arista/anta
1
0
Fork 0
Code Issues Activity

Merging upstream version 1.3.0.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-03-17 07:33:51 +01:00
parent 5b922100c9
commit 8a6a3342fc
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
337 changed files with 16571 additions and 4891 deletions
Download patch file Download diff file Expand all files Collapse all files

236
examples/tests.yaml
View file

@ -87,6 +87,7 @@ anta.tests.bfd:
tx_interval: 1200
rx_interval: 1200
multiplier: 3
detection_time: 3600
- VerifyBFDPeersRegProtocols:
# Verifies the registered routing protocol of IPv4 BFD peer sessions.
bfd_peers:
@ -129,11 +130,18 @@ anta.tests.connectivity:
vrf: MGMT
df_bit: True
size: 100
reachable: true
- source: Management0
destination: 8.8.8.8
vrf: MGMT
df_bit: True
size: 100
- source: fd12:3456:789a:1::1
destination: fd12:3456:789a:1::2
vrf: default
df_bit: True
size: 100
reachable: false
anta.tests.cvx:
- VerifyActiveCVXConnections:
# Verifies the number of active CVX Connections.
@ -161,7 +169,7 @@ anta.tests.field_notices:
# Verifies if the device is exposed to FN0072, and if the issue has been mitigated.
anta.tests.flow_tracking:
- VerifyHardwareFlowTrackerStatus:
# Verifies if hardware flow tracking is running and an input tracker is active. Optionally verifies the tracker interval/timeout and exporter configuration.
# Verifies the hardware flow tracking state.
trackers:
- name: FLOW-TRACKER
record_export:
@ -286,10 +294,20 @@ anta.tests.lanz:
anta.tests.logging:
- VerifyLoggingAccounting:
# Verifies if AAA accounting logs are generated.
- VerifyLoggingEntries:
# Verifies that the expected log string is present in the last specified log messages.
logging_entries:
- regex_match: ".ACCOUNTING-5-EXEC: cvpadmin ssh."
last_number_messages: 30
severity_level: alerts
- regex_match: ".SPANTREE-6-INTERFACE_ADD:."
last_number_messages: 10
severity_level: critical
- VerifyLoggingErrors:
# Verifies there are no syslog messages with a severity of ERRORS or higher.
- VerifyLoggingHostname:
# Verifies if logs are generated with the device FQDN.
severity_level: informational
- VerifyLoggingHosts:
# Verifies logging hosts (syslog servers) for a specified VRF.
hosts:
@ -298,6 +316,7 @@ anta.tests.logging:
vrf: default
- VerifyLoggingLogsGeneration:
# Verifies if logs are generated.
severity_level: informational
- VerifyLoggingPersistent:
# Verifies if logging persistent is enabled and logs are saved in flash.
- VerifyLoggingSourceIntf:
@ -306,6 +325,9 @@ anta.tests.logging:
vrf: default
- VerifyLoggingTimestamp:
# Verifies if logs are generated with the appropriate timestamp.
severity_level: informational
- VerifySyslogLogging:
# Verifies if syslog logging is enabled.
anta.tests.mlag:
- VerifyMlagConfigSanity:
# Verifies there are no MLAG config-sanity inconsistencies.
@ -339,7 +361,7 @@ anta.tests.path_selection:
- VerifyPathsHealth:
# Verifies the path and telemetry state of all paths under router path-selection.
- VerifySpecificPath:
# Verifies the path and telemetry state of a specific path for an IPv4 peer under router path-selection.
# Verifies the DPS path and telemetry state of an IPv4 peer.
paths:
- peer: 10.255.0.1
path_group: internet
@ -366,14 +388,14 @@ anta.tests.ptp:
# Verifies the PTP interfaces state.
anta.tests.routing.bgp:
- VerifyBGPAdvCommunities:
# Verifies that advertised communities are standard, extended and large for BGP peers.
# Verifies that advertised communities are standard, extended and large for BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.17
vrf: default
- peer_address: 172.30.11.21
vrf: default
- VerifyBGPExchangedRoutes:
# Verifies the advertised and received routes of BGP peers.
# Verifies the advertised and received routes of BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.255.5
vrf: default
@ -386,10 +408,15 @@ anta.tests.routing.bgp:
advertised_routes:
- 192.0.255.1/32
- 192.0.254.5/32
received_routes:
- 192.0.254.3/32
- VerifyBGPNlriAcceptance:
# Verifies that all received NLRI are accepted for all AFI/SAFI configured for BGP IPv4 peer(s).
bgp_peers:
- peer_address: 10.100.0.128
vrf: default
capabilities:
- ipv4Unicast
- VerifyBGPPeerASNCap:
# Verifies the four octet ASN capability of BGP peers.
# Verifies the four octet ASN capability of BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
@ -418,33 +445,77 @@ anta.tests.routing.bgp:
drop_stats:
- inDropAsloop
- prefixEvpnDroppedUnsupportedRouteType
- VerifyBGPPeerGroup:
# Verifies BGP peer group of BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
peer_group: IPv4-UNDERLAY-PEERS
- VerifyBGPPeerMD5Auth:
# Verifies the MD5 authentication and state of IPv4 BGP peers in a specified VRF.
# Verifies the MD5 authentication and state of IPv4 BGP peer(s) in a specified VRF.
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
- peer_address: 172.30.11.5
vrf: default
- VerifyBGPPeerMPCaps:
# Verifies the multiprotocol capabilities of BGP peers.
# Verifies the multiprotocol capabilities of BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
strict: False
capabilities:
- ipv4Unicast
- ipv4 labeled-Unicast
- ipv4MplsVpn
- VerifyBGPPeerRouteLimit:
# Verifies maximum routes and outbound route-maps of BGP IPv4 peer(s).
# Verifies maximum routes and warning limit for BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
maximum_routes: 12000
warning_limit: 10000
- VerifyBGPPeerRouteRefreshCap:
# Verifies the route refresh capabilities of a BGP peer in a specified VRF.
# Verifies the route refresh capabilities of IPv4 BGP peer(s) in a specified VRF.
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
- VerifyBGPPeerSession:
# Verifies the session state of BGP IPv4 peer(s).
minimum_established_time: 10000
check_tcp_queues: false
bgp_peers:
- peer_address: 10.1.0.1
vrf: default
- peer_address: 10.1.0.2
vrf: default
- peer_address: 10.1.255.2
vrf: DEV
- peer_address: 10.1.255.4
vrf: DEV
- VerifyBGPPeerSessionRibd:
# Verifies the session state of BGP IPv4 peer(s).
minimum_established_time: 10000
check_tcp_queues: false
bgp_peers:
- peer_address: 10.1.0.1
vrf: default
- peer_address: 10.1.0.2
vrf: default
- peer_address: 10.1.255.2
vrf: DEV
- peer_address: 10.1.255.4
vrf: DEV
- VerifyBGPPeerTtlMultiHops:
# Verifies BGP TTL and max-ttl-hops count for BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
ttl: 3
max_ttl_hops: 3
- peer_address: 172.30.11.2
vrf: test
ttl: 30
max_ttl_hops: 30
- VerifyBGPPeerUpdateErrors:
# Verifies BGP update error counters for the provided BGP IPv4 peer(s).
bgp_peers:
@ -454,6 +525,7 @@ anta.tests.routing.bgp:
- inUpdErrWithdraw
- VerifyBGPPeersHealth:
# Verifies the health of BGP peers for given address families.
minimum_established_time: 10000
address_families:
- afi: "evpn"
- afi: "ipv4"
@ -463,8 +535,48 @@ anta.tests.routing.bgp:
safi: "unicast"
vrf: "DEV"
check_tcp_queues: false
- VerifyBGPPeersHealthRibd:
# Verifies the health of all the BGP IPv4 peer(s).
check_tcp_queues: True
- VerifyBGPRedistribution:
# Verifies BGP redistribution.
vrfs:
- vrf: default
address_families:
- afi_safi: ipv4multicast
redistributed_routes:
- proto: Connected
include_leaked: True
route_map: RM-CONN-2-BGP
- proto: IS-IS
include_leaked: True
route_map: RM-CONN-2-BGP
- afi_safi: IPv6 Unicast
redistributed_routes:
- proto: User # Converted to EOS SDK
route_map: RM-CONN-2-BGP
- proto: Static
include_leaked: True
route_map: RM-CONN-2-BGP
- VerifyBGPRouteECMP:
# Verifies BGP IPv4 route ECMP paths.
route_entries:
- prefix: 10.100.0.128/31
vrf: default
ecmp_count: 2
- VerifyBGPRoutePaths:
# Verifies BGP IPv4 route paths.
route_entries:
- prefix: 10.100.0.128/31
vrf: default
paths:
- nexthop: 10.100.0.10
origin: Igp
- nexthop: 10.100.4.5
origin: Incomplete
- VerifyBGPSpecificPeers:
# Verifies the health of specific BGP peer(s) for given address families.
minimum_established_time: 10000
address_families:
- afi: "evpn"
peers:
@ -478,7 +590,7 @@ anta.tests.routing.bgp:
- 10.1.255.2
- 10.1.255.4
- VerifyBGPTimers:
# Verifies the timers of BGP peers.
# Verifies the timers of BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
@ -503,6 +615,15 @@ anta.tests.routing.bgp:
- address: aac1.ab5d.b41e
vni: 10010
anta.tests.routing.generic:
- VerifyIPv4RouteNextHops:
# Verifies the next-hops of the IPv4 prefixes.
route_entries:
- prefix: 10.10.0.1/32
vrf: default
strict: false
nexthops:
- 10.100.0.8
- 10.100.0.10
- VerifyIPv4RouteType:
# Verifies the route-type of the IPv4 prefixes.
routes_entries:
@ -530,21 +651,18 @@ anta.tests.routing.generic:
maximum: 20
anta.tests.routing.isis:
- VerifyISISInterfaceMode:
# Verifies interface mode for IS-IS
# Verifies IS-IS interfaces are running in the correct mode.
interfaces:
- name: Loopback0
mode: passive
# vrf is set to default by default
- name: Ethernet2
mode: passive
level: 2
# vrf is set to default by default
- name: Ethernet1
mode: point-to-point
vrf: default
# level is set to 2 by default
vrf: PROD
- VerifyISISNeighborCount:
# Verifies number of IS-IS neighbors per level and per interface.
# Verifies the number of IS-IS neighbors per interface and level.
interfaces:
- name: Ethernet1
level: 1
@ -554,11 +672,11 @@ anta.tests.routing.isis:
count: 1
- name: Ethernet3
count: 2
# level is set to 2 by default
- VerifyISISNeighborState:
# Verifies all IS-IS neighbors are in UP state.
# Verifies the health of IS-IS neighbors.
check_all_vrfs: true
- VerifyISISSegmentRoutingAdjacencySegments:
# Verify that all expected Adjacency segments are correctly visible for each interface.
# Verifies IS-IS segment routing adjacency segments.
instances:
- name: CORE-ISIS
vrf: default
@ -567,7 +685,7 @@ anta.tests.routing.isis:
address: 10.0.1.3
sid_origin: dynamic
- VerifyISISSegmentRoutingDataplane:
# Verify dataplane of a list of ISIS-SR instances.
# Verifies IS-IS segment routing data-plane configuration.
instances:
- name: CORE-ISIS
vrf: default
@ -695,12 +813,14 @@ anta.tests.services:
vrf: MGMT
priority: 0
- VerifyErrdisableRecovery:
# Verifies the errdisable recovery reason, status, and interval.
# Verifies the error disable recovery functionality.
reasons:
- reason: acl
interval: 30
status: Enabled
- reason: bpduguard
interval: 30
status: Enabled
- VerifyHostname:
# Verifies the hostname of a device.
hostname: s1-spine1
@ -712,6 +832,27 @@ anta.tests.snmp:
# Verifies the SNMP error counters.
error_counters:
- inVersionErrs
- VerifySnmpGroup:
# Verifies the SNMP group configurations for specified version(s).
snmp_groups:
- group_name: Group1
version: v1
read_view: group_read_1
write_view: group_write_1
notify_view: group_notify_1
- group_name: Group2
version: v3
read_view: group_read_2
write_view: group_write_2
notify_view: group_notify_2
authentication: priv
- VerifySnmpHostLogging:
# Verifies SNMP logging configurations.
hosts:
- hostname: 192.168.1.100
vrf: default
- hostname: 192.168.1.103
vrf: MGMT
- VerifySnmpIPv4Acl:
# Verifies if the SNMP agent has IPv4 ACL(s) configured.
number: 3
@ -723,14 +864,44 @@ anta.tests.snmp:
- VerifySnmpLocation:
# Verifies the SNMP location of a device.
location: New York
- VerifySnmpNotificationHost:
# Verifies the SNMP notification host(s) (SNMP manager) configurations.
notification_hosts:
- hostname: spine
vrf: default
notification_type: trap
version: v1
udp_port: 162
community_string: public
- hostname: 192.168.1.100
vrf: default
notification_type: trap
version: v3
udp_port: 162
user: public
- VerifySnmpPDUCounters:
# Verifies the SNMP PDU counters.
pdus:
- outTrapPdus
- inGetNextPdus
- VerifySnmpSourceInterface:
# Verifies SNMP source interfaces.
interfaces:
- interface: Ethernet1
vrf: default
- interface: Management0
vrf: MGMT
- VerifySnmpStatus:
# Verifies if the SNMP agent is enabled.
vrf: default
- VerifySnmpUser:
# Verifies the SNMP user configurations.
snmp_users:
- username: test
group_name: test_group
version: v3
auth_type: MD5
priv_type: AES-128
anta.tests.software:
- VerifyEOSExtensions:
# Verifies that all EOS extensions installed on the device are enabled for boot persistence.
@ -749,6 +920,11 @@ anta.tests.stp:
# Verifies there is no STP blocked ports.
- VerifySTPCounters:
# Verifies there is no errors in STP BPDU packets.
- VerifySTPDisabledVlans:
# Verifies the STP disabled VLAN(s).
vlans:
- 6
- 4094
- VerifySTPForwardingPorts:
# Verifies that all interfaces are forwarding for a provided list of VLAN(s).
vlans:
@ -799,6 +975,8 @@ anta.tests.system:
# Verifies there are no core dump files.
- VerifyFileSystemUtilization:
# Verifies that no partition is utilizing more than 75% of its disk space.
- VerifyMaintenance:
# Verifies that the device is not currently under or entering maintenance.
- VerifyMemoryUtilization:
# Verifies whether the memory utilization is below 75%.
- VerifyNTP:
@ -813,12 +991,22 @@ anta.tests.system:
stratum: 2
- server_address: 3.3.3.3
stratum: 2
- VerifyNTPAssociations:
ntp_pool:
server_addresses: [1.1.1.1, 2.2.2.2]
preferred_stratum_range: [1,3]
- VerifyReloadCause:
# Verifies the last reload cause of the device.
- VerifyUptime:
# Verifies the device uptime.
minimum: 86400
anta.tests.vlan:
- VerifyDynamicVlanSource:
# Verifies dynamic VLAN allocation for specified VLAN sources.
sources:
- evpn
- mlagsync
strict: False
- VerifyVlanInternalPolicy:
# Verifies the VLAN internal allocation policy and the range of VLANs.
policy: ascending