らくがきちょう

なんとなく ~所属組織/団体とは無関係であり、個人の見解です~

Terraform で ACI 上に L3out (EIGRP) を含む Tenant を作成する

Cisco Cisco ACI EIGRP Terraform

Terraform を使って Cisco ACI に「EIGRP 設定の L3out を作成する」サンプルをメモしておきます。

構成

Terraform で以下の構成を設定します。

f:id:sig9:20210228154547p:plain

Terraform の設定ファイル

Terraform の設定ファイルは以下の通りです。

  1. main.tf
  2. aci.tf

main.tf

terraform {
  required_providers {
    aci = {
      source  = "CiscoDevNet/aci"
      version = "0.5.4"
    }
  }
}

provider "aci" {
  username = "admin"
  password = "password"
  url      = "https://10.0.0.1"
  insecure = true
}

aci.tf

# Tenant
resource "aci_tenant" "tenant" {
  name = "Tenant1"
}

# VRF
resource "aci_vrf" "vrf" {
  tenant_dn = aci_tenant.tenant.id
  name      = "Vrf1"
}

# Domain
data "aci_l3_domain_profile" "l3dom" {
  name = "ExtRoutedDom"
}

# L3Out
resource "aci_l3_outside" "l3out1" {
  tenant_dn                    = aci_tenant.tenant.id
  name                         = "L3out1"
  relation_l3ext_rs_ectx       = aci_vrf.vrf.id
  relation_l3ext_rs_l3_dom_att = data.aci_l3_domain_profile.l3dom.id
}

resource "aci_rest" "l3out1_ospf" {
  path       = "/api/mo/uni/tn-Tenant1/out-L3out1.json"
  class_name = "eigrpExtP"
  content = {
    "asn" = "65000"
  }
  depends_on = [aci_l3_outside.l3out1]
}

resource "aci_logical_node_profile" "l3out1_lnprof1" {
  l3_outside_dn = aci_l3_outside.l3out1.id
  name          = "L3out1_NodeProf"
}

resource "aci_logical_node_to_fabric_node" "l3out1_lnode1" {
  logical_node_profile_dn  = aci_logical_node_profile.l3out1_lnprof1.id
  tdn                      = "topology/pod-1/node-201"
  rtr_id                   = "10.0.254.201"
  rtr_id_loop_back         = "no"
}

resource "aci_logical_interface_profile" "l3out1_lifprof1" {
  logical_node_profile_dn           = aci_logical_node_profile.l3out1_lnprof1.id
  name                              = "L3out1_IntProf"
  relation_l3ext_rs_path_l3_out_att = toset(["topology/pod-1/paths-201/pathep-[eth1/1]"])
}

resource "aci_rest" "l3out1_att" {
  path       = "/api/mo/uni/tn-Tenant1/out-L3out1/lnodep-L3out1_NodeProf/lifp-L3out1_IntProf.json"
  class_name = "l3extRsPathL3OutAtt"
  content = {
    "addr"      = "10.0.111.254/24"
    "autostate" = "enabled"
    "encap"     = "vlan-111"
    "ifInstT"   = "ext-svi"
    "mtu"       = "1500"
    "tDn"       = "topology/pod-1/paths-201/pathep-[eth1/1]"
  }
  depends_on = [aci_logical_interface_profile.l3out1_lifprof1]
}

resource "aci_rest" "l3out1_eigrpIfP" {
  path       = "/api/mo/uni/tn-Tenant1/out-L3out1/lnodep-L3out1_NodeProf/lifp-L3out1_IntProf.json"
  class_name = "eigrpIfP"
  content = {
    "descr" = ""
  }
  depends_on = [aci_logical_interface_profile.l3out1_lifprof1]
}

# L3Out1 External EPG
resource "aci_external_network_instance_profile" "l3out1_epg1" {
  l3_outside_dn = aci_l3_outside.l3out1.id
  name          = "ExtEpg1"
}

resource "aci_l3_ext_subnet" "l3out1_subnet1" {
  external_network_instance_profile_dn = aci_external_network_instance_profile.l3out1_epg1.id
  ip                                   = "0.0.0.0/0"
  scope                                = ["import-security"]
}