690 lines
17 KiB
YAML
690 lines
17 KiB
YAML
---
|
|
anta.tests.aaa:
|
|
- VerifyTacacsSourceIntf:
|
|
intf: Management1
|
|
vrf: default
|
|
- VerifyTacacsServers:
|
|
servers:
|
|
- 1.1.1.1
|
|
- 2.2.2.2
|
|
vrf: default
|
|
- VerifyTacacsServerGroups:
|
|
groups:
|
|
- admin
|
|
- user
|
|
- VerifyAuthenMethods:
|
|
methods:
|
|
- local
|
|
- none
|
|
- logging
|
|
types:
|
|
- login
|
|
- enable
|
|
- dot1x
|
|
- VerifyAuthzMethods:
|
|
methods:
|
|
- local
|
|
- none
|
|
- logging
|
|
types:
|
|
- commands
|
|
- exec
|
|
- VerifyAcctDefaultMethods:
|
|
methods:
|
|
- local
|
|
- none
|
|
- logging
|
|
types:
|
|
- system
|
|
- exec
|
|
- commands
|
|
- dot1x
|
|
- VerifyAcctConsoleMethods:
|
|
methods:
|
|
- local
|
|
- none
|
|
- logging
|
|
types:
|
|
- system
|
|
- exec
|
|
- commands
|
|
- dot1x
|
|
|
|
anta.tests.avt:
|
|
- VerifyAVTPathHealth:
|
|
- VerifyAVTSpecificPath:
|
|
avt_paths:
|
|
- avt_name: CONTROL-PLANE-PROFILE
|
|
vrf: default
|
|
destination: 10.101.255.2
|
|
next_hop: 10.101.255.1
|
|
path_type: direct
|
|
- VerifyAVTRole:
|
|
role: edge
|
|
|
|
anta.tests.bfd:
|
|
- VerifyBFDSpecificPeers:
|
|
bfd_peers:
|
|
- peer_address: 192.0.255.8
|
|
vrf: default
|
|
- peer_address: 192.0.255.7
|
|
vrf: default
|
|
- VerifyBFDPeersIntervals:
|
|
bfd_peers:
|
|
- peer_address: 192.0.255.8
|
|
vrf: default
|
|
tx_interval: 1200
|
|
rx_interval: 1200
|
|
multiplier: 3
|
|
- peer_address: 192.0.255.7
|
|
vrf: default
|
|
tx_interval: 1200
|
|
rx_interval: 1200
|
|
multiplier: 3
|
|
- VerifyBFDPeersHealth:
|
|
down_threshold: 2
|
|
- VerifyBFDPeersRegProtocols:
|
|
bfd_peers:
|
|
- peer_address: 192.0.255.8
|
|
vrf: default
|
|
protocols:
|
|
- bgp
|
|
- isis
|
|
|
|
anta.tests.configuration:
|
|
- VerifyZeroTouch:
|
|
- VerifyRunningConfigDiffs:
|
|
- VerifyRunningConfigLines:
|
|
regex_patterns:
|
|
- "^enable password.*$"
|
|
- "bla bla"
|
|
|
|
anta.tests.connectivity:
|
|
- VerifyReachability:
|
|
hosts:
|
|
- source: Management1
|
|
destination: 1.1.1.1
|
|
vrf: MGMT
|
|
df_bit: True
|
|
size: 100
|
|
- source: Management1
|
|
destination: 8.8.8.8
|
|
vrf: MGMT
|
|
df_bit: True
|
|
size: 100
|
|
- VerifyLLDPNeighbors:
|
|
neighbors:
|
|
- port: Ethernet1
|
|
neighbor_device: DC1-SPINE1
|
|
neighbor_port: Ethernet1
|
|
- port: Ethernet2
|
|
neighbor_device: DC1-SPINE2
|
|
neighbor_port: Ethernet1
|
|
|
|
anta.tests.field_notices:
|
|
- VerifyFieldNotice44Resolution:
|
|
- VerifyFieldNotice72Resolution:
|
|
|
|
anta.tests.flow_tracking:
|
|
- VerifyHardwareFlowTrackerStatus:
|
|
trackers:
|
|
- name: FLOW-TRACKER
|
|
record_export:
|
|
on_inactive_timeout: 700000
|
|
on_interval: 3000000
|
|
exporters:
|
|
- name: CV-TELEMETRY
|
|
local_interface: Loopback11
|
|
template_interval: 3600
|
|
- name: CVP-TELEMETRY
|
|
local_interface: Loopback01
|
|
template_interval: 36000000
|
|
|
|
anta.tests.greent:
|
|
- VerifyGreenT:
|
|
- VerifyGreenTCounters:
|
|
|
|
anta.tests.hardware:
|
|
- VerifyTransceiversManufacturers:
|
|
manufacturers:
|
|
- Not Present
|
|
- Arista Networks
|
|
- Arastra, Inc.
|
|
- VerifyTemperature:
|
|
- VerifyTransceiversTemperature:
|
|
- VerifyEnvironmentSystemCooling:
|
|
- VerifyEnvironmentCooling:
|
|
states:
|
|
- ok
|
|
- VerifyEnvironmentPower:
|
|
states:
|
|
- ok
|
|
- VerifyAdverseDrops:
|
|
|
|
anta.tests.interfaces:
|
|
- VerifyInterfaceUtilization:
|
|
threshold: 70.0
|
|
- VerifyInterfaceErrors:
|
|
- VerifyInterfaceDiscards:
|
|
- VerifyInterfaceErrDisabled:
|
|
- VerifyInterfacesStatus:
|
|
interfaces:
|
|
- name: Ethernet1
|
|
status: up
|
|
- name: Port-Channel100
|
|
status: down
|
|
line_protocol_status: lowerLayerDown
|
|
- name: Ethernet49/1
|
|
status: adminDown
|
|
line_protocol_status: notPresent
|
|
- VerifyStormControlDrops:
|
|
- VerifyPortChannels:
|
|
- VerifyIllegalLACP:
|
|
- VerifyLoopbackCount:
|
|
number: 3
|
|
- VerifySVI:
|
|
- VerifyL3MTU:
|
|
mtu: 1500
|
|
ignored_interfaces:
|
|
- Vxlan1
|
|
specific_mtu:
|
|
- Ethernet1: 2500
|
|
- VerifyIPProxyARP:
|
|
interfaces:
|
|
- Ethernet1/1
|
|
- Ethernet2/1
|
|
- VerifyL2MTU:
|
|
mtu: 1500
|
|
ignored_interfaces:
|
|
- Management1
|
|
- Vxlan1
|
|
specific_mtu:
|
|
- Ethernet1/1: 1500
|
|
- VerifyInterfaceIPv4:
|
|
interfaces:
|
|
- name: Ethernet2/1
|
|
primary_ip: 172.30.11.0/31
|
|
secondary_ips:
|
|
- 10.10.10.0/31
|
|
- 10.10.10.10/31
|
|
- VerifyIpVirtualRouterMac:
|
|
mac_address: 00:1c:73:00:dc:01
|
|
- VerifyInterfacesSpeed:
|
|
interfaces:
|
|
- name: Ethernet2
|
|
auto: False
|
|
speed: 10
|
|
- name: Eth3
|
|
auto: True
|
|
speed: 100
|
|
lanes: 1
|
|
- name: Eth2
|
|
auto: False
|
|
speed: 2.5
|
|
- VerifyLACPInterfacesStatus:
|
|
interfaces:
|
|
- name: Ethernet5
|
|
portchannel: Port-Channel5
|
|
- name: Ethernet6
|
|
portchannel: Port-Channel5
|
|
|
|
anta.tests.lanz:
|
|
- VerifyLANZ:
|
|
|
|
anta.tests.logging:
|
|
- VerifyLoggingPersistent:
|
|
- VerifyLoggingSourceIntf:
|
|
interface: Management1
|
|
vrf: default
|
|
- VerifyLoggingHosts:
|
|
hosts:
|
|
- 1.1.1.1
|
|
- 2.2.2.2
|
|
vrf: default
|
|
- VerifyLoggingLogsGeneration:
|
|
- VerifyLoggingHostname:
|
|
- VerifyLoggingTimestamp:
|
|
- VerifyLoggingAccounting:
|
|
- VerifyLoggingErrors:
|
|
|
|
anta.tests.mlag:
|
|
- VerifyMlagStatus:
|
|
- VerifyMlagInterfaces:
|
|
- VerifyMlagConfigSanity:
|
|
- VerifyMlagReloadDelay:
|
|
reload_delay: 300
|
|
reload_delay_non_mlag: 330
|
|
- VerifyMlagDualPrimary:
|
|
detection_delay: 200
|
|
errdisabled: True
|
|
recovery_delay: 60
|
|
recovery_delay_non_mlag: 0
|
|
- VerifyMlagPrimaryPriority:
|
|
primary_priority: 3276
|
|
|
|
anta.tests.multicast:
|
|
- VerifyIGMPSnoopingVlans:
|
|
vlans:
|
|
10: False
|
|
12: False
|
|
- VerifyIGMPSnoopingGlobal:
|
|
enabled: True
|
|
|
|
anta.tests.path_selection:
|
|
- VerifyPathsHealth:
|
|
- VerifySpecificPath:
|
|
paths:
|
|
- peer: 10.255.0.1
|
|
path_group: internet
|
|
source_address: 100.64.3.2
|
|
destination_address: 100.64.1.2
|
|
|
|
anta.tests.profiles:
|
|
- VerifyUnifiedForwardingTableMode:
|
|
mode: 3
|
|
- VerifyTcamProfile:
|
|
profile: vxlan-routing
|
|
|
|
anta.tests.ptp:
|
|
- VerifyPtpModeStatus:
|
|
- VerifyPtpGMStatus:
|
|
gmid: 0xec:46:70:ff:fe:00:ff:a9
|
|
- VerifyPtpLockStatus:
|
|
- VerifyPtpOffset:
|
|
- VerifyPtpPortModeStatus:
|
|
|
|
anta.tests.security:
|
|
- VerifySSHStatus:
|
|
- VerifySSHIPv4Acl:
|
|
number: 3
|
|
vrf: default
|
|
- VerifySSHIPv6Acl:
|
|
number: 3
|
|
vrf: default
|
|
- VerifyTelnetStatus:
|
|
- VerifyAPIHttpStatus:
|
|
- VerifyAPIHttpsSSL:
|
|
profile: default
|
|
- VerifyAPIIPv4Acl:
|
|
number: 3
|
|
vrf: default
|
|
- VerifyAPIIPv6Acl:
|
|
number: 3
|
|
vrf: default
|
|
- VerifyAPISSLCertificate:
|
|
certificates:
|
|
- certificate_name: ARISTA_SIGNING_CA.crt
|
|
expiry_threshold: 30
|
|
common_name: AristaIT-ICA ECDSA Issuing Cert Authority
|
|
encryption_algorithm: ECDSA
|
|
key_size: 256
|
|
- certificate_name: ARISTA_ROOT_CA.crt
|
|
expiry_threshold: 30
|
|
common_name: Arista Networks Internal IT Root Cert Authority
|
|
encryption_algorithm: RSA
|
|
key_size: 4096
|
|
- VerifyBannerLogin:
|
|
login_banner: |
|
|
# Copyright (c) 2023-2024 Arista Networks, Inc.
|
|
# Use of this source code is governed by the Apache License 2.0
|
|
# that can be found in the LICENSE file.
|
|
- VerifyBannerMotd:
|
|
motd_banner: |
|
|
# Copyright (c) 2023-2024 Arista Networks, Inc.
|
|
# Use of this source code is governed by the Apache License 2.0
|
|
# that can be found in the LICENSE file.
|
|
- VerifyIPv4ACL:
|
|
ipv4_access_lists:
|
|
- name: default-control-plane-acl
|
|
entries:
|
|
- sequence: 10
|
|
action: permit icmp any any
|
|
- sequence: 20
|
|
action: permit ip any any tracked
|
|
- sequence: 30
|
|
action: permit udp any any eq bfd ttl eq 255
|
|
- name: LabTest
|
|
entries:
|
|
- sequence: 10
|
|
action: permit icmp any any
|
|
- sequence: 20
|
|
action: permit tcp any any range 5900 5910
|
|
- VerifyIPSecConnHealth:
|
|
- VerifySpecificIPSecConn:
|
|
ip_security_connections:
|
|
- peer: 10.255.0.1
|
|
- peer: 10.255.0.2
|
|
vrf: default
|
|
connections:
|
|
- source_address: 100.64.3.2
|
|
destination_address: 100.64.2.2
|
|
- source_address: 172.18.3.2
|
|
destination_address: 172.18.2.2
|
|
- VerifyHardwareEntropy:
|
|
|
|
anta.tests.services:
|
|
- VerifyHostname:
|
|
hostname: s1-spine1
|
|
- VerifyDNSLookup:
|
|
domain_names:
|
|
- arista.com
|
|
- www.google.com
|
|
- arista.ca
|
|
- VerifyDNSServers:
|
|
dns_servers:
|
|
- server_address: 10.14.0.1
|
|
vrf: default
|
|
priority: 1
|
|
- server_address: 10.14.0.11
|
|
vrf: MGMT
|
|
priority: 0
|
|
- VerifyErrdisableRecovery:
|
|
reasons:
|
|
- reason: acl
|
|
interval: 30
|
|
- reason: bpduguard
|
|
interval: 30
|
|
|
|
anta.tests.snmp:
|
|
- VerifySnmpStatus:
|
|
vrf: default
|
|
- VerifySnmpIPv4Acl:
|
|
number: 3
|
|
vrf: default
|
|
- VerifySnmpIPv6Acl:
|
|
number: 3
|
|
vrf: default
|
|
- VerifySnmpLocation:
|
|
location: New York
|
|
- VerifySnmpContact:
|
|
contact: Jon@example.com
|
|
- VerifySnmpPDUCounters:
|
|
pdus:
|
|
- outTrapPdus
|
|
- VerifySnmpErrorCounters:
|
|
error_counters:
|
|
- inVersionErrs
|
|
- inBadCommunityNames
|
|
|
|
anta.tests.software:
|
|
- VerifyEOSVersion:
|
|
versions:
|
|
- 4.25.4M
|
|
- 4.26.1F
|
|
- VerifyTerminAttrVersion:
|
|
versions:
|
|
- v1.13.6
|
|
- v1.8.0
|
|
- VerifyEOSExtensions:
|
|
|
|
anta.tests.stp:
|
|
- VerifySTPMode:
|
|
mode: rapidPvst
|
|
vlans:
|
|
- 10
|
|
- 20
|
|
- VerifySTPBlockedPorts:
|
|
- VerifySTPCounters:
|
|
- VerifySTPForwardingPorts:
|
|
vlans:
|
|
- 10
|
|
- 20
|
|
- VerifySTPRootPriority:
|
|
priority: 32768
|
|
instances:
|
|
- 10
|
|
- 20
|
|
- VerifyStpTopologyChanges:
|
|
threshold: 10
|
|
|
|
anta.tests.stun:
|
|
- VerifyStunClient:
|
|
stun_clients:
|
|
- source_address: 172.18.3.2
|
|
public_address: 172.18.3.21
|
|
source_port: 4500
|
|
public_port: 6006
|
|
- source_address: 100.64.3.2
|
|
public_address: 100.64.3.21
|
|
source_port: 4500
|
|
public_port: 6006
|
|
- VerifyStunServer:
|
|
|
|
anta.tests.system:
|
|
- VerifyUptime:
|
|
minimum: 86400
|
|
- VerifyReloadCause:
|
|
- VerifyCoredump:
|
|
- VerifyAgentLogs:
|
|
- VerifyCPUUtilization:
|
|
- VerifyMemoryUtilization:
|
|
- VerifyFileSystemUtilization:
|
|
- VerifyNTP:
|
|
- VerifyNTPAssociations:
|
|
ntp_servers:
|
|
- server_address: 1.1.1.1
|
|
preferred: True
|
|
stratum: 1
|
|
- server_address: 2.2.2.2
|
|
stratum: 1
|
|
- server_address: 3.3.3.3
|
|
stratum: 1
|
|
|
|
anta.tests.vlan:
|
|
- VerifyVlanInternalPolicy:
|
|
policy: ascending
|
|
start_vlan_id: 1006
|
|
end_vlan_id: 4094
|
|
|
|
anta.tests.vxlan:
|
|
- VerifyVxlan1Interface:
|
|
- VerifyVxlanConfigSanity:
|
|
- VerifyVxlanVniBinding:
|
|
bindings:
|
|
10010: 10
|
|
10020: 20
|
|
- VerifyVxlanVtep:
|
|
vteps:
|
|
- 10.1.1.5
|
|
- 10.1.1.6
|
|
- VerifyVxlan1ConnSettings:
|
|
source_interface: Loopback1
|
|
udp_port: 4789
|
|
|
|
anta.tests.routing:
|
|
generic:
|
|
- VerifyRoutingProtocolModel:
|
|
model: multi-agent
|
|
- VerifyRoutingTableSize:
|
|
minimum: 2
|
|
maximum: 20
|
|
- VerifyRoutingTableEntry:
|
|
vrf: default
|
|
routes:
|
|
- 10.1.0.1
|
|
- 10.1.0.2
|
|
bgp:
|
|
- VerifyBGPPeerCount:
|
|
address_families:
|
|
- afi: "evpn"
|
|
num_peers: 2
|
|
- afi: "ipv4"
|
|
safi: "unicast"
|
|
vrf: "PROD"
|
|
num_peers: 2
|
|
- afi: "ipv4"
|
|
safi: "unicast"
|
|
vrf: "default"
|
|
num_peers: 3
|
|
- afi: "ipv4"
|
|
safi: "multicast"
|
|
vrf: "DEV"
|
|
num_peers: 3
|
|
- VerifyBGPPeersHealth:
|
|
address_families:
|
|
- afi: "evpn"
|
|
- afi: "ipv4"
|
|
safi: "unicast"
|
|
vrf: "default"
|
|
- afi: "ipv6"
|
|
safi: "unicast"
|
|
vrf: "DEV"
|
|
- VerifyBGPSpecificPeers:
|
|
address_families:
|
|
- afi: "evpn"
|
|
peers:
|
|
- 10.1.0.1
|
|
- 10.1.0.2
|
|
- afi: "ipv4"
|
|
safi: "unicast"
|
|
peers:
|
|
- 10.1.254.1
|
|
- 10.1.255.0
|
|
- 10.1.255.2
|
|
- 10.1.255.4
|
|
- VerifyBGPExchangedRoutes:
|
|
bgp_peers:
|
|
- peer_address: 172.30.255.5
|
|
vrf: default
|
|
advertised_routes:
|
|
- 192.0.254.5/32
|
|
received_routes:
|
|
- 192.0.255.4/32
|
|
- peer_address: 172.30.255.1
|
|
vrf: default
|
|
advertised_routes:
|
|
- 192.0.255.1/32
|
|
- 192.0.254.5/32
|
|
received_routes:
|
|
- 192.0.254.3/32
|
|
- VerifyBGPPeerMPCaps:
|
|
bgp_peers:
|
|
- peer_address: 172.30.11.1
|
|
vrf: default
|
|
strict: False
|
|
capabilities:
|
|
- ipv4Unicast
|
|
- VerifyBGPPeerASNCap:
|
|
bgp_peers:
|
|
- peer_address: 172.30.11.1
|
|
vrf: default
|
|
- VerifyBGPPeerRouteRefreshCap:
|
|
bgp_peers:
|
|
- peer_address: 172.30.11.1
|
|
vrf: default
|
|
- VerifyBGPPeerMD5Auth:
|
|
bgp_peers:
|
|
- peer_address: 172.30.11.1
|
|
vrf: default
|
|
- peer_address: 172.30.11.5
|
|
vrf: default
|
|
- VerifyEVPNType2Route:
|
|
vxlan_endpoints:
|
|
- address: 192.168.20.102
|
|
vni: 10020
|
|
- address: aac1.ab5d.b41e
|
|
vni: 10010
|
|
- VerifyBGPAdvCommunities:
|
|
bgp_peers:
|
|
- peer_address: 172.30.11.17
|
|
vrf: default
|
|
- peer_address: 172.30.11.21
|
|
vrf: default
|
|
- VerifyBGPTimers:
|
|
bgp_peers:
|
|
- peer_address: 172.30.11.1
|
|
vrf: default
|
|
hold_time: 180
|
|
keep_alive_time: 60
|
|
- peer_address: 172.30.11.5
|
|
vrf: default
|
|
hold_time: 180
|
|
keep_alive_time: 60
|
|
- VerifyBGPPeerDropStats:
|
|
bgp_peers:
|
|
- peer_address: 10.101.0.4
|
|
vrf: default
|
|
drop_stats:
|
|
- inDropAsloop
|
|
- inDropClusterIdLoop
|
|
- inDropMalformedMpbgp
|
|
- inDropOrigId
|
|
- inDropNhLocal
|
|
- inDropNhAfV6
|
|
- VerifyBGPPeerUpdateErrors:
|
|
bgp_peers:
|
|
- peer_address: 10.100.0.8
|
|
vrf: default
|
|
update_errors:
|
|
- inUpdErrWithdraw
|
|
- inUpdErrIgnore
|
|
- VerifyBgpRouteMaps:
|
|
bgp_peers:
|
|
- peer_address: 10.100.4.1
|
|
vrf: default
|
|
inbound_route_map: RM-MLAG-PEER-IN
|
|
outbound_route_map: RM-MLAG-PEER-IN
|
|
- VerifyBGPPeerRouteLimit:
|
|
bgp_peers:
|
|
- peer_address: 10.100.0.8
|
|
vrf: default
|
|
maximum_routes: 12000
|
|
warning_limit: 10000
|
|
ospf:
|
|
- VerifyOSPFNeighborState:
|
|
- VerifyOSPFNeighborCount:
|
|
number: 3
|
|
- VerifyOSPFMaxLSA:
|
|
isis:
|
|
- VerifyISISNeighborState:
|
|
- VerifyISISNeighborCount:
|
|
interfaces:
|
|
- name: Ethernet1
|
|
level: 1
|
|
count: 2
|
|
- name: Ethernet2
|
|
level: 2
|
|
count: 1
|
|
- name: Ethernet3
|
|
count: 2
|
|
# level is set to 2 by default
|
|
- VerifyISISInterfaceMode:
|
|
interfaces:
|
|
- name: Loopback0
|
|
mode: passive
|
|
# vrf is set to default by default
|
|
- name: Ethernet2
|
|
mode: passive
|
|
level: 2
|
|
# vrf is set to default by default
|
|
- name: Ethernet1
|
|
mode: point-to-point
|
|
vrf: default
|
|
# level is set to 2 by default
|
|
- VerifyISISSegmentRoutingAdjacencySegments:
|
|
instances:
|
|
- name: CORE-ISIS
|
|
vrf: default
|
|
segments:
|
|
- interface: Ethernet2
|
|
address: 10.0.1.3
|
|
sid_origin: dynamic
|
|
- VerifyISISSegmentRoutingDataplane:
|
|
instances:
|
|
- name: CORE-ISIS
|
|
vrf: default
|
|
dataplane: MPLS
|
|
- VerifyISISSegmentRoutingTunnels:
|
|
entries:
|
|
# Check only endpoint
|
|
- endpoint: 1.0.0.122/32
|
|
# Check endpoint and via TI-LFA
|
|
- endpoint: 1.0.0.13/32
|
|
vias:
|
|
- type: tunnel
|
|
tunnel_id: ti-lfa
|
|
# Check endpoint and via IP routers
|
|
- endpoint: 1.0.0.14/32
|
|
vias:
|
|
- type: ip
|
|
nexthop: 1.1.1.1
|