From 6e32fcada176c63b772184c37d66e13dd45ece87 Mon Sep 17 00:00:00 2001 From: HHDocs Date: Wed, 20 Dec 2023 20:08:07 +0000 Subject: [PATCH] Deployed 53c7187 to dev with MkDocs 1.5.3 and mike 1.1.2 --- dev/404.html | 20 + dev/concepts/overview/index.html | 20 + dev/contribute/docs/index.html | 20 + dev/contribute/overview/index.html | 20 + dev/getting-started/overview/index.html | 20 + dev/index.html | 20 + dev/install-upgrade/overview/index.html | 20 + dev/install-upgrade/requirements/index.html | 20 + .../supported-devices/index.html | 20 + dev/reference/api/index.html | 22 +- dev/reference/cli/index.html | 20 + dev/release-notes/index.html | 20 + dev/search/search_index.json | 2 +- dev/sitemap.xml | 5 + dev/sitemap.xml.gz | Bin 359 -> 366 bytes dev/troubleshooting/overview/index.html | 20 + dev/user-guide/external/index.html | 1558 +++++++++++++++++ dev/user-guide/harvester/index.html | 22 +- dev/user-guide/overview/index.html | 20 + dev/user-guide/vpc/index.html | 20 + dev/wiring/clos/index.html | 20 + dev/wiring/overview/index.html | 20 + master/user-guide/external/index.html | 16 + 23 files changed, 1942 insertions(+), 3 deletions(-) create mode 100644 dev/user-guide/external/index.html create mode 100644 master/user-guide/external/index.html diff --git a/dev/404.html b/dev/404.html index de19f8e..1de0796 100644 --- a/dev/404.html +++ b/dev/404.html @@ -605,6 +605,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/concepts/overview/index.html b/dev/concepts/overview/index.html index 166b253..474e67f 100644 --- a/dev/concepts/overview/index.html +++ b/dev/concepts/overview/index.html @@ -637,6 +637,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/contribute/docs/index.html b/dev/contribute/docs/index.html index 3038a70..d833858 100644 --- a/dev/contribute/docs/index.html +++ b/dev/contribute/docs/index.html @@ -625,6 +625,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/contribute/overview/index.html b/dev/contribute/overview/index.html index 8c8810a..4044c91 100644 --- a/dev/contribute/overview/index.html +++ b/dev/contribute/overview/index.html @@ -622,6 +622,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/getting-started/overview/index.html b/dev/getting-started/overview/index.html index 88f4c15..32f0a75 100644 --- a/dev/getting-started/overview/index.html +++ b/dev/getting-started/overview/index.html @@ -637,6 +637,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/index.html b/dev/index.html index d4aafb2..88f98e5 100644 --- a/dev/index.html +++ b/dev/index.html @@ -635,6 +635,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/install-upgrade/overview/index.html b/dev/install-upgrade/overview/index.html index bcec5b4..811074e 100644 --- a/dev/install-upgrade/overview/index.html +++ b/dev/install-upgrade/overview/index.html @@ -637,6 +637,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/install-upgrade/requirements/index.html b/dev/install-upgrade/requirements/index.html index 854df39..0b80f3e 100644 --- a/dev/install-upgrade/requirements/index.html +++ b/dev/install-upgrade/requirements/index.html @@ -630,6 +630,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/install-upgrade/supported-devices/index.html b/dev/install-upgrade/supported-devices/index.html index edd7108..04d8102 100644 --- a/dev/install-upgrade/supported-devices/index.html +++ b/dev/install-upgrade/supported-devices/index.html @@ -630,6 +630,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/reference/api/index.html b/dev/reference/api/index.html index 893a099..f7e94f4 100644 --- a/dev/reference/api/index.html +++ b/dev/reference/api/index.html @@ -15,7 +15,7 @@ - + @@ -627,6 +627,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/reference/cli/index.html b/dev/reference/cli/index.html index c5ded1e..e169bfe 100644 --- a/dev/reference/cli/index.html +++ b/dev/reference/cli/index.html @@ -627,6 +627,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/release-notes/index.html b/dev/release-notes/index.html index a7d3ade..5414350 100644 --- a/dev/release-notes/index.html +++ b/dev/release-notes/index.html @@ -627,6 +627,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/search/search_index.json b/dev/search/search_index.json index c9cbd29..dea405d 100644 --- a/dev/search/search_index.json +++ b/dev/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Introduction","text":""},{"location":"concepts/overview/","title":"Concepts","text":""},{"location":"contribute/docs/","title":"Documentation","text":""},{"location":"contribute/docs/#getting-started","title":"Getting started","text":"

    This documentation is done using MkDocs with multiple plugins enabled. It's based on the Markdown, you can find basic syntax overview here.

    In order to contribute to the documentation, you'll need to have Git and Docker installed on your machine as well as any editor of your choice, preferably supporting Markdown preview. You can run the preview server using following command:

    make serve\n

    Now you can open continuosly updated preview of your edits in browser at http://127.0.0.1:8000. Pages will be automatically updated while you're editing.

    Additionally you can run

    make build\n

    to make sure that your changes will be built correctly and doesn't break documentation.

    "},{"location":"contribute/docs/#workflow","title":"Workflow","text":"

    If you want to quick edit any page in the documentation, you can press the Edit this page icon at the top right of the page. It'll open the page in the GitHub editor. You can edit it and create a pull request with your changes.

    Please, never push to the master or release/* branches directly. Always create a pull request and wait for the review.

    Each pull request will be automatically built and preview will be deployed. You can find the link to the preview in the comments in pull request.

    "},{"location":"contribute/docs/#repository","title":"Repository","text":"

    Documentation is organized in per-release branches:

    Latest release branch is referenced as latest version in the documentation and will be used by default when you open the documentation.

    "},{"location":"contribute/docs/#file-layout","title":"File layout","text":"

    All documentation files are located in docs directory. Each file is a Markdown file with .md extension. You can create subdirectories to organize your files. Each directory can have a .pages file that overrides the default navigation order and titles.

    For example, top-level .pages in this repository looks like this:

    nav:\n  - index.md\n  - getting-started\n  - concepts\n  - Wiring Diagram: wiring\n  - Install & Upgrade: install-upgrade\n  - User Guide: user-guide\n  - Reference: reference\n  - Troubleshooting: troubleshooting\n  - ...\n  - release-notes\n  - contribute\n

    Where you can add pages by file name like index.md and page title will be taked from the file (first line with #). Additionally, you can reference the whole directory to created nested section in navigation. You can also add custom titles by using : separator like Wiring Diagram: wiring where Wiring Diagram is a title and wiring is a file/directory name.

    More details in the MkDocs Pages plugin.

    "},{"location":"contribute/docs/#abbreaviations","title":"Abbreaviations","text":"

    You can find abbreviations in includes/abbreviations.md file. You can add various abbreviations there and all usages of the defined words in the documentation will get a highlight.

    For example, we have following in includes/abbreviations.md:

    *[HHFab]: Hedgehog Fabricator - a tool for building Hedgehog Fabric\n

    It'll highlight all usages of HHFab in the documentation and show a tooltip with the definition like this: HHFab.

    "},{"location":"contribute/docs/#markdown-extensions","title":"Markdown extensions","text":"

    We're using MkDocs Material theme with multiple extensions enabled. You can find detailed reference here, but here you can find some of the most useful ones.

    To view code for examples, please, check the source code of this page.

    "},{"location":"contribute/docs/#text-formatting","title":"Text formatting","text":"

    Text can be deleted and replacement text added. This can also be combined into onea single operation. Highlighting is also possible and comments can be added inline.

    Formatting can also be applied to blocks by putting the opening and closing tags on separate lines and adding new lines between the tags and the content.

    Keyboard keys can be written like so:

    Ctrl+Alt+Del

    Amd inline icons/emojis can be added like this:

    :fontawesome-regular-face-laugh-wink:\n:fontawesome-brands-twitter:{ .twitter }\n

    "},{"location":"contribute/docs/#admonitions","title":"Admonitions","text":"

    Admonitions, also known as call-outs, are an excellent choice for including side content without significantly interrupting the document flow. Different types of admonitions are available, each with a unique icon and color. Details can be found here.

    Lorem ipsum

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.

    "},{"location":"contribute/docs/#code-blocks","title":"Code blocks","text":"

    Details can be found here.

    Simple code block with line nums and higlighted lines:

    bubble_sort.py
    def bubble_sort(items):\n    for i in range(len(items)):\n        for j in range(len(items) - 1 - i):\n            if items[j] > items[j + 1]:\n                items[j], items[j + 1] = items[j + 1], items[j]\n

    Code annotations:

    theme:\n  features:\n    - content.code.annotate # (1)\n
    1. I'm a code annotation! I can contain code, formatted text, images, ... basically anything that can be written in Markdown.
    "},{"location":"contribute/docs/#tabs","title":"Tabs","text":"

    You can use Tabs to better organize content.

    CC++ 
    #include <stdio.h>\n\nint main(void) {\n  printf(\"Hello world!\\n\");\n  return 0;\n}\n
    #include <iostream>\n\nint main(void) {\n  std::cout << \"Hello world!\" << std::endl;\n  return 0;\n}\n
    "},{"location":"contribute/docs/#tables","title":"Tables","text":"Method Description GET Fetch resource PUT Update resource DELETE Delete resource"},{"location":"contribute/docs/#diagrams","title":"Diagrams","text":"

    You can directly include Mermaid diagrams in your Markdown files. Details can be found here.

    graph LR\n  A[Start] --> B{Error?};\n  B -->|Yes| C[Hmm...];\n  C --> D[Debug];\n  D --> B;\n  B ---->|No| E[Yay!];
    sequenceDiagram\n  autonumber\n  Alice->>John: Hello John, how are you?\n  loop Healthcheck\n      John->>John: Fight against hypochondria\n  end\n  Note right of John: Rational thoughts!\n  John-->>Alice: Great!\n  John->>Bob: How about you?\n  Bob-->>John: Jolly good!
    "},{"location":"getting-started/overview/","title":"Getting Started","text":""},{"location":"install-upgrade/overview/","title":"Overview","text":""},{"location":"reference/api/","title":"API Reference","text":""},{"location":"reference/cli/","title":"CLI reference","text":""},{"location":"release-notes/","title":"Release notes","text":""},{"location":"release-notes/#alpha-2","title":"Alpha-2","text":"

    TBD

    "},{"location":"release-notes/#alpha-1","title":"Alpha-1","text":""},{"location":"troubleshooting/overview/","title":"Troubleshooting","text":""},{"location":"user-guide/overview/","title":"Overview","text":""},{"location":"user-guide/vpc/","title":"VPCs","text":""},{"location":"wiring/clos/","title":"Clos","text":"

    Placeholder:

    flowchart TD\n    spine1 --- leaf1\n    spine2 --- leaf1\n    spine1 --- leaf2\n    spine2 --- leaf2\n    spine1 --- leaf3\n    spine2 --- leaf3\n    spine1 --- leaf4\n    spine2 --- leaf4\n    leaf1 --- edge1\n    leaf2 --- edge1\n    leaf3 --- edge2\n    leaf4 --- edge2
    "},{"location":"wiring/overview/","title":"Wiring Diagram","text":""}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Introduction","text":""},{"location":"concepts/overview/","title":"Concepts","text":""},{"location":"contribute/docs/","title":"Documentation","text":""},{"location":"contribute/docs/#getting-started","title":"Getting started","text":"

    This documentation is done using MkDocs with multiple plugins enabled. It's based on the Markdown, you can find basic syntax overview here.

    In order to contribute to the documentation, you'll need to have Git and Docker installed on your machine as well as any editor of your choice, preferably supporting Markdown preview. You can run the preview server using following command:

    make serve\n

    Now you can open continuosly updated preview of your edits in browser at http://127.0.0.1:8000. Pages will be automatically updated while you're editing.

    Additionally you can run

    make build\n

    to make sure that your changes will be built correctly and doesn't break documentation.

    "},{"location":"contribute/docs/#workflow","title":"Workflow","text":"

    If you want to quick edit any page in the documentation, you can press the Edit this page icon at the top right of the page. It'll open the page in the GitHub editor. You can edit it and create a pull request with your changes.

    Please, never push to the master or release/* branches directly. Always create a pull request and wait for the review.

    Each pull request will be automatically built and preview will be deployed. You can find the link to the preview in the comments in pull request.

    "},{"location":"contribute/docs/#repository","title":"Repository","text":"

    Documentation is organized in per-release branches:

    Latest release branch is referenced as latest version in the documentation and will be used by default when you open the documentation.

    "},{"location":"contribute/docs/#file-layout","title":"File layout","text":"

    All documentation files are located in docs directory. Each file is a Markdown file with .md extension. You can create subdirectories to organize your files. Each directory can have a .pages file that overrides the default navigation order and titles.

    For example, top-level .pages in this repository looks like this:

    nav:\n  - index.md\n  - getting-started\n  - concepts\n  - Wiring Diagram: wiring\n  - Install & Upgrade: install-upgrade\n  - User Guide: user-guide\n  - Reference: reference\n  - Troubleshooting: troubleshooting\n  - ...\n  - release-notes\n  - contribute\n

    Where you can add pages by file name like index.md and page title will be taked from the file (first line with #). Additionally, you can reference the whole directory to created nested section in navigation. You can also add custom titles by using : separator like Wiring Diagram: wiring where Wiring Diagram is a title and wiring is a file/directory name.

    More details in the MkDocs Pages plugin.

    "},{"location":"contribute/docs/#abbreaviations","title":"Abbreaviations","text":"

    You can find abbreviations in includes/abbreviations.md file. You can add various abbreviations there and all usages of the defined words in the documentation will get a highlight.

    For example, we have following in includes/abbreviations.md:

    *[HHFab]: Hedgehog Fabricator - a tool for building Hedgehog Fabric\n

    It'll highlight all usages of HHFab in the documentation and show a tooltip with the definition like this: HHFab.

    "},{"location":"contribute/docs/#markdown-extensions","title":"Markdown extensions","text":"

    We're using MkDocs Material theme with multiple extensions enabled. You can find detailed reference here, but here you can find some of the most useful ones.

    To view code for examples, please, check the source code of this page.

    "},{"location":"contribute/docs/#text-formatting","title":"Text formatting","text":"

    Text can be deleted and replacement text added. This can also be combined into onea single operation. Highlighting is also possible and comments can be added inline.

    Formatting can also be applied to blocks by putting the opening and closing tags on separate lines and adding new lines between the tags and the content.

    Keyboard keys can be written like so:

    Ctrl+Alt+Del

    Amd inline icons/emojis can be added like this:

    :fontawesome-regular-face-laugh-wink:\n:fontawesome-brands-twitter:{ .twitter }\n

    "},{"location":"contribute/docs/#admonitions","title":"Admonitions","text":"

    Admonitions, also known as call-outs, are an excellent choice for including side content without significantly interrupting the document flow. Different types of admonitions are available, each with a unique icon and color. Details can be found here.

    Lorem ipsum

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.

    "},{"location":"contribute/docs/#code-blocks","title":"Code blocks","text":"

    Details can be found here.

    Simple code block with line nums and higlighted lines:

    bubble_sort.py
    def bubble_sort(items):\n    for i in range(len(items)):\n        for j in range(len(items) - 1 - i):\n            if items[j] > items[j + 1]:\n                items[j], items[j + 1] = items[j + 1], items[j]\n

    Code annotations:

    theme:\n  features:\n    - content.code.annotate # (1)\n
    1. I'm a code annotation! I can contain code, formatted text, images, ... basically anything that can be written in Markdown.
    "},{"location":"contribute/docs/#tabs","title":"Tabs","text":"

    You can use Tabs to better organize content.

    CC++ 
    #include <stdio.h>\n\nint main(void) {\n  printf(\"Hello world!\\n\");\n  return 0;\n}\n
    #include <iostream>\n\nint main(void) {\n  std::cout << \"Hello world!\" << std::endl;\n  return 0;\n}\n
    "},{"location":"contribute/docs/#tables","title":"Tables","text":"Method Description GET Fetch resource PUT Update resource DELETE Delete resource"},{"location":"contribute/docs/#diagrams","title":"Diagrams","text":"

    You can directly include Mermaid diagrams in your Markdown files. Details can be found here.

    graph LR\n  A[Start] --> B{Error?};\n  B -->|Yes| C[Hmm...];\n  C --> D[Debug];\n  D --> B;\n  B ---->|No| E[Yay!];
    sequenceDiagram\n  autonumber\n  Alice->>John: Hello John, how are you?\n  loop Healthcheck\n      John->>John: Fight against hypochondria\n  end\n  Note right of John: Rational thoughts!\n  John-->>Alice: Great!\n  John->>Bob: How about you?\n  Bob-->>John: Jolly good!
    "},{"location":"getting-started/overview/","title":"Getting Started","text":""},{"location":"install-upgrade/overview/","title":"Overview","text":""},{"location":"reference/api/","title":"API Reference","text":""},{"location":"reference/cli/","title":"CLI reference","text":""},{"location":"release-notes/","title":"Release notes","text":""},{"location":"release-notes/#alpha-2","title":"Alpha-2","text":"

    TBD

    "},{"location":"release-notes/#alpha-1","title":"Alpha-1","text":""},{"location":"troubleshooting/overview/","title":"Troubleshooting","text":""},{"location":"user-guide/external/","title":"External Peering","text":"

    Hedgehog Fabric uses Border Leaf concept to exchange VPC routes outside the Fabric and providing L3 connectivity. External Peering feature allows to set up an external peering endpoint and to enforce several policies between internal and external endpoints.

    Hedgehog Fabric does not operate Edge side devices.

    "},{"location":"user-guide/external/#overview","title":"Overview","text":"

    Traffic exit from the Fabric is done on Border Leafs that are connected with Edge devices. Border Leafs are suitable to terminate l2vpn connections and distinguish VPC L3 routable traffic towards Edge device as well as to land VPC servers. Border Leafs (or Borders) can connect to several Edge devices.

    External Peering is only available on the switch devices that are capable for sub-interfaces.

    "},{"location":"user-guide/external/#connect-border-leaf-to-edge-device","title":"Connect Border Leaf to Edge device","text":"

    In order to distinguish VPC traffic Edge device should be capable for - Set up BGP IPv4 to advertise and receive routes from the Fabric - Connect to Fabric Border Leaf over Vlan - Be able to mark egress routes towards the Fabric with BGP Communities - Be able to filter ingress routes from the Fabric by BGP Communities

    All other filtering and processing of L3 Routed Fabric traffic should be done on the Edge devices.

    "},{"location":"user-guide/external/#control-plane","title":"Control Plane","text":"

    Fabric is sharing VPC routes with Edge devices via BGP. Peering is done over Vlan in IPv4 Unicast AFI/SAFI.

    "},{"location":"user-guide/external/#data-plane","title":"Data Plane","text":"

    VPC L3 routable traffic will be tagged with Vlan and sent to Edge device. Later processing of VPC traffic (NAT, PBR, etc) should happen on Edge devices.

    "},{"location":"user-guide/external/#vpc-access-to-edge-device","title":"VPC access to Edge device","text":"

    Each VPC within the Fabric can ba allowed to access Edge devices. Additional filtering can be applied to the routes that VPC can export to Edge devices and import from the Edge devices.

    "},{"location":"user-guide/external/#api-and-implementation","title":"API and implementation","text":""},{"location":"user-guide/external/#external","title":"External","text":"

    General configuration starts with specification of External objects. Each object of External type can represent a set of Edge devices, or a single BGP instance on Edge device, or any other united Edge entities that can be described with following config

    Each External should be bound to some VPC IP Namespace, otherwise prefixes overlap may happen.

    apiVersion: vpc.githedgehog.com/v1alpha2\nkind: External\nmetadata:\n  name: default--5835\nspec:\n  inboundCommunity: # BGP Standard Community of routes from Edge devices\n  ipv4Namespace: # VPC IP Namespace\n  outboundCommunity: # BGP Standard Community required to be assigned on prefixes advertised from Fabric\n
    "},{"location":"user-guide/external/#connection","title":"Connection","text":"

    Connection of type external is used to identify switch port on Border leaf that is cabled with an Edge device.

    apiVersion: wiring.githedgehog.com/v1alpha2\nkind: Connection\nmetadata:\n  name: # specified or generated\nspec:\n  external:\n    link:\n      switch:\n        port: # SwtichName/EthernetXXX\n
    "},{"location":"user-guide/external/#external-attachment","title":"External Attachment","text":"

    External Attachment is a definition of BGP Peering and traffic connectivity between a Border leaf and External. Attachments are bound to Connection with type external and specify Vlan that will be used to segregate particular Edge peering.

    apiVersion: vpc.githedgehog.com/v1alpha2\nkind: ExternalAttachment\nmetadata:\n  name: #\nspec:\n  connection: # Name of the Connection with type external\n  external: # Name of the External to pick config\n  neighbor:\n    asn: # Edge device ASN\n    ip: # IP address of Edge device to peer with\n  switch:\n    ip: # IP Address on the Border Leaf to set up BGP peering\n    vlan: # Vlan ID to tag control and data traffic\n

    Several External Attachment can be configured for the same Connection but for different vlan.

    "},{"location":"user-guide/external/#external-vpc-peering","title":"External VPC Peering","text":"

    To allow specific VPC have access to Edge devices VPC should be bound to specific External object. This is done via External Peering object.

    apiVersion: vpc.githedgehog.com/v1alpha2\nkind: ExternalPeering\nmetadata:\n  name: # Name of ExternalPeering\nspec:\n  permit:\n    external:\n      name: # External Name\n      prefixes: # List of prefixes(routes) to be allowed to pick up from External\n      - # IPv4 Prefix\n    vpc:\n      name: # VPC Name\n      subnets: # List of VPC subnets name to be allowed to have access to External (Edge)\n      - # Name of the subnet within VPC\n
    Prefixes can be specified as exact match or with mask range indicators le and ge keywords. le is identifying prefixes lengths that are less than or equal and ge for prefixes lengths that are greater than or equal.

    Example: Allow ANY IPv4 prefix that came from External - allow all prefixes that match default route with any prefix length 

    spec:\n  permit:\n    external:\n      name: ###\n      prefixes:\n      - le: 32\n        prefix: 0.0.0.0/0\n
    ge and le can also be combined.

    Example: 

    spec:\n  permit:\n    external:\n      name: ###\n      prefixes:\n      - le: 24\n        ge: 16\n        prefix: 77.0.0.0/8\n
    For instance, 77.42.0.0/18 will be matched for given prefix rule above, but 77.128.77.128/25 or 77.10.0.0/16 won't.

    "},{"location":"user-guide/external/#examples","title":"Examples","text":"

    This example will show peering with External object with name HedgeEdge given Fabric VPC with name vpc-1 on the Border Leaf switchBorder that has a cable between an Edge device on the port Ethernet42. vpc-1 is required to receive any prefixes advertised from the External.

    "},{"location":"user-guide/external/#fabric-api-configuration","title":"Fabric API configuration","text":""},{"location":"user-guide/external/#external_1","title":"External","text":"

    # hhfctl external create --name HedgeEdge --ipns default --in 65102:5000 --out 5000:65102\n
    apiVersion: vpc.githedgehog.com/v1alpha2\nkind: External\nmetadata:\n  name: HedgeEdge\n  namespace: default\nspec:\n  inboundCommunity: 65102:5000\n  ipv4Namespace: default\n  outboundCommunity: 5000:65102\n

    "},{"location":"user-guide/external/#connection_1","title":"Connection","text":"

    Connection should be specified in the wiring diagram.

    ###\n### switchBorder--external--HedgeEdge\n###\napiVersion: wiring.githedgehog.com/v1alpha2\nkind: Connection\nmetadata:\n  name: switchBorder--external--HedgeEdge\nspec:\n  external:\n    link:\n      switch:\n        port: switchBorder/Ethernet42\n
    "},{"location":"user-guide/external/#externalattachment","title":"ExternalAttachment","text":"

    Specified in wiring diagram 

    apiVersion: vpc.githedgehog.com/v1alpha2\nkind: ExternalAttachment\nmetadata:\n  name: switchBorder--HedgeEdge\nspec:\n  connection: switchBorder--external--HedgeEdge\n  external: HedgeEdge\n  neighbor:\n    asn: 65102\n    ip: 100.100.0.6\n  switch:\n    ip: 100.100.0.1/24\n    vlan: 100\n

    "},{"location":"user-guide/external/#externalpeering","title":"ExternalPeering","text":"
    apiVersion: vpc.githedgehog.com/v1alpha2\nkind: ExternalPeering\nmetadata:\n  name: vpc-1--HedgeEdge\nspec:\n  permit:\n    external:\n      name: HedgeEdge\n      prefixes:\n      - le: 32\n        prefix: 0.0.0.0/0\n    vpc:\n      name: vpc-1\n      subnets:\n      - default\n
    "},{"location":"user-guide/external/#example-edge-side-bgp-configuration-based-on-sonic-os","title":"Example Edge side BGP configuration based on SONiC OS","text":"

    NOTE: Hedgehog does not recommend to use SONiC OS as an Edge device. This example is used only as example of Edge Peer config

    Interface config 

    interface Ethernet2.100\n encapsulation dot1q vlan-id 100\n description switchBorder--Ethernet42\n no shutdown\n ip vrf forwarding VrfHedge\n ip address 100.100.0.6/24\n

    BGP Config 

    !\nrouter bgp 65102 vrf VrfHedge\n log-neighbor-changes\n timers 60 180\n !\n address-family ipv4 unicast\n  maximum-paths 64\n  maximum-paths ibgp 1\n  import vrf VrfPublic\n !\n neighbor 100.100.0.1\n  remote-as 65103\n  !\n  address-family ipv4 unicast\n   activate\n   route-map HedgeIn in\n   route-map HedgeOut out\n   send-community both\n !\n
    Route Map configuration 
    route-map HedgeIn permit 10\n match community Hedgehog\n!\nroute-map HedgeOut permit 10\n set community 65102:5000\n!\n\nbgp community-list standard HedgeIn permit 5000:65102\n

    "},{"location":"user-guide/overview/","title":"Overview","text":""},{"location":"user-guide/vpc/","title":"VPCs","text":""},{"location":"wiring/clos/","title":"Clos","text":"

    Placeholder:

    flowchart TD\n    spine1 --- leaf1\n    spine2 --- leaf1\n    spine1 --- leaf2\n    spine2 --- leaf2\n    spine1 --- leaf3\n    spine2 --- leaf3\n    spine1 --- leaf4\n    spine2 --- leaf4\n    leaf1 --- edge1\n    leaf2 --- edge1\n    leaf3 --- edge2\n    leaf4 --- edge2
    "},{"location":"wiring/overview/","title":"Wiring Diagram","text":""}]} \ No newline at end of file diff --git a/dev/sitemap.xml b/dev/sitemap.xml index 1e57fa1..9c4b9e2 100644 --- a/dev/sitemap.xml +++ b/dev/sitemap.xml @@ -60,6 +60,11 @@ 2023-12-20 daily + + https://docs.githedgehog.com/dev/user-guide/external/ + 2023-12-20 + daily + https://docs.githedgehog.com/dev/user-guide/harvester/ 2023-12-20 diff --git a/dev/sitemap.xml.gz b/dev/sitemap.xml.gz index ac8a3dd514afba8f52003c629fe15e57abe680e3..7479855408b97fc4e5f746aea465fae99c7e3875 100644 GIT binary patch delta 318 zcmV-E0m1&~0`3AJABzYGr%8il0{?SqbY*Q}a4vXlYyj1l!EVDK42JJ}ksuXQqYu!JQh$(-reHQyxw7V?1+a6?kRNlZj!dE{i z>%KerV7cMQU!FgaY4jQblf)dl*}}4IR*v?R7_OQ!NDGLo0p?sKf>=d{p#)^>GputW z1ryZ(B_e0X$wrvKGZlnQDFj@PiO8!~!t!ymQ2K zazH*K;(D=_a62S|C`_`s!r;OXy>eyHjw;STnYawxvW~(W^oBtf8`tX64r%+8|Cjh{ Qm;V_355~`*Tayd`02IQRi~s-t delta 311 zcmV-70m%OD0_OrCABzYGEJ=f90{?SqbY*Q}a4vXlYyj1k&2GaW49D+%ksuXQWPAIO zwwik0VG3LT^T+zhHXq&TYjV{Lku3USeQ5S|1zzJ|y*bt&?{DI{KJ~jUMMuC@7JE9@ zBXf9_a#@y!EW@M%H5iQ~J?06?yHW0&m%87Ph$(-*eG-ROwEHZ%+a6?kRNlZP!e>7y z>%KerV7cMQU!FgaY4jQblf)dl*}}4IR*v?Z7_OQ!NDGLo0p@&41hI+?LkY;%XISS% z3MQ%nN<_|%lZ`NeXDSGrQV6(~iO8!~!t!ymQ2K zc0e~H;(D=_a62S|C`_{XgpDfBKn$@A+_Hi@2fbm?#m2Q>wL{uI<^LuA+T~w+{{x5B JX%XcM007$wl{5eV diff --git a/dev/troubleshooting/overview/index.html b/dev/troubleshooting/overview/index.html index 7e9ed2e..6ab3fc6 100644 --- a/dev/troubleshooting/overview/index.html +++ b/dev/troubleshooting/overview/index.html @@ -627,6 +627,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/user-guide/external/index.html b/dev/user-guide/external/index.html new file mode 100644 index 0000000..0b4b937 --- /dev/null +++ b/dev/user-guide/external/index.html @@ -0,0 +1,1558 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + External Peering - Open Network Fabric + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    + + + + + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + + + + +

    External Peering

    +

    Hedgehog Fabric uses Border Leaf concept to exchange VPC routes outside the Fabric and providing L3 connectivity. +External Peering feature allows to set up an external peering endpoint and to enforce several policies between internal +and external endpoints.

    +
    +

    Hedgehog Fabric does not operate Edge side devices.

    +
    +

    Overview

    +

    Traffic exit from the Fabric is done on Border Leafs that are connected with Edge devices. Border Leafs are suitable to +terminate l2vpn connections and distinguish VPC L3 routable traffic towards Edge device as well as to land VPC servers. Border Leafs +(or Borders) can connect to several Edge devices.

    +
    +

    External Peering is only available on the switch devices that are capable for sub-interfaces.

    +
    +

    Connect Border Leaf to Edge device

    +

    In order to distinguish VPC traffic Edge device should be capable for +- Set up BGP IPv4 to advertise and receive routes from the Fabric +- Connect to Fabric Border Leaf over Vlan +- Be able to mark egress routes towards the Fabric with BGP Communities +- Be able to filter ingress routes from the Fabric by BGP Communities

    +

    All other filtering and processing of L3 Routed Fabric traffic should be done on the Edge devices.

    +

    Control Plane

    +

    Fabric is sharing VPC routes with Edge devices via BGP. Peering is done over Vlan in IPv4 Unicast AFI/SAFI.

    +

    Data Plane

    +

    VPC L3 routable traffic will be tagged with Vlan and sent to Edge device. Later processing of VPC traffic (NAT, PBR, etc) should +happen on Edge devices.

    +

    VPC access to Edge device

    +

    Each VPC within the Fabric can ba allowed to access Edge devices. Additional filtering can be applied to the routes that +VPC can export to Edge devices and import from the Edge devices.

    +

    API and implementation

    +

    External

    +

    General configuration starts with specification of External objects. Each object of External type can represent a set of +Edge devices, or a single BGP instance on Edge device, or any other united Edge entities that can be described with following config

    +
      +
    • Name of External
      • +
    • Inbound routes are marked with dedicated BGP community
      • +
    • Outbound routes are required to be marked with dedicated community
      • +
    +

    Each External should be bound to some VPC IP Namespace, otherwise prefixes overlap may happen.

    +
    apiVersion: vpc.githedgehog.com/v1alpha2
+kind: External
+metadata:
+  name: default--5835
+spec:
+  inboundCommunity: # BGP Standard Community of routes from Edge devices
+  ipv4Namespace: # VPC IP Namespace
+  outboundCommunity: # BGP Standard Community required to be assigned on prefixes advertised from Fabric
+
    +

    Connection

    +

    Connection of type external is used to identify switch port on Border leaf that is cabled with an Edge device.

    +
    apiVersion: wiring.githedgehog.com/v1alpha2
+kind: Connection
+metadata:
+  name: # specified or generated
+spec:
+  external:
+    link:
+      switch:
+        port: # SwtichName/EthernetXXX
+
    +

    External Attachment

    +

    External Attachment is a definition of BGP Peering and traffic connectivity between a Border leaf and External. +Attachments are bound to Connection with type external and specify Vlan that will be used to segregate particular +Edge peering.

    +
    apiVersion: vpc.githedgehog.com/v1alpha2
+kind: ExternalAttachment
+metadata:
+  name: #
+spec:
+  connection: # Name of the Connection with type external
+  external: # Name of the External to pick config
+  neighbor:
+    asn: # Edge device ASN
+    ip: # IP address of Edge device to peer with
+  switch:
+    ip: # IP Address on the Border Leaf to set up BGP peering
+    vlan: # Vlan ID to tag control and data traffic
+
    +

    Several External Attachment can be configured for the same Connection but for different vlan.

    +

    External VPC Peering

    +

    To allow specific VPC have access to Edge devices VPC should be bound to specific External object. This is done via +External Peering object.

    +

    apiVersion: vpc.githedgehog.com/v1alpha2
+kind: ExternalPeering
+metadata:
+  name: # Name of ExternalPeering
+spec:
+  permit:
+    external:
+      name: # External Name
+      prefixes: # List of prefixes(routes) to be allowed to pick up from External
+      - # IPv4 Prefix
+    vpc:
+      name: # VPC Name
+      subnets: # List of VPC subnets name to be allowed to have access to External (Edge)
+      - # Name of the subnet within VPC
+
    +Prefixes can be specified as exact match or with mask range indicators le and ge keywords. +le is identifying prefixes lengths that are less than or equal and ge for prefixes lengths that are greater than or equal.

    +

    Example: Allow ANY IPv4 prefix that came from External - allow all prefixes that match default route with any prefix length +

    spec:
+  permit:
+    external:
+      name: ###
+      prefixes:
+      - le: 32
+        prefix: 0.0.0.0/0
+
    +ge and le can also be combined.

    +

    Example: +

    spec:
+  permit:
+    external:
+      name: ###
+      prefixes:
+      - le: 24
+        ge: 16
+        prefix: 77.0.0.0/8
+
    +For instance, 77.42.0.0/18 will be matched for given prefix rule above, but 77.128.77.128/25 or 77.10.0.0/16 won't.

    +

    Examples

    +

    This example will show peering with External object with name HedgeEdge given Fabric VPC with name vpc-1 on the Border +Leaf switchBorder that has a cable between an Edge device on the port Ethernet42. vpc-1 is required to receive any prefixes +advertised from the External.

    +

    Fabric API configuration

    +

    External

    +

    # hhfctl external create --name HedgeEdge --ipns default --in 65102:5000 --out 5000:65102
+
    +
    apiVersion: vpc.githedgehog.com/v1alpha2
+kind: External
+metadata:
+  name: HedgeEdge
+  namespace: default
+spec:
+  inboundCommunity: 65102:5000
+  ipv4Namespace: default
+  outboundCommunity: 5000:65102
+

    +

    Connection

    +

    Connection should be specified in the wiring diagram.

    +
    ###
+### switchBorder--external--HedgeEdge
+###
+apiVersion: wiring.githedgehog.com/v1alpha2
+kind: Connection
+metadata:
+  name: switchBorder--external--HedgeEdge
+spec:
+  external:
+    link:
+      switch:
+        port: switchBorder/Ethernet42
+
    +

    ExternalAttachment

    +

    Specified in wiring diagram +

    apiVersion: vpc.githedgehog.com/v1alpha2
+kind: ExternalAttachment
+metadata:
+  name: switchBorder--HedgeEdge
+spec:
+  connection: switchBorder--external--HedgeEdge
+  external: HedgeEdge
+  neighbor:
+    asn: 65102
+    ip: 100.100.0.6
+  switch:
+    ip: 100.100.0.1/24
+    vlan: 100
+

    +

    ExternalPeering

    +
    apiVersion: vpc.githedgehog.com/v1alpha2
+kind: ExternalPeering
+metadata:
+  name: vpc-1--HedgeEdge
+spec:
+  permit:
+    external:
+      name: HedgeEdge
+      prefixes:
+      - le: 32
+        prefix: 0.0.0.0/0
+    vpc:
+      name: vpc-1
+      subnets:
+      - default
+
    +

    Example Edge side BGP configuration based on SONiC OS

    +
    +

    NOTE: Hedgehog does not recommend to use SONiC OS as an Edge device. This example is used only as example of Edge Peer config

    +
    +

    Interface config +

    interface Ethernet2.100
+ encapsulation dot1q vlan-id 100
+ description switchBorder--Ethernet42
+ no shutdown
+ ip vrf forwarding VrfHedge
+ ip address 100.100.0.6/24
+

    +

    BGP Config +

    !
+router bgp 65102 vrf VrfHedge
+ log-neighbor-changes
+ timers 60 180
+ !
+ address-family ipv4 unicast
+  maximum-paths 64
+  maximum-paths ibgp 1
+  import vrf VrfPublic
+ !
+ neighbor 100.100.0.1
+  remote-as 65103
+  !
+  address-family ipv4 unicast
+   activate
+   route-map HedgeIn in
+   route-map HedgeOut out
+   send-community both
+ !
+
    +Route Map configuration +
    route-map HedgeIn permit 10
+ match community Hedgehog
+!
+route-map HedgeOut permit 10
+ set community 65102:5000
+!
+
+bgp community-list standard HedgeIn permit 5000:65102
+

    + +
    +
    + + + Last update: + December 20, 2023 + +
    + Created: + December 20, 2023 + + +     +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + +
    + + + + + + + + + + \ No newline at end of file diff --git a/dev/user-guide/harvester/index.html b/dev/user-guide/harvester/index.html index e339818..8081e1f 100644 --- a/dev/user-guide/harvester/index.html +++ b/dev/user-guide/harvester/index.html @@ -18,7 +18,7 @@ - + @@ -630,6 +630,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/user-guide/overview/index.html b/dev/user-guide/overview/index.html index 9de1c29..00dad24 100644 --- a/dev/user-guide/overview/index.html +++ b/dev/user-guide/overview/index.html @@ -637,6 +637,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/user-guide/vpc/index.html b/dev/user-guide/vpc/index.html index 5b8600a..33a6726 100644 --- a/dev/user-guide/vpc/index.html +++ b/dev/user-guide/vpc/index.html @@ -637,6 +637,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/wiring/clos/index.html b/dev/wiring/clos/index.html index e62af74..ed80a4c 100644 --- a/dev/wiring/clos/index.html +++ b/dev/wiring/clos/index.html @@ -637,6 +637,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/dev/wiring/overview/index.html b/dev/wiring/overview/index.html index c26a941..f903041 100644 --- a/dev/wiring/overview/index.html +++ b/dev/wiring/overview/index.html @@ -637,6 +637,26 @@ + + + + + +
  • + + + + + External Peering + + + + +
    • + + + + diff --git a/master/user-guide/external/index.html b/master/user-guide/external/index.html new file mode 100644 index 0000000..bd47d61 --- /dev/null +++ b/master/user-guide/external/index.html @@ -0,0 +1,16 @@ + + + + + Redirecting + + + + + Redirecting to ../../../dev/user-guide/external/... + + \ No newline at end of file