• CVP Container and Configlet Design Guidelines

 
 
Print Friendly, PDF & Email

Platforms:

All CloudVision (CVP) versions supported

Purpose:

The purpose of this document is to provide a starting point for those wanting to take advantage of CloudVision’s provisioning capabilities through the use of shared configlets that are pushed out to devices under a particular container.

Summary:

CloudVision manages Arista Switch configurations through the use of Containers and Configlets.  The Container layout is completely arbitrary and allows the customer flexibility and alignment to their organization’s mode of operation.  Containers are a hierarchical structure of Parent-Child relationships, similar to Active-Directory.  Configlets represent a snippet of a switch configuration.  The full configuration of a switch is merely the concatenation of multiple configlets assigned by containers and devices alike.  An example switch configuration is used below to show how it can be broken into smaller configlets.  Some information is the same across all switches (ie. aaa, snmp, logging).  Those configlets get applied at a higher level container, while switch specific configuration is assigned to a configlet that is applied to a single device.

Container and Configlet Design Guidelines

The following diagram is a simplistic example of Company XYZ that has 2 sites with a container per site (Site 1 & Site 2) below.  The Global container “Company XYZ” will host configlets for commands that are typically global to all devices such as: aliases, terminattr, event-monitor, aaa, and management api.  The 2 locations will have intermediate containers called:  Site 1 and Site 2.  These intermediate containers are a child of the parent container “Company XYZ” and host configlets for location specific configurations such as:  DNS, NTP and Timezone.  Each device will also have it’s own configlet for items specific to the device such as:  hostname, interfaces, management IP address, etc…

The above example is a simplistic container layout and will suffice for many organizations with few devices to manage.  Organizations with larger number of devices may elect to approach a container layout that is more granular in nature (see below).  Leaf and Spine devices may be broken down into individual containers.  You may apply different configurations to Leafs vs. Spines in this manner.

Sample Switch Configuration 

The following switch configuration has been broken down into smaller chunks called configlets.  Each snippet of configuration represents a single configlet in CVP.  Configlets can be applied at the container or switch level.  Configlets applied at the Global or Site level containers will be consumed by the switches that are members of those containers.  CVP provides flexibility for container infrastructure design, giving the customer ultimate rule in how they manage the infrastructure.

CONFIGLETS

The configlets below with a name prefix of ‘GLOBAL_’ are applied at the Company XYZ container.  Configlets with a name prefix of ‘SITE_1_’ are applied at the Site 1 container.  The last configlet, SPINE1, is applied to the device called SPINE1.

GLOBAL_ALIASES

alias shimet show bgp evpn route-type imet detail | awk '/for imet/ { print "VNI: " $7 ", VTEP: " $8, "RD: " $11 }'
alias shmacip show bgp evpn route-type mac-ip detail | awk '/for mac-ip/ { if (NF == 11) { print "RD: " $11, "VNI: " $7, "MAC: " $8 } else { print "RD: " $12, "VNI: " $7, "MAC: " $8, "IP: " $9 } }' | sed -e s/,//g
alias shprefix show bgp evpn route-type ip-prefix ipv4 detail | awk '/for ip-prefix/ { print "ip-prefix: " $7, "RD: " $10 }'
!

GLOBAL_TERMINATTR

daemon TerminAttr
   exec /usr/bin/TerminAttr -ingestgrpcurl=192.168.100.240:9910 -cvcompression=gzip -ingestauth=key,magickey04162020 -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -ingestvrf=MGMT -taillogs
   no shutdown
!

GLOBAL_EVENT-MONITOR

event-monitor
!

SITE_1_DNS_NTP

ip domain lookup vrf MGMT source-interface Management1
ip name-server vrf MGMT 192.168.70.1
dns domain ohvlab.local
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 216.239.35.4 prefer
!

GLOBAL_AUTHENTICATION

radius-server host 192.168.100.254 vrf MGMT key 7 082E44580518074542595C45
!
aaa group server radius RADIUS-GROUP
   server 192.168.100.254 vrf MGMT
!
aaa authentication login default group RADIUS-GROUP local
aaa authentication dot1x default group RADIUS-GROUP
!
username admin privilege 15 role network-admin secret sha512 $6$tQFnZeopb0IPpmX7$BowHaWzQIUXkcjAZSboAwSzCkBraZjgJugjYYP4.y/A9rMsKfxJ7GKWD7GbtHq20WvFC3TiwOQFzlDNUmnac//
username arista privilege 15 secret sha512 $6$q6ZYUi52LMKh.WEH$uGqc7omuQa.VhtUdSEltWeiBdFEVAxphWXe.UBXRYFx4TwGGmg9.YKXlaZORqxN7CEI18PGDZHzqeGomZJeZg1
username cvpadmin privilege 15 secret sha512 $6$4sLMfiH7WTA58PyX$XoC4AXQPce.yOyjo6Fcg.5CFev6s8cIb94s1uu.wWTYC8pPTe5iODxgpb6x1WUa96QEYfBmD5VaTO7etWfTOu/
!

SITE_1_TIMEZONE

clock timezone America/Detroit
!

GLOBAL_MANAGEMENT_API

management api http-commands
   protocol http
   no shutdown
   !
   vrf MGMT
      no shutdown
!
management ssh
   vrf MGMT
      no shutdown
!

SPINE1 – unique commands for SPINE1

!
hostname SPINE1
!
spanning-tree mode rapid-pvst
!
vrf instance MGMT
!
interface Ethernet1
   description EOS2
   load-interval 1
   mtu 9216
   no switchport
   ip address 10.1.2.1/24
!
interface Ethernet2
   description EOS3
   mtu 9216
   no switchport
   ip address 10.1.3.1/24
!
interface Ethernet3
   description EOS4
   mtu 9216
   no switchport
   ip address 10.1.4.1/24
!
interface Loopback0
   ip address 1.1.1.1/32
!
interface Management1
   vrf MGMT
   ip address 192.168.100.31/24
!
ip routing
no ip routing vrf MGMT
!
ip radius vrf MGMT source-interface Management1
!

Example Container Layout in CloudVision

In CloudVision, the container infrastructure looks similar to the following diagram.  Company XYZ is the global level container and holds configlets that are global to all devices managed by CVP.  Site 1, 2 and 3 containers hold configlets with site specific information such as NTP and DNS.  The MGMT & Prod containers can be ignored for this discussion.  The Undefined container holds devices that are newly registered in CVP and awaiting to be moved to their final container and consume configurations from above.

In the diagram above, the Global-Level Container called ‘Company XYZ’, is comprised of the following configlets:

  • GLOBAL_ALIASES
  • GLOBAL_AUTHENTICATION
  • GLOBAL_EVENT-MONITOR
  • GLOBAL_MANAGEMENT_API
  • GLOBAL_TERMINATTR

The Site-Level Container called ‘Site 1’, is comprised of the following configlets:

  • SITE_1_DNS_NTP
  • SITE_1_TIMEZONE

The Device called ‘SPINE1’, has a single configlet called ‘SPINE1’ which comprises all the configuration line items specific to SPINE1.

The concatenation of all 8 configlets (red, blue, green) above make up the full running configuration of SPINE1.

Changes to SPINE1 configlet will only affect SPINE1.  Any changes to the other configlets will affect all devices that are members of the container and its upstream parent containers.

Each organization will design their own container layout to simplify their management workflows and increase provisioning efficiencies.  There is no right or wrong answer here.

Additional Resources:

Deploying Arista Switches using CloudVision Portal – https://eos.arista.com/deploying-arista-switches-using-cloudvision-portal/

Importing Existing switches into CloudVision Portal – https://eos.arista.com/importing-existing-switches-into-cloudvision-portal/

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: