In this post, I’m going to talk about using Ansible to configure policy routing on Linux. If you’re not familiar with Linux policy routing, have a look at this post, and also review this post for one potential use case (I’m sure there are a number of other quite valuable use cases).
As you may recall from the policy routing introductory post, there are three steps involved in configuring policy routing:
/etc/iproute2/rt_tables
All three of these tasks can be handled via Ansible.
To address step #1, you can use Ansible’s “lineinfile” module to add a reference to the new routing table in /etc/iproute2/rt_tables
. For example, consider this Ansible task:
- lineinfile: dest=/etc/iproute2/rt_tables line="200 eth1"
This snippet of Ansible code would add the line “200 eth1” to the end of the etc/iproute2/rt_tables
file (if the line does not already exist). This takes care of task #1.
For tasks #2 and #3, you can use a Jinja2 template. Because the creation of the policy routing rule and the routing table entries can Continue reading
I know it's cliche and I know I'm biased because I have an @cisco.com email address, but I've truthfully never seen anything like CPOC before. And the customer's I've worked with at CPOC haven't either. It's extremely gratifying to take something you built “on paper” and prove that it works; to take it to the next level and work those final kinks out that the paper design just didn't account for.
If you want more information about CPOC, get in touch with me or leave a comment below. Or ask your Cisco SE (and if they don't know, have them get in touch with me).
Anyways, on to the point of this post. When I was building the topology for the customer, I kept notes about random things I ran into that I wanted to remember later or those “oh duh!” moments that I probably should've known the answer to but had forgotten or overlooked at the time. This post is just a tidy-up of those notes, in no particular order.
David Goeckeler is now GM of the Networking and Security Business Group at Cisco.