L2VPN/VPWS: derive route distinguisher and route target

unfokus · loulecrivain · commit eadb7642522b · 2025-07-30T12:30:49.000+02:00
diff --git a/cosmo.example.yml b/cosmo.example.yml
@@ -1,5 +1,5 @@
 fqdnSuffix: infra.example.com
-
+asn: 65542
 devices:
   router:
     - "router1"
diff --git a/cosmo/__main__.py b/cosmo/__main__.py
@@ -48,6 +48,10 @@ def main() -> int:
     with open(args.config, 'r') as cfg_file:
         cosmo_configuration = yaml.safe_load(cfg_file)
 
+    if not 'asn' in cosmo_configuration:
+        error(f"Field 'asn' not defined in configuration file", None)
+        return 1
+
     info(f"Fetching information from Netbox, make sure VPN is enabled on your system.")
 
     netbox_url = os.environ.get("NETBOX_URL")
@@ -82,7 +86,7 @@ def noop(*args, **kwargs):
         content = None
         try:
             if device['name'] in cosmo_configuration['devices']['router']:
-                router_serializer = RouterSerializer(device, cosmo_data['l2vpn_list'], cosmo_data["loopbacks"])
+                router_serializer = RouterSerializer(device, cosmo_data['l2vpn_list'], cosmo_data["loopbacks"], cosmo_configuration["asn"])
                 content = router_serializer.serialize()
             elif device['name'] in cosmo_configuration['devices']['switch']:
                 switch_serializer = SwitchSerializer(device)
diff --git a/cosmo/l2vpnhelpertypes.py b/cosmo/l2vpnhelpertypes.py
@@ -75,6 +75,8 @@ def __init__(self, *args, associated_l2vpn: L2VPNType, loopbacks_by_device: dict
         self.associated_l2vpn = associated_l2vpn
         self.loopbacks_by_device = loopbacks_by_device
         self.asn = asn
+        # when using 32 bit ASN we have to append L to the route target prefix
+        self.rt = str(asn) if asn <= 2**16 else f"{asn}L"
 
     def __repr__(self):
         return f"{self.__class__.__name__}({self.associated_l2vpn})"
@@ -318,14 +320,15 @@ def processInterfaceTypeTermination(self, o: InterfaceType) -> dict | None:
             lambda i: i != local,
             parent_l2vpn.getTerminations()
         ))
+        router_id = o.getParent(DeviceType).getRouterID()
         return {
             self._vrf_key: {
                 parent_l2vpn.getName().replace("WAN: ", ""): {
                     "interfaces": [o.getName()],
                     "description": f"VPWS: {parent_l2vpn.getName().replace('WAN: VS_', '')}",
                     "instance_type": "evpn-vpws",
-                    "route_distinguisher": f"{self.asn}:{str(parent_l2vpn.getIdentifier())}",
-                    "vrf_target": f"target:1:{str(parent_l2vpn.getIdentifier())}",
+                    "route_distinguisher": f"{router_id}:{str(parent_l2vpn.getIdentifier())}",
+                    "vrf_target": f"target:{self.rt}:{str(parent_l2vpn.getIdentifier())}",
                     "protocols": {
                         "evpn": {
                             "interfaces": {
diff --git a/cosmo/netbox_types.py b/cosmo/netbox_types.py
@@ -8,7 +8,7 @@
 from abc import abstractmethod
 from ipaddress import IPv4Interface, IPv6Interface
 
-from .common import without_keys, JsonOutputType
+from .common import without_keys, JsonOutputType, DeviceSerializationError
 from typing import Self, Iterator, TypeVar, NoReturn
 
 
@@ -235,6 +235,33 @@ def getISISIdentifier(self) -> str|None:
             return None
         return sys_id
 
+    def getRouterID(self) -> str:
+        # Deriving the router ID is a bit tricky, there is no 'correct' way.
+        # For us it's the primary loopback IPv4 address
+
+        # get first loopback interface in default vrf
+        loopback = next(filter(
+            lambda x: (x.isLoopbackChild() and x.getVRF() == None),
+            self.getInterfaces()
+        ), None)
+
+        if loopback == None:
+            raise DeviceSerializationError("Can't derive Router ID, no suitable loopback interface found.")
+            return ""
+
+        # get first IPv4 of that interface
+        address = next(filter(
+            lambda i: type(i) is IPv4Interface,
+            map(lambda i: i.getIPInterfaceObject(), loopback.getIPAddresses())
+        ), None)
+
+        if address == None:
+            raise DeviceSerializationError("Can't derive Router ID, no suitable loopback IP address found.")
+            return ""
+
+        # return that IP without subnet mask and hope for the best
+        return str(address.ip)
+
 
 class DeviceTypeType(AbstractNetboxType):
     def getBasePath(self):
@@ -365,7 +392,9 @@ def getSubInterfaceParentInterfaceName(self) -> str|None:
         return ret
 
     def getVRF(self) -> VRFType|None:
-        return self.get("vrf")
+        if self["vrf"]:
+            return VRFType(self["vrf"])
+        return None
 
     def spitInterfacePathWith(self, d: dict) -> dict:
         """
@@ -449,6 +478,9 @@ def getIPAddresses(self) -> list[IPAddressType]:
     def hasParentInterface(self) -> bool:
         return bool(self.get("parent"))
 
+    def isLoopbackChild(self):
+        return '.' in self.getName() and self.getName().startswith("lo")
+
     def getConnectedEndpoints(self) -> list[DeviceType]:
         return self.get("connected_endpoints", [])
 
@@ -486,7 +518,10 @@ def getBasePath(self):
         return "/vpn/l2vpns/"
 
     def getIdentifier(self) -> int|None:
-        return self["identifier"]
+        if self["identifier"]:
+            return self["identifier"]
+        else:
+            return self["id"]
 
     def getType(self) -> str:
         return self["type"]
@@ -554,10 +589,9 @@ def getPrefixes(self) -> list[IPv6Interface|IPv4Interface]:
         return [
             ipaddress.ip_interface(p["prefix"]) for p in self["ip_prefixes"]
         ]
-        
+
     def isUniqueToDevice(self) -> bool:
         return len(self["devices"]) == 1
-    
+
     def hasIPRanges(self) -> bool:
         return len(self["ip_ranges"]) > 0
-        
diff --git a/cosmo/routerl2vpnvisitor.py b/cosmo/routerl2vpnvisitor.py
@@ -32,10 +32,6 @@ def isCompliantWANL2VPN(self, o: L2VPNType):
         terminations = o.getTerminations()
         identifier = o.getIdentifier()
         l2vpn_type = self.getL2VpnTypeTerminationObjectFrom(o)
-        if l2vpn_type.needsL2VPNIdentifierAsMandatory() and identifier is None:
-            raise L2VPNSerializationError(
-                f"for {o.getName()}: L2VPN identifier is mandatory."
-            )
         if not l2vpn_type.isValidNumberOfTerminations(len(terminations)):
             raise L2VPNSerializationError(
                 f"for {o.getName()}: "
diff --git a/cosmo/routervisitor.py b/cosmo/routervisitor.py
@@ -270,15 +270,12 @@ def _(self, o: InterfaceType):
             }
         }
 
-    def getRouterId(self, o: DeviceType) -> str:
-        return str(ipaddress.ip_interface(str(self.loopbacks_by_device[o.getName()].getIpv4())).ip)
-
     @accept.register
     def _(self, o: VRFType):
         parent_interface = o.getParent(InterfaceType)
         if not parent_interface.isSubInterface():
             return # guard: do not process root interface
-        router_id = self.getRouterId(o.getParent(DeviceType))
+        router_id = o.getParent(DeviceType).getRouterID()
         if o.getRouteDistinguisher():
             rd = router_id + ":" + o.getRouteDistinguisher()
         elif len(o.getExportTargets()):
diff --git a/cosmo/serializer.py b/cosmo/serializer.py
@@ -11,10 +11,11 @@
 
 
 class RouterSerializer:
-    def __init__(self, device, l2vpn_list, loopbacks):
+    def __init__(self, device, l2vpn_list, loopbacks, asn):
         self.device = device
         self.l2vpn_list = l2vpn_list
         self.loopbacks = loopbacks
+        self.asn = asn
 
         self.l2vpns = {}
         self.l3vpns = {}
@@ -42,7 +43,7 @@ def serialize(self) -> CosmoOutputType|Never:
         # breakpoint()
         visitor = RouterDeviceExporterVisitor(
             loopbacks_by_device={k: CosmoLoopbackType(v) for k, v in self.loopbacks.items()},
-            asn=9136,
+            asn=self.asn,
         )
         if self.allow_private_ips:
             visitor.allowPrivateIPs()
diff --git a/cosmo/tests/cosmo.devgen_ansible.yml b/cosmo/tests/cosmo.devgen_ansible.yml
@@ -1,5 +1,5 @@
 output_format: "ansible"
-
+asn: 65542
 devices:
   router:
     - "TEST0001"
diff --git a/cosmo/tests/cosmo.devgen_nix.yml b/cosmo/tests/cosmo.devgen_nix.yml
@@ -1,5 +1,5 @@
 output_format: "nix"
-
+asn: 65542
 devices:
   router:
     - "TEST0001"
diff --git a/cosmo/tests/test_case_bgpcpe.yml b/cosmo/tests/test_case_bgpcpe.yml
@@ -120,11 +120,11 @@ device_list:
       __typename: VRFType
       description: ''
       export_targets:
-      - name: target:9136:407
+      - name: target:65542:407
         __typename: RouteTargetType
       id: '407'
       import_targets:
-      - name: target:9136:407
+      - name: target:65542:407
         __typename: RouteTargetType
       name: L3VPN
       rd: null
@@ -165,11 +165,11 @@ device_list:
       __typename: VRFType
       description: ''
       export_targets:
-      - name: target:9136:407
+      - name: target:65542:407
         __typename: RouteTargetType
       id: '407'
       import_targets:
-      - name: target:9136:407
+      - name: target:65542:407
         __typename: RouteTargetType
       name: L3VPN
       rd: null
diff --git a/cosmo/tests/test_case_ips.yaml b/cosmo/tests/test_case_ips.yaml
@@ -23,6 +23,7 @@ device_list:
         name: fxp0.0
         tagged_vlans: [ ]
         untagged_vlan: null
+        vrf: null
       - custom_fields:
           inner_tag: null
           outer_tag: null
@@ -99,4 +100,4 @@ device_list:
 l2vpn_list: [ ]
 loopbacks:
   TEST0001:
-    ipv4: 45.139.136.10/32
+    ipv4: 45.139.136.10/32
diff --git a/cosmo/tests/test_case_l3vpn.yml b/cosmo/tests/test_case_l3vpn.yml
@@ -55,11 +55,11 @@ device_list:
     vrf:
       description: ''
       export_targets:
-        - name: target:9136:407
+        - name: target:65542:407
           __typename: RouteTargetType
       id: '407'
       import_targets:
-        - name: target:9136:407
+        - name: target:65542:407
           __typename: RouteTargetType
       name: L3VPN
       rd: null
diff --git a/cosmo/tests/test_case_policer.yaml b/cosmo/tests/test_case_policer.yaml
@@ -74,10 +74,10 @@ device_list:
       id: '399'
       description: ''
       export_targets:
-        - name: target:9136:399
+        - name: target:65542:399
           __typename: RouteTargetType
       import_targets:
-        - name: target:9136:399
+        - name: target:65542:399
           __typename: RouteTargetType
       name: L3VPN
       rd: null
diff --git a/cosmo/tests/test_case_vrf_staticroute.yaml b/cosmo/tests/test_case_vrf_staticroute.yaml
@@ -109,11 +109,11 @@ device_list:
     vrf:
       description: Test VRF
       export_targets:
-      - name: target:9136:111000000
+      - name: target:65542:111000000
         __typename: RouteTargetType
       id: '399'
       import_targets:
-      - name: target:9136:111000000
+      - name: target:65542:111000000
         __typename: RouteTargetType
       name: L3VPN-TEST
       rd: null
diff --git a/cosmo/tests/test_serializer.py b/cosmo/tests/test_serializer.py
@@ -24,7 +24,7 @@ def get_router_s_from_path(path):
     test_data = _yaml_load(path)
     return [
         RouterSerializer(device=device, l2vpn_list=test_data['l2vpn_list'],
-                         loopbacks=test_data.get('loopbacks', {})).allowPrivateIPs()
+                         loopbacks=test_data.get('loopbacks', {}), asn=65542).allowPrivateIPs()
         for device in test_data['device_list']]
 
 
@@ -42,7 +42,7 @@ def get_switch_sd_from_path(path):
 
 
 def test_router_platforms():
-    
+
     [juniper_s] = get_router_s_from_path("./test_case_2.yaml")
     juniper_manufacturer = ManufacturerFactoryFromDevice(DeviceType(juniper_s.device)).get()
     assert juniper_manufacturer.getRoutingInstanceName() == "mgmt_junos"
@@ -56,7 +56,7 @@ def test_router_platforms():
     with pytest.raises(Exception):
         s = get_router_s_from_path("./test_case_vendor_unknown.yaml")
         s.serialize()
-        
+
     with pytest.raises(Exception):
         s = get_router_s_from_path("./test_case_no_manuf_slug.yaml")
         s.serialize()
@@ -65,7 +65,7 @@ def test_router_platforms():
 def test_l2vpn_errors(capsys):
     serialize = lambda y: \
         RouterSerializer(device=y['device_list'][0], l2vpn_list=y['l2vpn_list'],
-                         loopbacks=y['loopbacks']).serialize()
+                         loopbacks=y['loopbacks'], asn=65542).serialize()
 
     template = _yaml_load("./test_case_l2x_err_template.yaml")
 
@@ -134,31 +134,6 @@ def test_l2vpn_errors(capsys):
             match=r"VPWS L2VPN does not support|Found unsupported L2VPN termination in"):
         serialize(vpws_non_interface_term)
 
-    vpws_missing_identifier = copy.deepcopy(template)
-    vpws_missing_identifier['l2vpn_list'].append({
-        '__typename': 'L2VPNType',
-        'id': '54',
-        'identifier': None,
-        'name': 'WAN: WAN: missing L2VPN identifier',
-        'type': 'evpn-vpws',
-        'terminations': [
-            {
-                '__typename': 'L2VPNTerminationType',
-                'assigned_object': {
-                    '__typename': "InterfaceType"
-                }
-            },
-            {
-                '__typename': 'L2VPNTerminationType',
-                'assigned_object': {
-                    '__typename': "InterfaceType"
-                }
-            }
-        ]
-    })
-    with pytest.raises(DeviceSerializationError, match="L2VPN identifier is mandatory."):
-        serialize(vpws_missing_identifier)
-
 
 def test_router_physical_interface():
     [sd] = get_router_sd_from_path("./test_case_1.yaml")
@@ -311,7 +286,7 @@ def test_router_case_mpls_evpn(capsys):
         assert ri['instance_type'] == "evpn"
         assert ri['protocols']['evpn'] == {}
 
-        assert ri['route_distinguisher'] == '9136:338'
+        assert ri['route_distinguisher'] == '65542:338'
         assert ri['vrf_target'] == 'target:1:338'
 
 
@@ -342,7 +317,7 @@ def test_router_case_vpws():
         assert ri['protocols']['evpn']['interfaces']['et-0/0/0.0']['vpws_service_id']['local'] == 184384 + (index * -1)
         assert ri['protocols']['evpn']['interfaces']['et-0/0/0.0']['vpws_service_id']['remote'] == 184383 + (index * 1)
 
-        assert ri['route_distinguisher'] == '9136:2708'
+        assert ri['route_distinguisher'] == '65542:2708'
         assert ri['vrf_target'] == 'target:1:2708'
 
 
@@ -396,9 +371,9 @@ def test_router_case_local_l3vpn():
 
     assert ri['route_distinguisher'] == '45.139.136.10:407'
     assert len(ri['import_targets']) == 1
-    assert ri['import_targets'][0] == "target:9136:407"
+    assert ri['import_targets'][0] == "target:65542:407"
     assert len(ri['export_targets']) == 1
-    assert ri['export_targets'][0] == "target:9136:407"
+    assert ri['export_targets'][0] == "target:65542:407"
 
     assert ri['routing_options'] == {}
 
