: + - Enable IP load sharing using source and destination address for AI workloads. + type: bool + default: false + priority_flow_control_watch_interval: + description: + - PFC watch interval in milliseconds (101-1000). Leave blank for system default (100ms). + type: int + default: 101 ptp: description: - Enable Precision Time Protocol (PTP). @@ -836,24 +1041,31 @@ default: 0 ptp_domain_id: description: - - The PTP domain ID. + - The PTP domain ID for multiple independent PTP clocking subdomains on a single network. type: int default: 0 + ptp_vlan_id: + description: + - Precision Time Protocol (PTP) source VLAN ID. SVI used for PTP source on ToRs. + type: int + default: 2 stp_root_option: description: - - The STP root option. + - "Which protocol to use for configuring root bridge: rpvst+ (Rapid Per-VLAN Spanning Tree), + mst (Multiple Spanning Tree), or unmanaged (STP Root not managed by ND)." type: str - default: mst + default: unmanaged + choices: [ rpvst+, mst, unmanaged ] stp_vlan_range: description: - - The STP VLAN range. + - The STP VLAN range (minimum 1, maximum 4094). type: str - default: "" + default: "1-3967" mst_instance_range: description: - - The MST instance range. + - The MST instance range (minimum 0, maximum 4094). type: str - default: "0-3,5,7-9" + default: "0" stp_bridge_priority: description: - The STP bridge priority. @@ -866,9 +1078,14 @@ default: false mpls_loopback_identifier: description: - - The MPLS loopback identifier. + - The MPLS loopback identifier used for VXLAN to MPLS SR/LDP Handoff. type: int default: 101 + mpls_isis_area_number: + description: + - IS-IS area number for DCI MPLS link. Used only if routing protocol on DCI MPLS link is IS-IS. + type: str + default: "0001" mpls_loopback_ip_range: description: - The MPLS loopback IP address pool. @@ -876,9 +1093,30 @@ default: "10.101.0.0/25" private_vlan: description: - - Enable private VLAN support. + - Enable PVLAN on switches except spines and super spines. + type: bool + default: false + default_private_vlan_secondary_network_template: + description: + - Default PVLAN secondary network template. + type: str + default: Pvlan_Secondary_Network + allow_vlan_on_leaf_tor_pairing: + description: + - "Set trunk allowed VLAN to 'none' or 'all' for leaf-TOR pairing port-channels." + type: str + default: none + choices: [ none, all ] + leaf_tor_id_range: + description: + - Use specific vPC/Port-channel ID range for leaf-TOR pairings. type: bool default: false + leaf_tor_vpc_port_channel_id_range: + description: + - Specify vPC/Port-channel ID range (minimum 1, maximum 4096) for leaf-TOR pairings. + type: str + default: "1-499" ip_service_level_agreement_id_range: description: - The IP SLA ID range. @@ -891,9 +1129,14 @@ default: "100-299" route_map_sequence_number_range: description: - - The route map sequence number range. + - The route map sequence number range (minimum 1, maximum 65534). type: str default: "1-65534" + service_network_vlan_range: + description: + - Per Switch Overlay Service Network VLAN Range (minimum 2, maximum 4094). + type: str + default: "3000-3199" day0_bootstrap: description: - Enable day-0 bootstrap (POAP). @@ -906,9 +1149,10 @@ default: false dhcp_protocol_version: description: - - The DHCP protocol version for bootstrap. + - The IP protocol version for local DHCP server. type: str default: dhcpv4 + choices: [ dhcpv4, dhcpv6 ] dhcp_start_address: description: - The DHCP start address for bootstrap. @@ -934,6 +1178,160 @@ - The management IPv6 prefix length for bootstrap. type: int default: 64 + extra_config_nxos_bootstrap: + description: + - Additional CLIs required during device bootup/login (e.g. AAA/Radius). + type: str + default: "" + un_numbered_bootstrap_loopback_id: + description: + - Bootstrap Seed Switch Loopback Interface ID. + type: int + default: 253 + un_numbered_dhcp_start_address: + description: + - Switch Loopback DHCP Scope Start Address. Must be a subset of IGP/BGP Loopback Prefix Pool. + type: str + default: "" + un_numbered_dhcp_end_address: + description: + - Switch Loopback DHCP Scope End Address. Must be a subset of IGP/BGP Loopback Prefix Pool. + type: str + default: "" + inband_management: + description: + - Manage switches with only inband connectivity. + type: bool + default: false + inband_dhcp_servers: + description: + - List of external DHCP server IP addresses (Max 3). + type: list + elements: str + seed_switch_core_interfaces: + description: + - Seed switch fabric interfaces. Core-facing interface list on seed switch. + type: list + elements: str + spine_switch_core_interfaces: + description: + - Spine switch fabric interfaces. Core-facing interface list on all spines. + type: list + elements: str + bootstrap_subnet_collection: + description: + - List of IPv4 or IPv6 subnets to be used for bootstrap. + type: list + elements: dict + suboptions: + start_ip: + description: + - Starting IP address of the bootstrap range. + type: str + required: true + end_ip: + description: + - Ending IP address of the bootstrap range. + type: str + required: true + default_gateway: + description: + - Default gateway for bootstrap subnet. + type: str + required: true + subnet_prefix: + description: + - Subnet prefix length (8-30). + type: int + required: true + netflow_settings: + description: + - Settings associated with netflow. + type: dict + suboptions: + netflow: + description: + - Enable netflow collection. + type: bool + default: false + netflow_exporter_collection: + description: + - List of netflow exporters. + type: list + elements: dict + suboptions: + exporter_name: + description: + - Name of the netflow exporter. + type: str + required: true + exporter_ip: + description: + - IP address of the netflow collector. + type: str + required: true + vrf: + description: + - VRF name for the exporter. + type: str + default: management + source_interface_name: + description: + - Source interface name. + type: str + required: true + udp_port: + description: + - UDP port for netflow export (1-65535). + type: int + required: true + netflow_record_collection: + description: + - List of netflow records. + type: list + elements: dict + suboptions: + record_name: + description: + - Name of the netflow record. + type: str + required: true + record_template: + description: + - Template type for the record. + type: str + required: true + layer2_record: + description: + - Enable layer 2 record fields. + type: bool + default: false + netflow_monitor_collection: + description: + - List of netflow monitors. + type: list + elements: dict + suboptions: + monitor_name: + description: + - Name of the netflow monitor. + type: str + required: true + record_name: + description: + - Associated record name. + type: str + required: true + exporter1_name: + description: + - Primary exporter name. + type: str + required: true + exporter2_name: + description: + - Secondary exporter name. + type: str + default: "" real_time_backup: description: - Enable real-time backup. @@ -956,24 +1354,47 @@ default: 180 next_generation_oam: description: - - Enable next-generation OAM. + - Enable the Next Generation (NG) OAM feature for all switches in the fabric. type: bool default: true + ngoam_south_bound_loop_detect: + description: + - Enable the Next Generation (NG) OAM southbound loop detection. + type: bool + default: false + ngoam_south_bound_loop_detect_probe_interval: + description: + - Set NG OAM southbound loop detection probe interval in seconds. + type: int + default: 300 + ngoam_south_bound_loop_detect_recovery_interval: + description: + - Set NG OAM southbound loop detection recovery interval in seconds. + type: int + default: 600 strict_config_compliance_mode: description: - - Enable strict configuration compliance mode. + - Enable bi-directional compliance checks to flag additional configs in the running config + that are not in the intent/expected config. + type: bool + default: false + advanced_ssh_option: + description: + - Enable AAA IP Authorization. Enable only when IP Authorization is enabled in the AAA Server. type: bool default: false copp_policy: description: - - The CoPP policy. + - The fabric wide CoPP policy. Customized CoPP policy should be provided when C(manual) is selected. type: str - default: dense + default: strict + choices: [ dense, lenient, moderate, strict, manual ] power_redundancy_mode: description: - - The power redundancy mode. + - Default power supply mode for NX-OS switches. type: str default: redundant + choices: [ redundant, combined, inputSrcRedundant ] host_interface_admin_state: description: - Enable host interface admin state. @@ -1001,9 +1422,25 @@ default: false allow_smart_switch_onboarding: description: - - Allow smart switch onboarding. + - Enable onboarding of smart switches to Hypershield for firewall service. type: bool default: false + connectivity_domain_name: + description: + - Domain name to connect to Hypershield. + type: str + hypershield_connectivity_proxy_server: + description: + - IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication. + type: str + hypershield_connectivity_proxy_server_port: + description: + - Proxy port number for communication with Hypershield. + type: int + hypershield_connectivity_source_intf: + description: + - Loopback interface on smart switch for communication with Hypershield. + type: str aaa: description: - Enable AAA. @@ -1034,6 +1471,22 @@ - Extra freeform AAA configuration. type: str default: "" + pre_interface_config_leaf: + description: + - Additional CLIs added before interface configurations for all switches with a VTEP + unless they have some spine role. + type: str + default: "" + pre_interface_config_spine: + description: + - Additional CLIs added before interface configurations for all switches with some spine role. + type: str + default: "" + pre_interface_config_tor: + description: + - Additional CLIs added before interface configurations for all ToRs. + type: str + default: "" banner: description: - The fabric banner text displayed on switch login. @@ -1044,11 +1497,21 @@ - The list of NTP server IP addresses. type: list elements: str + ntp_server_vrf_collection: + description: + - The list of VRFs for NTP servers. + type: list + elements: str dns_collection: description: - The list of DNS server IP addresses. type: list elements: str + dns_vrf_collection: + description: + - The list of VRFs for DNS servers. + type: list + elements: str syslog_server_collection: description: - The list of syslog server IP addresses. From 7f39af2366b17f7bc4f4bf6778f7e8ae3df97548 Mon Sep 17 00:00:00 2001 From: mwiebe Date: Fri, 27 Mar 2026 18:25:42 -0400 Subject: [PATCH 4/4] Update pydantic model for ebgp --- .../manage_fabric/manage_fabric_ebgp.py | 1028 +++++++++++++---- 1 file changed, 828 insertions(+), 200 deletions(-) diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py b/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py index 8894941c..e30fe28c 100644 --- a/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py @@ -33,6 +33,19 @@ VpcPeerKeepAliveOptionEnum, BgpAsModeEnum, FirstHopRedundancyProtocolEnum, + AimlQosPolicyEnum, + AllowVlanOnLeafTorPairingEnum, + BgpAuthenticationKeyTypeEnum, + DhcpProtocolVersionEnum, + DlbMixedModeDefaultEnum, + DlbModeEnum, + MacsecAlgorithmEnum, + MacsecCipherSuiteEnum, + PowerRedundancyModeEnum, + RendezvousPointCountEnum, + RendezvousPointModeEnum, + UnderlayMulticastGroupAddressLimitEnum, + VrfLiteAutoConfigEnum, ) # Re-use shared nested models from the iBGP module from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ibgp import ( @@ -111,7 +124,7 @@ class VxlanEbgpManagementModel(NDNestedModel): ) # Fabric Type (required for discriminated union) - type: Literal[FabricTypeEnum.VXLAN_EBGP] = Field(description="Fabric management type", default=FabricTypeEnum.VXLAN_EBGP) + type: Literal[FabricTypeEnum.VXLAN_EBGP] = Field(description="Type of the fabric", default=FabricTypeEnum.VXLAN_EBGP) # Core eBGP Configuration bgp_asn: Optional[str] = Field( @@ -119,28 +132,41 @@ class VxlanEbgpManagementModel(NDNestedModel): description="BGP Autonomous System Number 1-4294967295 | 1-65535[.0-65535]. Optional when bgpAsnAutoAllocation is True.", default=None ) - site_id: Optional[str] = Field(alias="siteId", description="Site identifier for the fabric. Defaults to Fabric ASN.", default="") + site_id: Optional[str] = Field( + alias="siteId", + description="For EVPN Multi-Site Support. Defaults to Fabric ASN", + default="" + ) bgp_as_mode: BgpAsModeEnum = Field( alias="bgpAsMode", - description="BGP AS mode: multiAS assigns unique AS per leaf tier, sameTierAS assigns same AS within a tier", + description=( + "Multi-AS Unique ASN per Leaf/Border/Border Gateway (Borders and border gateways are " + "allowed to share ASN). Same-Tier-AS Leafs share one ASN, Borders/border gateways share one ASN" + ), default=BgpAsModeEnum.MULTI_AS ) bgp_asn_auto_allocation: bool = Field( alias="bgpAsnAutoAllocation", - description="Enable automatic BGP ASN allocation from bgpAsnRange", + description=( + "Automatically allocate and track BGP ASN for leafs, borders and border gateways " + "in Multi-AS mode" + ), default=True ) bgp_asn_range: Optional[str] = Field( alias="bgpAsnRange", - description="BGP ASN range for automatic allocation (e.g., '65000-65535')", + description=( + "BGP ASN range for auto-allocation " + "(minimum: 1 or 1.0, maximum: 4294967295 or 65535.65535)" + ), default=None ) bgp_allow_as_in_num: int = Field( alias="bgpAllowAsInNum", - description="Number of times BGP allows AS-path that contains local AS", + description="Number of occurrences of ASN allowed in the BGP AS-path", default=1 ) - bgp_max_path: int = Field(alias="bgpMaxPath", description="Maximum number of BGP equal-cost paths", default=4) + bgp_max_path: int = Field(alias="bgpMaxPath", description="BGP Maximum Paths", default=4) bgp_underlay_failure_protect: bool = Field( alias="bgpUnderlayFailureProtect", description="Enable BGP underlay failure protection", @@ -148,39 +174,53 @@ class VxlanEbgpManagementModel(NDNestedModel): ) auto_configure_ebgp_evpn_peering: bool = Field( alias="autoConfigureEbgpEvpnPeering", - description="Automatically configure eBGP EVPN peering between spine and leaf", + description=( + "Automatically configure eBGP EVPN overlay peering between leaf and spine switches" + ), default=True ) allow_leaf_same_as: bool = Field( alias="allowLeafSameAs", - description="Allow leaf switches to have the same BGP AS number", + description="Leafs can have same BGP ASN even when AS mode is Multi-AS", default=False ) assign_ipv4_to_loopback0: bool = Field( alias="assignIpv4ToLoopback0", - description="Assign IPv4 address to loopback0 interface", + description=( + "In an IPv6 routed fabric or VXLAN EVPN fabric with IPv6 underlay, assign IPv4 address " + "used for BGP Router ID to the routing loopback interface" + ), default=True ) - evpn: bool = Field(description="Enable EVPN control plane", default=True) - route_map_tag: int = Field(alias="routeMapTag", description="Route map tag for redistribution", default=12345) + evpn: bool = Field( + description=( + "Enable BGP EVPN as the control plane and VXLAN as the data plane for this fabric" + ), + default=True + ) + route_map_tag: int = Field( + alias="routeMapTag", + description="Tag for Route Map FABRIC-RMAP-REDIST-SUBNET. (Min:0, Max:4294967295)", + default=12345 + ) disable_route_map_tag: bool = Field( alias="disableRouteMapTag", - description="Disable route map tag usage", + description="No match tag for Route Map FABRIC-RMAP-REDIST-SUBNET", default=False ) leaf_bgp_as: Optional[str] = Field( alias="leafBgpAs", - description="BGP AS number for leaf switches (used with sameTierAS mode)", + description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]", default=None ) border_bgp_as: Optional[str] = Field( alias="borderBgpAs", - description="BGP AS number for border switches", + description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]", default=None ) super_spine_bgp_as: Optional[str] = Field( alias="superSpineBgpAs", - description="BGP AS number for super-spine switches", + description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]", default=None ) @@ -188,251 +228,513 @@ class VxlanEbgpManagementModel(NDNestedModel): name: Optional[str] = Field(description="Fabric name", min_length=1, max_length=64, default="") # Network Addressing - bgp_loopback_id: int = Field(alias="bgpLoopbackId", description="BGP loopback interface ID", ge=0, le=1023, default=0) - bgp_loopback_ip_range: str = Field(alias="bgpLoopbackIpRange", description="BGP loopback IP range", default="10.2.0.0/22") - bgp_loopback_ipv6_range: str = Field(alias="bgpLoopbackIpv6Range", description="BGP loopback IPv6 range", default="fd00::a02:0/119") - nve_loopback_id: int = Field(alias="nveLoopbackId", description="NVE loopback interface ID", ge=0, le=1023, default=1) - nve_loopback_ip_range: str = Field(alias="nveLoopbackIpRange", description="NVE loopback IP range", default="10.3.0.0/22") - nve_loopback_ipv6_range: str = Field(alias="nveLoopbackIpv6Range", description="NVE loopback IPv6 range", default="fd00::a03:0/118") - anycast_loopback_id: int = Field(alias="anycastLoopbackId", description="Anycast loopback ID", default=10) + bgp_loopback_id: int = Field( + alias="bgpLoopbackId", + description="Underlay Routing Loopback Id", + ge=0, le=1023, default=0 + ) + bgp_loopback_ip_range: str = Field( + alias="bgpLoopbackIpRange", + description="Typically Loopback0 IP Address Range", + default="10.2.0.0/22" + ) + bgp_loopback_ipv6_range: str = Field( + alias="bgpLoopbackIpv6Range", + description="Typically Loopback0 IPv6 Address Range", + default="fd00::a02:0/119" + ) + nve_loopback_id: int = Field( + alias="nveLoopbackId", + description=( + "Underlay VTEP loopback Id associated with the Network Virtualization Edge (nve) interface" + ), + ge=0, le=1023, default=1 + ) + nve_loopback_ip_range: str = Field( + alias="nveLoopbackIpRange", + description="Typically Loopback1 IP Address Range", + default="10.3.0.0/22" + ) + nve_loopback_ipv6_range: str = Field( + alias="nveLoopbackIpv6Range", + description="Typically Loopback1 and Anycast Loopback IPv6 Address Range", + default="fd00::a03:0/118" + ) + anycast_loopback_id: int = Field( + alias="anycastLoopbackId", + description="Underlay Anycast Loopback Id. Used for vPC Peering in VXLANv6 Fabrics", + default=10 + ) anycast_rendezvous_point_ip_range: str = Field( alias="anycastRendezvousPointIpRange", - description="Anycast RP IP range", + description="Anycast or Phantom RP IP Address Range", default="10.254.254.0/24" ) ipv6_anycast_rendezvous_point_ip_range: str = Field( alias="ipv6AnycastRendezvousPointIpRange", - description="IPv6 anycast RP IP range", + description="Anycast RP IPv6 Address Range", default="fd00::254:254:0/118" ) intra_fabric_subnet_range: str = Field( alias="intraFabricSubnetRange", - description="Intra-fabric subnet range", + description="Address range to assign numbered and peer link SVI IPs", default="10.4.0.0/16" ) # VLAN and VNI Ranges - l2_vni_range: str = Field(alias="l2VniRange", description="Layer 2 VNI range", default="30000-49000") - l3_vni_range: str = Field(alias="l3VniRange", description="Layer 3 VNI range", default="50000-59000") - network_vlan_range: str = Field(alias="networkVlanRange", description="Network VLAN range", default="2300-2999") - vrf_vlan_range: str = Field(alias="vrfVlanRange", description="VRF VLAN range", default="2000-2299") + l2_vni_range: str = Field( + alias="l2VniRange", + description="Overlay network identifier range (minimum: 1, maximum: 16777214)", + default="30000-49000" + ) + l3_vni_range: str = Field( + alias="l3VniRange", + description="Overlay VRF identifier range (minimum: 1, maximum: 16777214)", + default="50000-59000" + ) + network_vlan_range: str = Field( + alias="networkVlanRange", + description="Per Switch Overlay Network VLAN Range (minimum: 2, maximum: 4094)", + default="2300-2999" + ) + vrf_vlan_range: str = Field( + alias="vrfVlanRange", + description="Per Switch Overlay VRF VLAN Range (minimum: 2, maximum: 4094)", + default="2000-2299" + ) # Overlay Configuration - overlay_mode: OverlayModeEnum = Field(alias="overlayMode", description="Overlay configuration mode", default=OverlayModeEnum.CLI) + overlay_mode: OverlayModeEnum = Field( + alias="overlayMode", + description="Overlay Mode. VRF/Network configuration using config-profile or CLI", + default=OverlayModeEnum.CLI + ) replication_mode: ReplicationModeEnum = Field( alias="replicationMode", - description="Multicast replication mode", + description="Replication Mode for BUM Traffic", default=ReplicationModeEnum.MULTICAST ) - multicast_group_subnet: str = Field(alias="multicastGroupSubnet", description="Multicast group subnet", default="239.1.1.0/25") + multicast_group_subnet: str = Field( + alias="multicastGroupSubnet", + description=( + "Multicast pool prefix between 8 to 30. A multicast group ipv4 from this pool " + "is used for BUM traffic for each overlay network." + ), + default="239.1.1.0/25" + ) auto_generate_multicast_group_address: bool = Field( alias="autoGenerateMulticastGroupAddress", - description="Auto-generate multicast group addresses", + description=( + "Generate a new multicast group address from the multicast pool using a round-robin approach" + ), default=False ) - underlay_multicast_group_address_limit: int = Field( + underlay_multicast_group_address_limit: UnderlayMulticastGroupAddressLimitEnum = Field( alias="underlayMulticastGroupAddressLimit", - description="Underlay multicast group address limit", - ge=1, - le=255, - default=128 + description=( + "The maximum supported value is 128 for NX-OS version 10.2(1) or earlier " + "and 512 for versions above 10.2(1)" + ), + default=UnderlayMulticastGroupAddressLimitEnum.V_128 + ) + tenant_routed_multicast: bool = Field( + alias="tenantRoutedMulticast", + description="For Overlay ipv4 Multicast Support In VXLAN Fabrics", + default=False ) - tenant_routed_multicast: bool = Field(alias="tenantRoutedMulticast", description="Enable tenant routed multicast", default=False) tenant_routed_multicast_ipv6: bool = Field( alias="tenantRoutedMulticastIpv6", - description="Enable tenant routed multicast IPv6", + description="For Overlay IPv6 Multicast Support In VXLAN Fabrics", default=False ) first_hop_redundancy_protocol: FirstHopRedundancyProtocolEnum = Field( alias="firstHopRedundancyProtocol", - description="First-hop redundancy protocol for tenant networks", + description="First Hop Redundancy Protocol HSRP or VRRP", default=FirstHopRedundancyProtocolEnum.HSRP ) # Multicast / Rendezvous Point - rendezvous_point_count: int = Field( + rendezvous_point_count: RendezvousPointCountEnum = Field( alias="rendezvousPointCount", - description="Number of spines acting as Rendezvous-Points", + description="Number of spines acting as Rendezvous-Points (RPs)", + default=RendezvousPointCountEnum.TWO + ) + rendezvous_point_loopback_id: int = Field( + alias="rendezvousPointLoopbackId", + description="Rendezvous point loopback Id", + default=254 + ) + rendezvous_point_mode: RendezvousPointModeEnum = Field( + alias="rendezvousPointMode", + description="Multicast rendezvous point Mode. For ipv6 underlay, please use asm only", + default=RendezvousPointModeEnum.ASM + ) + phantom_rendezvous_point_loopback_id1: int = Field( + alias="phantomRendezvousPointLoopbackId1", + description="Underlay phantom rendezvous point loopback primary Id for PIM Bi-dir deployments", default=2 ) - rendezvous_point_loopback_id: int = Field(alias="rendezvousPointLoopbackId", description="RP loopback ID", default=254) - rendezvous_point_mode: str = Field(alias="rendezvousPointMode", description="Multicast RP mode", default="asm") - phantom_rendezvous_point_loopback_id1: int = Field(alias="phantomRendezvousPointLoopbackId1", description="Phantom RP loopback ID 1", default=2) - phantom_rendezvous_point_loopback_id2: int = Field(alias="phantomRendezvousPointLoopbackId2", description="Phantom RP loopback ID 2", default=3) - phantom_rendezvous_point_loopback_id3: int = Field(alias="phantomRendezvousPointLoopbackId3", description="Phantom RP loopback ID 3", default=4) - phantom_rendezvous_point_loopback_id4: int = Field(alias="phantomRendezvousPointLoopbackId4", description="Phantom RP loopback ID 4", default=5) - l3vni_multicast_group: str = Field(alias="l3vniMulticastGroup", description="Default L3 VNI multicast group IPv4 address", default="239.1.1.0") - l3_vni_ipv6_multicast_group: str = Field(alias="l3VniIpv6MulticastGroup", description="Default L3 VNI multicast group IPv6 address", default="ff1e::") - ipv6_multicast_group_subnet: str = Field(alias="ipv6MulticastGroupSubnet", description="IPv6 multicast group subnet", default="ff1e::/121") - mvpn_vrf_route_import_id: bool = Field(alias="mvpnVrfRouteImportId", description="Enable MVPN VRF route import ID", default=True) + phantom_rendezvous_point_loopback_id2: int = Field( + alias="phantomRendezvousPointLoopbackId2", + description="Underlay phantom rendezvous point loopback secondary Id for PIM Bi-dir deployments", + default=3 + ) + phantom_rendezvous_point_loopback_id3: int = Field( + alias="phantomRendezvousPointLoopbackId3", + description="Underlay phantom rendezvous point loopback tertiary Id for PIM Bi-dir deployments", + default=4 + ) + phantom_rendezvous_point_loopback_id4: int = Field( + alias="phantomRendezvousPointLoopbackId4", + description=( + "Underlay phantom rendezvous point loopback quaternary Id for PIM Bi-dir deployments" + ), + default=5 + ) + l3vni_multicast_group: str = Field( + alias="l3vniMulticastGroup", + description="Default Underlay Multicast group IPv4 address assigned for every overlay VRF", + default="239.1.1.0" + ) + l3_vni_ipv6_multicast_group: str = Field( + alias="l3VniIpv6MulticastGroup", + description="Default Underlay Multicast group IP6 address assigned for every overlay VRF", + default="ff1e::" + ) + ipv6_multicast_group_subnet: str = Field( + alias="ipv6MulticastGroupSubnet", + description="IPv6 Multicast address with prefix 112 to 128", + default="ff1e::/121" + ) + mvpn_vrf_route_import_id: bool = Field( + alias="mvpnVrfRouteImportId", + description="Enable MVPN VRI ID Generation For Tenant Routed Multicast With IPv4 Underlay", + default=True + ) mvpn_vrf_route_import_id_range: Optional[str] = Field( alias="mvpnVrfRouteImportIdRange", - description="MVPN VRF route import ID range", + description=( + "MVPN VRI ID (minimum: 1, maximum: 65535) for vPC, applicable when TRM enabled " + "with IPv6 underlay, or mvpnVrfRouteImportId enabled with IPv4 underlay" + ), default=None ) vrf_route_import_id_reallocation: bool = Field( alias="vrfRouteImportIdReallocation", - description="Enable VRF route import ID reallocation", + description="One time VRI ID re-allocation based on 'MVPN VRI ID Range'", default=False ) # Advanced Features anycast_gateway_mac: str = Field( alias="anycastGatewayMac", - description="Anycast gateway MAC address", + description="Shared anycast gateway MAC address for all VTEPs", default="2020.0000.00aa" ) - target_subnet_mask: int = Field(alias="targetSubnetMask", description="Target subnet mask", ge=24, le=31, default=30) - fabric_mtu: int = Field(alias="fabricMtu", description="Fabric MTU size", ge=1500, le=9216, default=9216) - l2_host_interface_mtu: int = Field(alias="l2HostInterfaceMtu", description="L2 host interface MTU", ge=1500, le=9216, default=9216) + target_subnet_mask: int = Field( + alias="targetSubnetMask", + description="Mask for underlay subnet IP range", + ge=24, le=31, default=30 + ) + fabric_mtu: int = Field( + alias="fabricMtu", + description="Intra Fabric Interface MTU. Must be an even number", + ge=1500, le=9216, default=9216 + ) + l2_host_interface_mtu: int = Field( + alias="l2HostInterfaceMtu", + description="Layer 2 host interface MTU. Must be an even number", + ge=1500, le=9216, default=9216 + ) l3_vni_no_vlan_default_option: bool = Field( alias="l3VniNoVlanDefaultOption", - description="L3 VNI configuration without VLAN", + description=( + "L3 VNI configuration without VLAN configuration. This value is propagated on vrf " + "creation as the default value of 'Enable L3VNI w/o VLAN' in vrf" + ), + default=False + ) + underlay_ipv6: bool = Field( + alias="underlayIpv6", + description="If not enabled, IPv4 underlay is used", default=False ) - underlay_ipv6: bool = Field(alias="underlayIpv6", description="Enable IPv6 underlay", default=False) static_underlay_ip_allocation: bool = Field( alias="staticUnderlayIpAllocation", - description="Disable dynamic underlay IP address allocation", + description="Checking this will disable Dynamic Underlay IP Address Allocations", default=False ) anycast_border_gateway_advertise_physical_ip: bool = Field( alias="anycastBorderGatewayAdvertisePhysicalIp", - description="Advertise Anycast Border Gateway PIP as VTEP", + description=( + "To advertise Anycast Border Gateway PIP as VTEP. " + "Effective on MSD fabric 'Recalculate Config'" + ), default=False ) # VPC Configuration - vpc_domain_id_range: str = Field(alias="vpcDomainIdRange", description="vPC domain ID range", default="1-1000") - vpc_peer_link_vlan: str = Field(alias="vpcPeerLinkVlan", description="vPC peer link VLAN", default="3600") + vpc_domain_id_range: str = Field( + alias="vpcDomainIdRange", + description="vPC Domain id range (minimum: 1, maximum: 1000) to use for new pairings", + default="1-1000" + ) + vpc_peer_link_vlan: str = Field( + alias="vpcPeerLinkVlan", + description="VLAN range (minimum: 2, maximum: 4094) for vPC Peer Link SVI", + default="3600" + ) vpc_peer_link_enable_native_vlan: bool = Field( alias="vpcPeerLinkEnableNativeVlan", - description="Enable native VLAN on vPC peer link", + description="Enable VpcPeer Link for Native Vlan", default=False ) vpc_peer_keep_alive_option: VpcPeerKeepAliveOptionEnum = Field( alias="vpcPeerKeepAliveOption", - description="vPC peer keep-alive option", + description="Use vPC Peer Keep Alive with Loopback or Management", default=VpcPeerKeepAliveOptionEnum.MANAGEMENT ) vpc_auto_recovery_timer: int = Field( alias="vpcAutoRecoveryTimer", - description="vPC auto recovery timer", + description="vPC auto recovery timer (in seconds)", ge=240, le=3600, default=360 ) vpc_delay_restore_timer: int = Field( alias="vpcDelayRestoreTimer", - description="vPC delay restore timer", + description="vPC delay restore timer (in seconds)", ge=1, le=3600, default=150 ) - vpc_peer_link_port_channel_id: str = Field(alias="vpcPeerLinkPortChannelId", description="vPC peer link port-channel ID", default="500") + vpc_peer_link_port_channel_id: str = Field( + alias="vpcPeerLinkPortChannelId", + description="vPC Peer Link Port Channel ID (minimum: 1, maximum: 4096)", + default="500" + ) vpc_ipv6_neighbor_discovery_sync: bool = Field( alias="vpcIpv6NeighborDiscoverySync", - description="Enable vPC IPv6 ND sync", + description="Enable IPv6 ND synchronization between vPC peers", + default=True + ) + vpc_layer3_peer_router: bool = Field( + alias="vpcLayer3PeerRouter", + description="Enable Layer-3 Peer-Router on all Leaf switches", default=True ) - vpc_layer3_peer_router: bool = Field(alias="vpcLayer3PeerRouter", description="Enable vPC layer-3 peer router", default=True) - vpc_tor_delay_restore_timer: int = Field(alias="vpcTorDelayRestoreTimer", description="vPC TOR delay restore timer", default=30) - fabric_vpc_domain_id: bool = Field(alias="fabricVpcDomainId", description="Enable fabric vPC domain ID", default=False) - shared_vpc_domain_id: int = Field(alias="sharedVpcDomainId", description="Shared vPC domain ID", default=1) - fabric_vpc_qos: bool = Field(alias="fabricVpcQos", description="Enable fabric vPC QoS", default=False) + vpc_tor_delay_restore_timer: int = Field( + alias="vpcTorDelayRestoreTimer", + description="vPC delay restore timer for ToR switches (in seconds)", + default=30 + ) + fabric_vpc_domain_id: bool = Field( + alias="fabricVpcDomainId", + description="Enable the same vPC Domain Id for all vPC Pairs. Not Recommended.", + default=False + ) + shared_vpc_domain_id: int = Field( + alias="sharedVpcDomainId", + description="vPC Domain Id to be used on all vPC pairs", + default=1 + ) + fabric_vpc_qos: bool = Field( + alias="fabricVpcQos", + description="Qos on spines for guaranteed delivery of vPC Fabric Peering communication", + default=False + ) fabric_vpc_qos_policy_name: str = Field( alias="fabricVpcQosPolicyName", - description="Fabric vPC QoS policy name", + description="Qos Policy name should be same on all spines", default="spine_qos_for_fabric_vpc_peering" ) - enable_peer_switch: bool = Field(alias="enablePeerSwitch", description="Enable vPC peer-switch feature on ToR switches", default=False) + enable_peer_switch: bool = Field( + alias="enablePeerSwitch", + description="Enable the vPC peer-switch feature on ToR switches", + default=False + ) # Per-VRF Loopback per_vrf_loopback_auto_provision: bool = Field( alias="perVrfLoopbackAutoProvision", - description="Auto provision IPv4 loopback on VRF attachment", + description=( + "Auto provision an IPv4 loopback on a VTEP on VRF attachment. Note: Enabling this option " + "auto-provisions loopback on existing VRF attachments and also when Edit, QuickAttach, or " + "Multiattach actions are performed. Provisioned loopbacks cannot be deleted until VRFs " + "are unattached." + ), default=False ) per_vrf_loopback_ip_range: str = Field( alias="perVrfLoopbackIpRange", - description="Per-VRF loopback IPv4 prefix pool", + description="Prefix pool to assign IPv4 addresses to loopbacks on VTEPs on a per VRF basis", default="10.5.0.0/22" ) per_vrf_loopback_auto_provision_ipv6: bool = Field( alias="perVrfLoopbackAutoProvisionIpv6", - description="Auto provision IPv6 loopback on VRF attachment", + description="Auto provision an IPv6 loopback on a VTEP on VRF attachment.", default=False ) per_vrf_loopback_ipv6_range: str = Field( alias="perVrfLoopbackIpv6Range", - description="Per-VRF loopback IPv6 prefix pool", + description="Prefix pool to assign IPv6 addresses to loopbacks on VTEPs on a per VRF basis", default="fd00::a05:0/112" ) # Templates - vrf_template: str = Field(alias="vrfTemplate", description="VRF template", default="Default_VRF_Universal") - network_template: str = Field(alias="networkTemplate", description="Network template", default="Default_Network_Universal") + vrf_template: str = Field( + alias="vrfTemplate", + description="Default overlay VRF template for leafs", + default="Default_VRF_Universal" + ) + network_template: str = Field( + alias="networkTemplate", + description="Default overlay network template for leafs", + default="Default_Network_Universal" + ) vrf_extension_template: str = Field( alias="vrfExtensionTemplate", - description="VRF extension template", + description="Default overlay VRF template for borders", default="Default_VRF_Extension_Universal" ) network_extension_template: str = Field( alias="networkExtensionTemplate", - description="Network extension template", + description="Default overlay network template for borders", default="Default_Network_Extension_Universal" ) # Optional Advanced Settings - performance_monitoring: bool = Field(alias="performanceMonitoring", description="Enable performance monitoring", default=False) + performance_monitoring: bool = Field( + alias="performanceMonitoring", + description=( + "If enabled, switch metrics are collected through periodic SNMP polling. " + "Alternative to real-time telemetry" + ), + default=False + ) tenant_dhcp: bool = Field(alias="tenantDhcp", description="Enable tenant DHCP", default=True) - advertise_physical_ip: bool = Field(alias="advertisePhysicalIp", description="Advertise physical IP as VTEP", default=False) + advertise_physical_ip: bool = Field( + alias="advertisePhysicalIp", + description="For Primary VTEP IP Advertisement As Next-Hop Of Prefix Routes", + default=False + ) advertise_physical_ip_on_border: bool = Field( alias="advertisePhysicalIpOnBorder", - description="Advertise physical IP on border switches only", + description=( + "Enable advertise-pip on vPC borders and border gateways only. " + "Applicable only when vPC advertise-pip is not enabled" + ), default=True ) # Protocol Settings — BGP - bgp_authentication: bool = Field(alias="bgpAuthentication", description="Enable BGP authentication", default=False) - bgp_authentication_key_type: str = Field( + bgp_authentication: bool = Field( + alias="bgpAuthentication", + description="Enables or disables the BGP authentication", + default=False + ) + bgp_authentication_key_type: BgpAuthenticationKeyTypeEnum = Field( alias="bgpAuthenticationKeyType", - description="BGP authentication key type", - default="3des" + description="BGP key encryption type: 3 - 3DES, 6 - Cisco type 6, 7 - Cisco type 7", + default=BgpAuthenticationKeyTypeEnum.THREE_DES + ) + bgp_authentication_key: str = Field( + alias="bgpAuthenticationKey", + description="Encrypted BGP authentication key based on type", + default="" ) - bgp_authentication_key: str = Field(alias="bgpAuthenticationKey", description="BGP authentication key", default="") # Protocol Settings — BFD - bfd: bool = Field(description="Enable BFD", default=False) - bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD for iBGP", default=False) - bfd_authentication: bool = Field(alias="bfdAuthentication", description="Enable BFD authentication", default=False) - bfd_authentication_key_id: int = Field(alias="bfdAuthenticationKeyId", description="BFD authentication key ID", default=100) - bfd_authentication_key: str = Field(alias="bfdAuthenticationKey", description="BFD authentication key", default="") + bfd: bool = Field(description="Enable BFD. Valid for IPv4 Underlay only", default=False) + bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD For iBGP", default=False) + bfd_authentication: bool = Field( + alias="bfdAuthentication", + description="Enable BFD Authentication. Valid for P2P Interfaces only", + default=False + ) + bfd_authentication_key_id: int = Field( + alias="bfdAuthenticationKeyId", + description="BFD Authentication Key ID", + default=100 + ) + bfd_authentication_key: str = Field( + alias="bfdAuthenticationKey", + description="Encrypted SHA1 secret value", + default="" + ) # Protocol Settings — PIM - pim_hello_authentication: bool = Field(alias="pimHelloAuthentication", description="Enable PIM hello authentication", default=False) - pim_hello_authentication_key: str = Field(alias="pimHelloAuthenticationKey", description="PIM hello authentication key", default="") + pim_hello_authentication: bool = Field( + alias="pimHelloAuthentication", + description="Valid for IPv4 Underlay only", + default=False + ) + pim_hello_authentication_key: str = Field( + alias="pimHelloAuthenticationKey", + description="3DES Encrypted", + default="" + ) # Management Settings - nxapi: bool = Field(description="Enable NX-API", default=False) - nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API HTTP", default=False) - nxapi_https_port: int = Field(alias="nxapiHttpsPort", description="NX-API HTTPS port", ge=1, le=65535, default=443) - nxapi_http_port: int = Field(alias="nxapiHttpPort", description="NX-API HTTP port", ge=1, le=65535, default=80) + nxapi: bool = Field(description="Enable NX-API over HTTPS", default=False) + nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API over HTTP", default=False) + nxapi_https_port: int = Field( + alias="nxapiHttpsPort", + description="HTTPS port for NX-API", + ge=1, le=65535, default=443 + ) + nxapi_http_port: int = Field( + alias="nxapiHttpPort", + description="HTTP port for NX-API", + ge=1, le=65535, default=80 + ) # Bootstrap / Day-0 / DHCP - day0_bootstrap: bool = Field(alias="day0Bootstrap", description="Enable day-0 bootstrap", default=False) + day0_bootstrap: bool = Field( + alias="day0Bootstrap", + description="Automatic IP Assignment For POAP", + default=False + ) bootstrap_subnet_collection: List[BootstrapSubnetModel] = Field( alias="bootstrapSubnetCollection", - description="Bootstrap subnet collection", + description="List of IPv4 or IPv6 subnets to be used for bootstrap", default_factory=list ) - local_dhcp_server: bool = Field(alias="localDhcpServer", description="Enable local DHCP server", default=False) - dhcp_protocol_version: str = Field(alias="dhcpProtocolVersion", description="DHCP protocol version", default="dhcpv4") - dhcp_start_address: str = Field(alias="dhcpStartAddress", description="DHCP start address", default="") - dhcp_end_address: str = Field(alias="dhcpEndAddress", description="DHCP end address", default="") - management_gateway: str = Field(alias="managementGateway", description="Management gateway", default="") - management_ipv4_prefix: int = Field(alias="managementIpv4Prefix", description="Management IPv4 prefix length", default=24) - management_ipv6_prefix: int = Field(alias="managementIpv6Prefix", description="Management IPv6 prefix length", default=64) + local_dhcp_server: bool = Field( + alias="localDhcpServer", + description="Automatic IP Assignment For POAP From Local DHCP Server", + default=False + ) + dhcp_protocol_version: DhcpProtocolVersionEnum = Field( + alias="dhcpProtocolVersion", + description="IP protocol version for Local DHCP Server", + default=DhcpProtocolVersionEnum.DHCPV4 + ) + dhcp_start_address: str = Field( + alias="dhcpStartAddress", + description="DHCP Scope Start Address For Switch POAP", + default="" + ) + dhcp_end_address: str = Field( + alias="dhcpEndAddress", + description="DHCP Scope End Address For Switch POAP", + default="" + ) + management_gateway: str = Field( + alias="managementGateway", + description="Default Gateway For Management VRF On The Switch", + default="" + ) + management_ipv4_prefix: int = Field( + alias="managementIpv4Prefix", + description="Switch Mgmt IP Subnet Prefix if ipv4", + default=24 + ) + management_ipv6_prefix: int = Field( + alias="managementIpv6Prefix", + description="Switch Management IP Subnet Prefix if ipv6", + default=64 + ) # Netflow Settings netflow_settings: NetflowSettingsModel = Field( @@ -442,181 +744,507 @@ class VxlanEbgpManagementModel(NDNestedModel): ) # Backup / Restore - real_time_backup: Optional[bool] = Field(alias="realTimeBackup", description="Enable real-time backup", default=None) - scheduled_backup: Optional[bool] = Field(alias="scheduledBackup", description="Enable scheduled backup", default=None) - scheduled_backup_time: str = Field(alias="scheduledBackupTime", description="Scheduled backup time", default="") + real_time_backup: Optional[bool] = Field( + alias="realTimeBackup", + description=( + "Backup hourly only if there is any config deployment since last backup" + ), + default=None + ) + scheduled_backup: Optional[bool] = Field( + alias="scheduledBackup", + description="Enable backup at the specified time daily", + default=None + ) + scheduled_backup_time: str = Field( + alias="scheduledBackupTime", + description=( + "Time (UTC) in 24 hour format to take a daily backup if enabled (00:00 to 23:59)" + ), + default="" + ) # VRF Lite / Sub-Interface - sub_interface_dot1q_range: str = Field(alias="subInterfaceDot1qRange", description="Sub-interface 802.1q range", default="2-511") - vrf_lite_auto_config: str = Field(alias="vrfLiteAutoConfig", description="VRF lite auto-config mode", default="manual") - vrf_lite_subnet_range: str = Field(alias="vrfLiteSubnetRange", description="VRF lite subnet range", default="10.33.0.0/16") - vrf_lite_subnet_target_mask: int = Field(alias="vrfLiteSubnetTargetMask", description="VRF lite subnet target mask", default=30) + sub_interface_dot1q_range: str = Field( + alias="subInterfaceDot1qRange", + description="Per aggregation dot1q range for VRF-Lite connectivity (minimum: 2, maximum: 4093)", + default="2-511" + ) + vrf_lite_auto_config: VrfLiteAutoConfigEnum = Field( + alias="vrfLiteAutoConfig", + description=( + "VRF Lite Inter-Fabric Connection Deployment Options. If 'back2BackAndToExternal' is " + "selected, VRF Lite IFCs are auto created between border devices of two Easy Fabrics, " + "and between border devices in Easy Fabric and edge routers in External Fabric. " + "The IP address is taken from the 'VRF Lite Subnet IP Range' pool." + ), + default=VrfLiteAutoConfigEnum.MANUAL + ) + vrf_lite_subnet_range: str = Field( + alias="vrfLiteSubnetRange", + description="Address range to assign P2P Interfabric Connections", + default="10.33.0.0/16" + ) + vrf_lite_subnet_target_mask: int = Field( + alias="vrfLiteSubnetTargetMask", + description="VRF Lite Subnet Mask", + default=30 + ) auto_unique_vrf_lite_ip_prefix: bool = Field( alias="autoUniqueVrfLiteIpPrefix", - description="Auto unique VRF lite IP prefix", + description=( + "When enabled, IP prefix allocated to the VRF LITE IFC is not reused on VRF extension " + "over VRF LITE IFC. Instead, unique IP Subnet is allocated for each VRF extension " + "over VRF LITE IFC." + ), default=False ) # Leaf / TOR - leaf_tor_id_range: bool = Field(alias="leafTorIdRange", description="Enable leaf/TOR ID range", default=False) + leaf_tor_id_range: bool = Field( + alias="leafTorIdRange", + description="Use specific vPC/Port-channel ID range for leaf-tor pairings", + default=False + ) leaf_tor_vpc_port_channel_id_range: str = Field( alias="leafTorVpcPortChannelIdRange", - description="Leaf/TOR vPC port-channel ID range", + description=( + "Specify vPC/Port-channel ID range (minimum: 1, maximum: 4096), this range is used " + "for auto-allocating vPC/Port-Channel IDs for leaf-tor pairings" + ), default="1-499" ) - allow_vlan_on_leaf_tor_pairing: str = Field( + allow_vlan_on_leaf_tor_pairing: AllowVlanOnLeafTorPairingEnum = Field( alias="allowVlanOnLeafTorPairing", - description="Set trunk allowed VLAN on leaf-TOR pairing port-channels", - default="none" + description="Set trunk allowed vlan to 'none' or 'all' for leaf-tor pairing port-channels", + default=AllowVlanOnLeafTorPairingEnum.NONE ) # DNS / NTP / Syslog Collections - ntp_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="ntpServerCollection") - ntp_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="ntpServerVrfCollection") - dns_collection: List[str] = Field(default_factory=lambda: ["5.192.28.174"], alias="dnsCollection") - dns_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="dnsVrfCollection") - syslog_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerCollection") - syslog_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerVrfCollection") - syslog_severity_collection: List[int] = Field(default_factory=lambda: [7], alias="syslogSeverityCollection") + ntp_server_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="ntpServerCollection", + description="List of NTP server IPv4/IPv6 addresses and/or hostnames" + ) + ntp_server_vrf_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="ntpServerVrfCollection", + description=( + "NTP Server VRFs. One VRF for all NTP servers or a list of VRFs, one per NTP server" + ) + ) + dns_collection: List[str] = Field( + default_factory=lambda: ["5.192.28.174"], + alias="dnsCollection", + description="List of IPv4 and IPv6 DNS addresses" + ) + dns_vrf_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="dnsVrfCollection", + description=( + "DNS Server VRFs. One VRF for all DNS servers or a list of VRFs, one per DNS server" + ) + ) + syslog_server_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="syslogServerCollection", + description="List of Syslog server IPv4/IPv6 addresses and/or hostnames" + ) + syslog_server_vrf_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="syslogServerVrfCollection", + description=( + "Syslog Server VRFs. One VRF for all Syslog servers or a list of VRFs, " + "one per Syslog server" + ) + ) + syslog_severity_collection: List[int] = Field( + default_factory=lambda: [7], + alias="syslogSeverityCollection", + description="List of Syslog severity values, one per Syslog server" + ) # Extra Config / Pre-Interface Config / AAA / Banner - banner: str = Field(description="Fabric banner text", default="") - extra_config_leaf: str = Field(alias="extraConfigLeaf", description="Extra leaf config", default="") - extra_config_spine: str = Field(alias="extraConfigSpine", description="Extra spine config", default="") - extra_config_tor: str = Field(alias="extraConfigTor", description="Extra TOR config", default="") + banner: str = Field( + description=( + "Message of the Day (motd) banner. Delimiter char (very first char is delimiter char) " + "followed by message ending with delimiter" + ), + default="" + ) + extra_config_leaf: str = Field( + alias="extraConfigLeaf", + description=( + "Additional CLIs as captured from the show running configuration, added after interface " + "configurations for all switches with a VTEP unless they have some spine role" + ), + default="" + ) + extra_config_spine: str = Field( + alias="extraConfigSpine", + description=( + "Additional CLIs as captured from the show running configuration, added after interface " + "configurations for all switches with some spine role" + ), + default="" + ) + extra_config_tor: str = Field( + alias="extraConfigTor", + description=( + "Additional CLIs as captured from the show running configuration, added after interface " + "configurations for all ToRs" + ), + default="" + ) extra_config_intra_fabric_links: str = Field( alias="extraConfigIntraFabricLinks", - description="Extra intra-fabric links config", + description="Additional CLIs for all Intra-Fabric links", + default="" + ) + extra_config_aaa: str = Field( + alias="extraConfigAaa", + description="AAA Configurations", + default="" + ) + extra_config_nxos_bootstrap: str = Field( + alias="extraConfigNxosBootstrap", + description="Additional CLIs required during device bootup/login e.g. AAA/Radius", + default="" + ) + aaa: bool = Field( + description="Include AAA configs from Manageability tab during device bootup", + default=False + ) + pre_interface_config_leaf: str = Field( + alias="preInterfaceConfigLeaf", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " + "configurations for all switches with a VTEP unless they have some spine role" + ), + default="" + ) + pre_interface_config_spine: str = Field( + alias="preInterfaceConfigSpine", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " + "configurations for all switches with some spine role" + ), + default="" + ) + pre_interface_config_tor: str = Field( + alias="preInterfaceConfigTor", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " + "configurations for all ToRs" + ), default="" ) - extra_config_aaa: str = Field(alias="extraConfigAaa", description="Extra AAA config", default="") - extra_config_nxos_bootstrap: str = Field(alias="extraConfigNxosBootstrap", description="Extra NX-OS bootstrap config", default="") - aaa: bool = Field(description="Enable AAA", default=False) - pre_interface_config_leaf: str = Field(alias="preInterfaceConfigLeaf", description="Pre-interface leaf config", default="") - pre_interface_config_spine: str = Field(alias="preInterfaceConfigSpine", description="Pre-interface spine config", default="") - pre_interface_config_tor: str = Field(alias="preInterfaceConfigTor", description="Pre-interface TOR config", default="") # System / Compliance / OAM / Misc greenfield_debug_flag: GreenfieldDebugFlagEnum = Field( alias="greenfieldDebugFlag", - description="Greenfield debug flag", + description=( + "Allow switch configuration to be cleared without a reload when " + "preserveConfig is set to false" + ), default=GreenfieldDebugFlagEnum.DISABLE ) interface_statistics_load_interval: int = Field( alias="interfaceStatisticsLoadInterval", - description="Interface statistics load interval in seconds", + description="Interface Statistics Load Interval. Time in seconds", default=10 ) - nve_hold_down_timer: int = Field(alias="nveHoldDownTimer", description="NVE source interface hold-down timer in seconds", default=180) - next_generation_oam: bool = Field(alias="nextGenerationOAM", description="Enable next-generation OAM", default=True) + nve_hold_down_timer: int = Field( + alias="nveHoldDownTimer", + description="NVE Source Inteface HoldDown Time in seconds", + default=180 + ) + next_generation_oam: bool = Field( + alias="nextGenerationOAM", + description=( + "Enable the Next Generation (NG) OAM feature for all switches in the fabric " + "to aid in trouble-shooting VXLAN EVPN fabrics" + ), + default=True + ) ngoam_south_bound_loop_detect: bool = Field( alias="ngoamSouthBoundLoopDetect", - description="Enable NGOAM south bound loop detection", + description="Enable the Next Generation (NG) OAM southbound loop detection", default=False ) ngoam_south_bound_loop_detect_probe_interval: int = Field( alias="ngoamSouthBoundLoopDetectProbeInterval", - description="NGOAM south bound loop detect probe interval in seconds", + description=( + "Set Next Generation (NG) OAM southbound loop detection probe interval in seconds." + ), default=300 ) ngoam_south_bound_loop_detect_recovery_interval: int = Field( alias="ngoamSouthBoundLoopDetectRecoveryInterval", - description="NGOAM south bound loop detect recovery interval in seconds", + description=( + "Set the Next Generation (NG) OAM southbound loop detection recovery interval in seconds" + ), default=600 ) strict_config_compliance_mode: bool = Field( alias="strictConfigComplianceMode", - description="Enable strict config compliance mode", + description=( + "Enable bi-directional compliance checks to flag additional configs in the running config " + "that are not in the intent/expected config" + ), + default=False + ) + advanced_ssh_option: bool = Field( + alias="advancedSshOption", + description=( + "Enable AAA IP Authorization. Enable only, when IP Authorization is enabled " + "in the AAA Server" + ), default=False ) - advanced_ssh_option: bool = Field(alias="advancedSshOption", description="Enable advanced SSH option", default=False) - copp_policy: CoppPolicyEnum = Field(alias="coppPolicy", description="CoPP policy", default=CoppPolicyEnum.STRICT) - power_redundancy_mode: str = Field(alias="powerRedundancyMode", description="Power redundancy mode", default="redundant") - heartbeat_interval: int = Field(alias="heartbeatInterval", description="XConnect heartbeat interval", default=190) - snmp_trap: bool = Field(alias="snmpTrap", description="Enable SNMP traps", default=True) - cdp: bool = Field(description="Enable CDP", default=False) + copp_policy: CoppPolicyEnum = Field( + alias="coppPolicy", + description=( + "Fabric wide CoPP policy. Customized CoPP policy should be provided " + "when 'manual' is selected." + ), + default=CoppPolicyEnum.STRICT + ) + power_redundancy_mode: PowerRedundancyModeEnum = Field( + alias="powerRedundancyMode", + description="Default Power Supply Mode for NX-OS Switches", + default=PowerRedundancyModeEnum.REDUNDANT + ) + heartbeat_interval: int = Field( + alias="heartbeatInterval", + description="XConnect heartbeat interval for periodic link status checks", + default=190 + ) + snmp_trap: bool = Field( + alias="snmpTrap", + description="Configure ND as a receiver for SNMP traps", + default=True + ) + cdp: bool = Field(description="Enable CDP on management interface", default=False) real_time_interface_statistics_collection: bool = Field( alias="realTimeInterfaceStatisticsCollection", - description="Enable real-time interface statistics collection", + description="Enable Real Time Interface Statistics Collection. Valid for NX-OS only", default=False ) - tcam_allocation: bool = Field(alias="tcamAllocation", description="Enable TCAM allocation", default=True) + tcam_allocation: bool = Field( + alias="tcamAllocation", + description=( + "TCAM commands are automatically generated for VxLAN and vPC Fabric Peering when Enabled" + ), + default=True + ) allow_smart_switch_onboarding: bool = Field( alias="allowSmartSwitchOnboarding", - description="Allow smart switch onboarding", + description="Enable onboarding of smart switches to Hypershield for firewall service", default=False ) # Queuing / QoS - default_queuing_policy: bool = Field(alias="defaultQueuingPolicy", description="Enable default queuing policy", default=False) + default_queuing_policy: bool = Field( + alias="defaultQueuingPolicy", + description="Enable Default Queuing Policies", + default=False + ) default_queuing_policy_cloudscale: str = Field( alias="defaultQueuingPolicyCloudscale", - description="Default queuing policy for cloudscale switches", + description=( + "Queuing Policy for all 92xx, -EX, -FX, -FX2, -FX3, -GX series switches in the fabric" + ), default="queuing_policy_default_8q_cloudscale" ) default_queuing_policy_r_series: str = Field( alias="defaultQueuingPolicyRSeries", - description="Default queuing policy for R-Series switches", + description="Queueing policy for all Nexus R-series switches", default="queuing_policy_default_r_series" ) default_queuing_policy_other: str = Field( alias="defaultQueuingPolicyOther", - description="Default queuing policy for other switches", + description="Queuing Policy for all other switches in the fabric", default="queuing_policy_default_other" ) - aiml_qos: bool = Field(alias="aimlQos", description="Enable AI/ML QoS", default=False) - aiml_qos_policy: str = Field(alias="aimlQosPolicy", description="AI/ML QoS policy", default="400G") - roce_v2: str = Field(alias="roceV2", description="RoCEv2 DSCP value", default="26") - cnp: str = Field(description="CNP DSCP value", default="48") - wred_min: int = Field(alias="wredMin", description="WRED minimum threshold in kbytes", default=950) - wred_max: int = Field(alias="wredMax", description="WRED maximum threshold in kbytes", default=3000) - wred_drop_probability: int = Field(alias="wredDropProbability", description="WRED drop probability %", default=7) - wred_weight: int = Field(alias="wredWeight", description="WRED weight", default=0) - bandwidth_remaining: int = Field(alias="bandwidthRemaining", description="Bandwidth remaining % for AI traffic queues", default=50) - dlb: bool = Field(description="Enable dynamic load balancing", default=False) - dlb_mode: str = Field(alias="dlbMode", description="DLB mode", default="flowlet") - dlb_mixed_mode_default: str = Field(alias="dlbMixedModeDefault", description="DLB mixed mode default", default="ecmp") - flowlet_aging: Optional[int] = Field(alias="flowletAging", description="Flowlet aging timer in microseconds", default=None) - flowlet_dscp: str = Field(alias="flowletDscp", description="Flowlet DSCP value", default="") - per_packet_dscp: str = Field(alias="perPacketDscp", description="Per-packet DSCP value", default="") - ai_load_sharing: bool = Field(alias="aiLoadSharing", description="Enable AI load sharing", default=False) + aiml_qos: bool = Field( + alias="aimlQos", + description=( + "Configures QoS and Queuing Policies specific to N9K Cloud Scale (CS) & Silicon One (S1) " + "switch fabric for AI network workloads" + ), + default=False + ) + aiml_qos_policy: AimlQosPolicyEnum = Field( + alias="aimlQosPolicy", + description=( + "Queuing Policy based on predominant fabric link speed: 800G / 400G / 100G / 25G. " + "User-defined allows for custom configuration." + ), + default=AimlQosPolicyEnum.V_400G + ) + roce_v2: str = Field( + alias="roceV2", + description=( + "DSCP for RDMA traffic: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43," + "cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="26" + ) + cnp: str = Field( + description=( + "DSCP value for Congestion Notification: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43," + "cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="48" + ) + wred_min: int = Field(alias="wredMin", description="WRED minimum threshold (in kbytes)", default=950) + wred_max: int = Field(alias="wredMax", description="WRED maximum threshold (in kbytes)", default=3000) + wred_drop_probability: int = Field(alias="wredDropProbability", description="Drop probability %", default=7) + wred_weight: int = Field( + alias="wredWeight", + description="Influences how quickly WRED reacts to queue depth changes", + default=0 + ) + bandwidth_remaining: int = Field( + alias="bandwidthRemaining", + description="Percentage of remaining bandwidth allocated to AI traffic queues", + default=50 + ) + dlb: bool = Field( + description=( + "Enables fabric-level Dynamic Load Balancing (DLB) configuration. " + "Note: Inter-Switch-Links (ISL) will be configured as DLB Interfaces" + ), + default=False + ) + dlb_mode: DlbModeEnum = Field( + alias="dlbMode", + description=( + "Select system-wide flowlet, per-packet (packet spraying) or policy driven mixed mode. " + "Note: Mixed mode is supported on Silicon One (S1) platform only." + ), + default=DlbModeEnum.FLOWLET + ) + dlb_mixed_mode_default: DlbMixedModeDefaultEnum = Field( + alias="dlbMixedModeDefault", + description="Default load balancing mode for policy driven mixed mode DLB", + default=DlbMixedModeDefaultEnum.ECMP + ) + flowlet_aging: Optional[int] = Field( + alias="flowletAging", + description=( + "Flowlet aging timer in microseconds. Valid range depends on platform: " + "Cloud Scale (CS)=1-2000000 (default 500), Silicon One (S1)=1-1024 (default 256)" + ), + default=None + ) + flowlet_dscp: str = Field( + alias="flowletDscp", + description=( + "DSCP values for flowlet load balancing: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43," + "cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="" + ) + per_packet_dscp: str = Field( + alias="perPacketDscp", + description=( + "DSCP values for per-packet load balancing: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43," + "cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="" + ) + ai_load_sharing: bool = Field( + alias="aiLoadSharing", + description=( + "Enable IP load sharing using source and destination address for AI workloads" + ), + default=False + ) priority_flow_control_watch_interval: Optional[int] = Field( alias="priorityFlowControlWatchInterval", - description="Priority flow control watch interval in milliseconds", + description=( + "Acceptable values from 101 to 1000 (milliseconds). " + "Leave blank for system default (100ms)." + ), default=None ) # PTP - ptp: bool = Field(description="Enable PTP", default=False) - ptp_loopback_id: int = Field(alias="ptpLoopbackId", description="PTP loopback ID", default=0) - ptp_domain_id: int = Field(alias="ptpDomainId", description="PTP domain ID", default=0) + ptp: bool = Field(description="Enable Precision Time Protocol (PTP)", default=False) + ptp_loopback_id: int = Field( + alias="ptpLoopbackId", + description="Precision Time Protocol Source Loopback Id", + default=0 + ) + ptp_domain_id: int = Field( + alias="ptpDomainId", + description="Multiple Independent PTP Clocking Subdomains on a Single Network", + default=0 + ) # Private VLAN - private_vlan: bool = Field(alias="privateVlan", description="Enable private VLAN", default=False) + private_vlan: bool = Field( + alias="privateVlan", + description="Enable PVLAN on switches except spines and super spines", + default=False + ) default_private_vlan_secondary_network_template: str = Field( alias="defaultPrivateVlanSecondaryNetworkTemplate", - description="Default private VLAN secondary network template", + description="Default PVLAN secondary network template", default="Pvlan_Secondary_Network" ) # MACsec - macsec: bool = Field(description="Enable MACsec", default=False) - macsec_cipher_suite: str = Field( + macsec: bool = Field( + description=( + "Enable MACsec in the fabric. MACsec fabric parameters are used for configuring " + "MACsec on a fabric link if MACsec is enabled on the link." + ), + default=False + ) + macsec_cipher_suite: MacsecCipherSuiteEnum = Field( alias="macsecCipherSuite", - description="MACsec cipher suite", - default="GCM-AES-XPN-256" + description="Configure Cipher Suite", + default=MacsecCipherSuiteEnum.GCM_AES_XPN_256 ) - macsec_key_string: str = Field(alias="macsecKeyString", description="MACsec primary key string", default="") - macsec_algorithm: str = Field(alias="macsecAlgorithm", description="MACsec primary cryptographic algorithm", default="AES_128_CMAC") - macsec_fallback_key_string: str = Field(alias="macsecFallbackKeyString", description="MACsec fallback key string", default="") - macsec_fallback_algorithm: str = Field( + macsec_key_string: str = Field( + alias="macsecKeyString", + description="MACsec Primary Key String. Cisco Type 7 Encrypted Octet String", + default="" + ) + macsec_algorithm: MacsecAlgorithmEnum = Field( + alias="macsecAlgorithm", + description="MACsec Primary Cryptographic Algorithm. AES_128_CMAC or AES_256_CMAC", + default=MacsecAlgorithmEnum.AES_128_CMAC + ) + macsec_fallback_key_string: str = Field( + alias="macsecFallbackKeyString", + description="MACsec Fallback Key String. Cisco Type 7 Encrypted Octet String", + default="" + ) + macsec_fallback_algorithm: MacsecAlgorithmEnum = Field( alias="macsecFallbackAlgorithm", - description="MACsec fallback cryptographic algorithm", - default="AES_128_CMAC" + description="MACsec Fallback Cryptographic Algorithm. AES_128_CMAC or AES_256_CMAC", + default=MacsecAlgorithmEnum.AES_128_CMAC + ) + macsec_report_timer: int = Field( + alias="macsecReportTimer", + description="MACsec Operational Status periodic report timer in minutes", + default=5 ) - macsec_report_timer: int = Field(alias="macsecReportTimer", description="MACsec report timer in minutes", default=5) # Hypershield / Connectivity + enable_dpu_pinning: bool = Field( + alias="enableDpuPinning", + description="Enable pinning of VRFs and networks to specific DPUs on smart switches", + default=False + ) connectivity_domain_name: Optional[str] = Field( alias="connectivityDomainName", description="Domain name to connect to Hypershield",