Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix(eos_designs): WAN Exclude interface IP address from direct internet-exit NAT ACL #4096

Merged
merged 5 commits into from
Jul 2, 2024
Merged

Fix(eos_designs): WAN Exclude interface IP address from direct internet-exit NAT ACL #4096

merged 5 commits into from
Jul 2, 2024

Conversation

ayushmittal-arista
Copy link
Contributor

Change Summary

  1. Change NAT ACL for interfaces belonging to direct internet exit policies, from ALLOW_ALL to IE-DIRECT-NAT-ACL
  2. Add a deny ip rule for all interfaces for all direct ie policies on the router in the ACL, so that traffic originating from these ip address is not natted again.

Related Issue(s)

Fixes #4086

Component(s) name

arista.avd.eos-designs

How to test

molecule

Checklist

User Checklist

  • N/A

Repository Checklist

  • My code has been rebased from devel before I start
  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation and documentation have been updated accordingly.
  • I have updated molecule CI testing accordingly. (check the box if not applicable)

@ayushmittal-arista ayushmittal-arista requested review from a team as code owners June 11, 2024 08:54
@github-actions GitHub Actions
Copy link

Review docs on Read the Docs

To test this pull request:

# Create virtual environment for this testing below the current directory
python -m venv test-avd-pr-4096
# Activate the virtual environment
source test-avd-pr-4096/bin/activate
# Install all requirements including PyAVD
pip install "pyavd[ansible] @ git+https://github.com/ayushmittal-arista/ayush-avd.git@fixie#subdirectory=python-avd" --force
# Install Ansible collection
ansible-galaxy collection install git+https://github.com/ayushmittal-arista/ayush-avd.git#/ansible_collections/arista/avd/,fixie --force
# Optional: Install AVD examples
cd test-avd-pr-4096
ansible-playbook arista.avd.install_examples

@github-actions github-actions bot added state: CI Updated CI scenario have been updated in the PR role: eos_designs issue related to eos_designs role labels Jun 11, 2024
@ClausHolbechArista ClausHolbechArista changed the title Feat(eos_designs): Exclude interface ip address from direct internet-exit nat acl Fix(eos_designs): WAN Exclude interface IP address from direct internet-exit NAT ACL Jun 11, 2024
ClausHolbechArista
ClausHolbechArista previously approved these changes Jun 12, 2024
View reviewed changes
Copy link
Contributor

@ClausHolbechArista ClausHolbechArista left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ClausHolbechArista ClausHolbechArista added one approval This PR has one approval and is only missing one more. and removed one approval This PR has one approval and is only missing one more. labels Jun 12, 2024
@ClausHolbechArista ClausHolbechArista dismissed their stale review June 12, 2024 07:16

found issue with IP

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jun 12, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@github-actions github-actions bot added the state: conflict PR with conflict label Jun 14, 2024
@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot removed the state: conflict PR with conflict label Jun 17, 2024
@github-actions GitHub Actions
Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot added the state: conflict PR with conflict label Jun 17, 2024
@github-actions github-actions bot removed the state: conflict PR with conflict label Jun 17, 2024
@github-actions GitHub Actions
Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions github-actions bot removed the role: eos_designs issue related to eos_designs role label Jun 17, 2024
@github-actions github-actions bot added the state: conflict PR with conflict label Jun 18, 2024
@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions github-actions bot removed the state: conflict PR with conflict label Jun 24, 2024
@gmuloc gmuloc merged commit 972cb49 into aristanetworks:devel Jul 2, 2024
40 checks passed
This was referenced Jul 26, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gmuloc gmuloc gmuloc approved these changes

@ClausHolbechArista ClausHolbechArista ClausHolbechArista approved these changes

Assignees

@ayushmittal-arista ayushmittal-arista

Labels
EPIC - AVD AutoVPN/WAN rn: Fix(eos_designs) state: CI Updated CI scenario have been updated in the PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ACL for NAT overload should exclude interface ip address for DIRECT internet-exit to work
3 participants
@ayushmittal-arista @gmuloc @ClausHolbechArista