Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VRRP model does not support authentication #4984

Open
1 task done
fatpelt opened this issue Feb 6, 2025 · 3 comments
Open
1 task done

VRRP model does not support authentication #4984

fatpelt opened this issue Feb 6, 2025 · 3 comments
Labels
type: enhancement New feature or request

Comments

@fatpelt
Copy link

fatpelt commented Feb 6, 2025
edited
Loading

Enhancement summary

According to the documentation the VRRP model on ethernet_interfaces (among others) does not support vrrp authentication tokens

Which component of AVD is impacted

eos_cli_config_gen

Use case example

Converting the following hsrp config to vrrp will fail because we don't have auth:

standby version 2
standby 9 ip 1.1.1.1
standby 9 priority 110
standby 9 preempt
standby 9 authentication someAuthenticationToken
standby 9 name hsrp-v4-v277-9

the EOS vrrp conversion of this would be:

vrrp 9 ipv4 version 2
vrrp 9 ipv4 1.1.1.1
vrrp 9 priority-level 110
vrrp 9 preempt
vrrp 9 peer authentication text someAuthenticationToken
vrrp 9 session description hsrp-v4-v277-9

Describe the solution you would like

maybe something like:

vrrp_ids:
  - id: <int; required; unique>
    authentication:
      protocol: <str; 0|7|8a|ietf-md5>
      keystring: <str>

Describe alternatives you have considered

No response

Additional context

No response

Contributing Guide

  • I agree to follow this project's Code of Conduct
@fatpelt fatpelt added the type: enhancement New feature or request label Feb 6, 2025
@carlbuchmann
Copy link
Member

Given the following CLI:

eos-1(config-if-Et1)#vrrp 10 peer authentication 0 test
eos-1(config-if-Et1)#show active

interface Ethernet1
   vrrp 10 peer authentication text 7 qiREoEyZq2o=

eos-1(config-if-Et1)#vrrp 10 peer authentication ietf-md5 key-string 0 test
eos-1(config-if-Et1)#show active

interface Ethernet1
   vrrp 10 peer authentication ietf-md5 key-string 7 qiREoEyZq2o=

I would suggest the following data model:

vrrp_ids:
  - id: <int; required; unique>
    peer_authentication:
      text: <str>
      ietf_md5_key_string: <str>      
      password_type: <"0", "7", "8a", default=7>

@Vibhu-gslab Vibhu-gslab self-assigned this Feb 7, 2025
@ClausHolbechArista
Copy link
Contributor

re the model, text and ietf_md5_key_string would be mutually exclusive. Let the md5 take precedence.

@Vibhu-gslab Vibhu-gslab removed their assignment Feb 7, 2025
@ClausHolbechArista
Copy link
Contributor

ClausHolbechArista commented Feb 7, 2025
edited
Loading

Another model suggestion (more consistent with other areas):

vrrp_ids:
  - id: <int; required; unique>
    peer_authentication:
      mode: <str; "text" | "ietf-md5"; required>
      key: <str; required>
      key_type: <"0", "7", "8a", default=7>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fatpelt @carlbuchmann @ClausHolbechArista @Vibhu-gslab