Merge "Integrate vMX in tungstenfabric environment"
diff --git a/de/heat-templates/env/migration-mstr1-wrkr5-cmp2-ntw3.yaml b/de/heat-templates/env/migration-mstr1-wrkr5-cmp2-ntw3.yaml
index d55232c..82d04fd 100644
--- a/de/heat-templates/env/migration-mstr1-wrkr5-cmp2-ntw3.yaml
+++ b/de/heat-templates/env/migration-mstr1-wrkr5-cmp2-ntw3.yaml
@@ -32,8 +32,8 @@
   ironic_baremetal_network_pool_start: '10.14.0.100'
   ironic_baremetal_network_pool_end: '10.14.0.200'
   control_network_cidr: '10.9.10.0/24'
-  control_network_vsrx_peering_ip: '10.9.10.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.9.10.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","local-volume-provisioner": "enabled"}}
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-ntw3.yaml
index 037c118..66cacdc 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-ntw3.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -22,12 +23,13 @@
   ucp_boot_timeout: 3600
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   tungstenfabric_enabled: true
+  vsrx_enabled: true
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_network_ipam_pool_start: '10.11.12.3'
   private_floating_network_ipam_pool_end: '10.11.12.99'
   private_floating_network_gateway: '10.11.12.1'
-  control_network_vsrx_peering_ip: '10.10.0.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","local-volume-provisioner": "enabled"}}
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vsrx1.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vsrx1.yaml
index e2bc3a5..9c8bff0 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vsrx1.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vsrx1.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -23,9 +24,10 @@
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_interface: 'ens4'
-  control_network_vsrx_peering_ip: '10.10.0.131'
+  vsrx_enabled: true
+  control_network_ext_router_ip: '10.10.0.131'
   private_floating_network_gateway: '10.11.12.254'
-  data_network_vsrx_ip: '10.15.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway": "enabled","local-volume-provisioner": "enabled", "openstack-frrouting": "enabled"}}
   cmp_metadata: {"labels": {"openstack-compute-node":"enabled","openvswitch":"enabled", "role":"ceph-osd-node"}}
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-lma3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-lma3.yaml
index 0118654..e8c21f9 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-lma3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-lma3.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -22,12 +23,13 @@
   ucp_boot_timeout: 3600
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   tungstenfabric_enabled: true
+  vsrx_enabled: true
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_network_gateway: '10.11.12.1'
   private_floating_network_ipam_pool_start: '10.11.12.3'
   private_floating_network_ipam_pool_end: '10.11.12.99'
-  control_network_vsrx_peering_ip: '10.10.0.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","local-volume-provisioner": "enabled"}}
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vbmc2.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vbmc2.yaml
index 547c25b..175077f 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vbmc2.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vbmc2.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -22,12 +23,13 @@
   ucp_boot_timeout: 3600
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   tungstenfabric_enabled: true
+  vsrx_enabled: true
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_network_ipam_pool_start: '10.11.12.3'
   private_floating_network_ipam_pool_end: '10.11.12.99'
   private_floating_network_gateway: '10.11.12.1'
-  control_network_vsrx_peering_ip: '10.10.0.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","local-volume-provisioner": "enabled"}}
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vmx.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vmx.yaml
new file mode 100644
index 0000000..714ae8c
--- /dev/null
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vmx.yaml
@@ -0,0 +1,74 @@
+resource_registry:
+  "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
+  "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
+  "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
+  "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
+  "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
+  "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
+  "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VMX": ../fragments/vMX.yaml
+  "OS::Nova::VmxRe": ../fragments/vmx-components/vms/re.yaml
+  "OS::Nova::VmxFpcSingle": ../fragments/vmx-components/vms/fpc_no_metadata.yaml
+  "OS::Networking::VmxFpcFixedNet": ../fragments/vmx-components/vms/fpc_fixed_net.yaml
+  "OS::Networking::VmxInternalNet": ../fragments/vmx-components/bridges/bridges_internal.yaml
+  "OS::Networking::VmxPort": ../fragments/vmx-components/ports/port.yaml
+  "OS::Networking::VmxFpcEvpnNet": ../fragments/vmx-components/network/evpn_network.yaml
+
+parameters:
+  # vmx parameters
+  vmx_linux_img: vPFC-20170216
+  vmx_linux_flav: vfp.lite
+  vmx_junos_img: vmx-x86-64-17.1R1.8
+  vmx_junos_flav: vcp.lite
+  vmx_gateway_ip: 10.10.0.1
+
+  image: bionic-server-cloudimg-amd64-20190612
+  public_net_id: public
+  masters_size: 0
+  worker_size: 3
+  cmp_size: 2
+  gtw_size: 0
+  lma_size: 0
+  osd_size: 0
+  ntw_size: 3
+  ucp_boot_timeout: 3600
+  cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
+  tungstenfabric_enabled: true
+  vmx_enabled: true
+  private_floating_network_cidr: '10.11.12.0/24'
+  private_floating_network_ipam_pool_start: '10.11.12.3'
+  private_floating_network_ipam_pool_end: '10.11.12.99'
+  private_floating_network_gateway: '10.11.12.1'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
+  evpn_network_vmx_ip: '10.20.100.100'
+  private_floating_interface: 'ens4'
+  tunnel_interface: 'ens8'
+  worker_metadata: {"labels": {"openstack-control-plane":"enabled","local-volume-provisioner": "enabled"}}
+  cmp_metadata: {"labels": {"openstack-compute-node":"enabled","tfvrouter":"enabled", "role":"ceph-osd-node"}}
+  ntw_metadata: {"labels": {"tfconfig":"enabled","tfconfigdb":"enabled","tfcontrol":"enabled","tfanalytics":"enabled","tfanalyticsdb":"enabled","tfwebui":"enabled","local-volume-provisioner": "enabled"}}
+  # hardware_metadata which is used for Ceph requires flavor with
+  # ephemeral storage because it is used for Ceph bluestore.
+  workers_flavor: 'system.compact.openstack.control.ephemeral'
+  cmps_flavor: 'system.compact.openstack.control.ephemeral'
+  storage_frontend_network_cidr: '10.12.1.0/24'
+  storage_backend_network_cidr: '10.12.0.0/24'
+  hardware_metadata: |
+    '00:00:00:00:00:00':
+      write_files:
+        - path: /usr/share/metadata/ceph.yaml
+          content: |
+            storageDevices:
+              - name: vdb
+                role: hdd
+                sizeGb: 20
+            ramGb: 8
+            cores: 2
+            # The roles will be assigned based on node labels.
+            # roles:
+            #   - mon
+            #   - mgr
+            ips:
+              - 192.168.122.101
+            crushPath: {}
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3.yaml
index 54d0047..ad61006 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -21,12 +22,13 @@
   ucp_boot_timeout: 3600
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   tungstenfabric_enabled: true
+  vsrx_enabled: true
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_network_ipam_pool_start: '10.11.12.3'
   private_floating_network_ipam_pool_end: '10.11.12.99'
   private_floating_network_gateway: '10.11.12.1'
-  control_network_vsrx_peering_ip: '10.10.0.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","local-volume-provisioner": "enabled"}}
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp3-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp3-ntw3.yaml
index 9d5842a..58ea460 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp3-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp3-ntw3.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -21,12 +22,13 @@
   ucp_boot_timeout: 3600
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   tungstenfabric_enabled: true
+  vsrx_enabled: true
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_network_gateway: '10.11.12.1'
   private_floating_network_ipam_pool_start: '10.11.12.3'
   private_floating_network_ipam_pool_end: '10.11.12.99'
-  control_network_vsrx_peering_ip: '10.10.0.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","local-volume-provisioner": "enabled"}}
diff --git a/de/heat-templates/env/mstr1-wrkr5-cmp2-gtw0-vsrx1.yaml b/de/heat-templates/env/mstr1-wrkr5-cmp2-gtw0-vsrx1.yaml
index 20fa4bd..5bb86fa 100644
--- a/de/heat-templates/env/mstr1-wrkr5-cmp2-gtw0-vsrx1.yaml
+++ b/de/heat-templates/env/mstr1-wrkr5-cmp2-gtw0-vsrx1.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -23,9 +24,10 @@
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_interface: 'ens4'
-  control_network_vsrx_peering_ip: '10.10.0.131'
+  vsrx_enabled: true
+  control_network_ext_router_ip: '10.10.0.131'
   private_floating_network_gateway: '10.11.12.254'
-  data_network_vsrx_ip: '10.15.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway": "enabled","local-volume-provisioner": "enabled", "openstack-frrouting": "enabled"}}
   cmp_metadata: {"labels": {"openstack-compute-node":"enabled","openvswitch":"enabled", "role":"ceph-osd-node"}}
diff --git a/de/heat-templates/env/mstr1-wrkr5-cmp2-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr5-cmp2-ntw3.yaml
index 658d577..7bf7d3c 100644
--- a/de/heat-templates/env/mstr1-wrkr5-cmp2-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr5-cmp2-ntw3.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -25,8 +26,8 @@
   private_floating_network_ipam_pool_start: '10.11.12.3'
   private_floating_network_ipam_pool_end: '10.11.12.99'
   private_floating_network_gateway: '10.11.12.1'
-  control_network_vsrx_peering_ip: '10.10.0.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled","local-volume-provisioner": "enabled"}}
diff --git a/de/heat-templates/env/mstr3-wrkr3-cmp2-ntw3-lma0-osd3.yaml b/de/heat-templates/env/mstr3-wrkr3-cmp2-ntw3-lma0-osd3.yaml
index b3ad83e..740ba89 100644
--- a/de/heat-templates/env/mstr3-wrkr3-cmp2-ntw3-lma0-osd3.yaml
+++ b/de/heat-templates/env/mstr3-wrkr3-cmp2-ntw3-lma0-osd3.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -27,12 +28,13 @@
   ucp_boot_timeout: 3600
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   tungstenfabric_enabled: true
+  vsrx_enabled: true
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_network_gateway: '10.11.12.1'
   private_floating_network_ipam_pool_start: '10.11.12.3'
   private_floating_network_ipam_pool_end: '10.11.12.99'
-  control_network_vsrx_peering_ip: '10.10.0.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane":"enabled", "openvswitch":"enabled", "openstack-gateway": "enabled","local-volume-provisioner": "enabled","role": "stacklight", "stacklight": "enabled"}}
diff --git a/de/heat-templates/env/mstr3-wrkr3-cmp2-ntw3-lma3-osd3.yaml b/de/heat-templates/env/mstr3-wrkr3-cmp2-ntw3-lma3-osd3.yaml
index aa5c753..86e3b82 100644
--- a/de/heat-templates/env/mstr3-wrkr3-cmp2-ntw3-lma3-osd3.yaml
+++ b/de/heat-templates/env/mstr3-wrkr3-cmp2-ntw3-lma3-osd3.yaml
@@ -1,12 +1,13 @@
 resource_registry:
   "MCP2::NetworkAcc": ../fragments/NetworkAccVM.yaml
   "MCP2::NetworkAccStorage": ../fragments/NetworkAccVMStorage.yaml
-  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFlVSRX.yaml
+  "MCP2::NetworkPrvFl": ../fragments/NetworkPrvFl.yaml
   "MCP2::NetworkIronicFlat": ../fragments/NetworkIronicFlat.yaml
   "MCP2::NetworkTun": ../fragments/NetworkTun.yaml
   "MCP2::SrvInstances": ../fragments/SrvInstancesVM.yaml
   "MCP2::SrvInstancesCeph": ../fragments/SrvInstancesVMCeph.yaml
   "MCP2::SrvInstancesCephOSD": ../fragments/SrvInstancesVMCephOSD.yaml
+  "MCP2::VSRX": ../fragments/vSRX.yaml
 
 parameters:
   image: bionic-server-cloudimg-amd64-20190612
@@ -28,12 +29,13 @@
   ucp_boot_timeout: 3600
   cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
   tungstenfabric_enabled: true
+  vsrx_enabled: true
   private_floating_network_cidr: '10.11.12.0/24'
   private_floating_network_gateway: '10.11.12.1'
   private_floating_network_ipam_pool_start: '10.11.12.3'
   private_floating_network_ipam_pool_end: '10.11.12.99'
-  control_network_vsrx_peering_ip: '10.10.0.131'
-  data_network_vsrx_ip: '10.15.0.131'
+  control_network_ext_router_ip: '10.10.0.131'
+  tun_network_ext_router_ip: '10.15.0.131'
   private_floating_interface: 'ens4'
   tunnel_interface: 'ens8'
   worker_metadata: {"labels": {"openstack-control-plane": "enabled", "openvswitch": "enabled","openstack-gateway":"enabled","local-volume-provisioner": "enabled"}}
diff --git a/de/heat-templates/fragments/NetworkAccVM.yaml b/de/heat-templates/fragments/NetworkAccVM.yaml
index 4954b0f..ee7abab 100644
--- a/de/heat-templates/fragments/NetworkAccVM.yaml
+++ b/de/heat-templates/fragments/NetworkAccVM.yaml
@@ -13,7 +13,7 @@
     default: []
   tungstenfabric_enabled:
     type: boolean
-  control_network_vsrx_peering_ip:
+  control_network_ext_router_ip:
     type: string
     default: ''
   private_floating_network_cidr:
@@ -53,7 +53,7 @@
     condition: cond_extra_routes
     properties:
       destination: { get_param: private_floating_network_cidr }
-      nexthop: { get_param: control_network_vsrx_peering_ip }
+      nexthop: { get_param: control_network_ext_router_ip }
       router_id: { get_resource: router }
 
 
diff --git a/de/heat-templates/fragments/NetworkPrvFl.yaml b/de/heat-templates/fragments/NetworkPrvFl.yaml
index 20a50a4..29bd1da 100644
--- a/de/heat-templates/fragments/NetworkPrvFl.yaml
+++ b/de/heat-templates/fragments/NetworkPrvFl.yaml
@@ -7,27 +7,6 @@
     type: string
   private_floating_network_ipam_pool_end:
     type: string
-  private_floating_network_gateway:
-    type: string
-    default: ''
-  accessible_network:
-    type: string
-    default: ''
-  control_network_vsrx_peering_ip:
-    type: string
-    default: ''
-  data_network_vsrx_ip:
-    type: string
-  tun_network:
-    type: string
-  vsrx_image:
-    type: string
-    default: mos-vsrx-acc-fl-tun
-  vsrx_flavor:
-    type: string
-    default: oc_vsrx
-  public_net_id:
-    type: string
 
 resources:
 
diff --git a/de/heat-templates/fragments/vMX.yaml b/de/heat-templates/fragments/vMX.yaml
new file mode 100644
index 0000000..f0dd60c
--- /dev/null
+++ b/de/heat-templates/fragments/vMX.yaml
@@ -0,0 +1,147 @@
+heat_template_version: queens
+
+parameters:
+  linux_img:
+    type: string
+    description: Name of image to use for servers
+  linux_flav:
+    type: string
+    description: Name of image to use for servers
+  junos_flav:
+    type: string
+    description: Name of image to use for servers
+  junos_img:
+    type: string
+    description: Name of image to use for servers
+  vmx_gateway_ip:
+    type: string
+    description: Default GW for vmx
+  vmx_lo_ip:
+    type: string
+    description: lo ip addr (used for BGP peering)
+  evpn_network_vmx_ip:
+    type: string
+    description: vmx ip addr in a network for evpn test
+
+  accessible_network_id:
+    type: string
+  control_network_cidr:
+    type: string
+  control_network_vmx_ip:
+    type: string
+
+  tun_network_id:
+    type: string
+  tun_network_cidr:
+    type: string
+  tun_network_vmx_ip:
+    type: string
+
+  private_floating_network_id:
+    type: string
+  private_floating_network_cidr:
+    type: string
+  private_floating_network_gateway:
+    type: string
+
+  evpn_network_cidr:
+    type: string
+  evpn_network_ipam_pool_start:
+    type: string
+  evpn_network_ipam_pool_end:
+    type: string
+
+  public_net_id:
+    type: string
+
+resources:
+
+  accessible_server_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_param: accessible_network_id }
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: control_network_vmx_ip }
+
+  private_floating_server_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_param: private_floating_network_id }
+      port_security_enabled: false
+      fixed_ips:
+        - ip_address: { get_param: private_floating_network_gateway}
+
+  tun_server_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_param: tun_network_id }
+      port_security_enabled: false
+      fixed_ips:
+      - ip_address: { get_param: tun_network_vmx_ip}
+
+  server_floating_ip:
+    type: OS::Neutron::FloatingIP
+    properties:
+      floating_network_id: { get_param: public_net_id }
+      port_id: { get_resource: accessible_server_port }
+
+  vmx_int_network:
+    type: OS::Networking::VmxInternalNet
+
+  evpn_network:
+    type: OS::Networking::VmxFpcEvpnNet
+    properties:
+      evpn_network_cidr: { get_param: evpn_network_cidr }
+      evpn_network_ipam_pool_start: { get_param: evpn_network_ipam_pool_start }
+      evpn_network_ipam_pool_end: { get_param: evpn_network_ipam_pool_end }
+
+  evpn_server_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_attr: [ evpn_network, evpn_network_id ] }
+      port_security_enabled: false
+      fixed_ips:
+      - ip_address: { get_param: evpn_network_vmx_ip }
+
+  re0:
+    type: OS::Nova::VmxRe
+    properties:
+      junos_flav: { get_param: junos_flav }
+      junos_img: { get_param: junos_img }
+      re_pfe_network: { get_attr: [ vmx_int_network, re_pfe_network ] }
+      access_port: { get_resource: accessible_server_port }
+      access_port_ip: {get_param: control_network_vmx_ip }
+      control_network_cidr: { get_param: control_network_cidr }
+      gateway_ip: { get_param: vmx_gateway_ip }
+      lo_ip: { get_param: vmx_lo_ip }
+      floating_port_ip: { get_param: private_floating_network_gateway }
+      tun_network_cidr: { get_param: tun_network_cidr }
+      tun_port_ip: { get_param: tun_network_vmx_ip }
+      evpn_port_ip: { get_param: evpn_network_vmx_ip }
+
+  fpc0:
+    type: OS::Nova::VmxFpcSingle
+    properties:
+      linux_img: { get_param: linux_img }
+      linux_flav: { get_param: linux_flav }
+      id: 0
+      re0_ip: { get_attr: [ fpc0_fixed_net, external_ip ] }
+      all_ports: [ { get_attr: [ fpc0_fixed_net, external_port ] },
+                   { get_attr: [ fpc0_fixed_net, internal_port ] },
+                   { get_resource: private_floating_server_port },
+                   { get_resource: tun_server_port },
+                   { get_resource: evpn_server_port } ]
+
+  fpc0_fixed_net:
+    type: OS::Networking::VmxFpcFixedNet
+    properties:
+      public_network: { get_param: accessible_network_id }
+      re_pfe_network: { get_attr: [ vmx_int_network, re_pfe_network ] }
+      id: 0
+      internal_ip: 128.0.0.16
+
+outputs:
+  re_floating_ip:
+    description: Floating IP address of server in public network
+    value: { get_attr: [ server_floating_ip, floating_ip_address ] }
diff --git a/de/heat-templates/fragments/NetworkPrvFlVSRX.yaml b/de/heat-templates/fragments/vSRX.yaml
similarity index 68%
rename from de/heat-templates/fragments/NetworkPrvFlVSRX.yaml
rename to de/heat-templates/fragments/vSRX.yaml
index 988121d..23d64b4 100644
--- a/de/heat-templates/fragments/NetworkPrvFlVSRX.yaml
+++ b/de/heat-templates/fragments/vSRX.yaml
@@ -1,17 +1,13 @@
 heat_template_version: queens
 
 parameters:
-  private_floating_network_cidr:
-    type: string
-  private_floating_network_ipam_pool_start:
-    type: string
-  private_floating_network_ipam_pool_end:
+  private_floating_network_id:
     type: string
   private_floating_network_gateway:
     type: string
   accessible_network:
     type: string
-  control_network_vsrx_peering_ip:
+  control_network_vsrx_ip:
     type: string
   data_network_vsrx_ip:
     type: string
@@ -31,33 +27,18 @@
 
 resources:
 
-  network:
-    type: OS::Neutron::Net
-    properties:
-      port_security_enabled: false
-  subnet:
-    type: OS::Neutron::Subnet
-    properties:
-      network: { get_resource: network }
-      enable_dhcp: false
-      cidr: { get_param: private_floating_network_cidr }
-      gateway_ip: ~
-      allocation_pools:
-        - start: { get_param: private_floating_network_ipam_pool_start }
-          end: { get_param: private_floating_network_ipam_pool_end }
-
   accessible_server_port:
     type: OS::Neutron::Port
     properties:
       network_id: { get_param: accessible_network }
       port_security_enabled: false
       fixed_ips:
-       - ip_address: {get_param: control_network_vsrx_peering_ip }
+       - ip_address: {get_param: control_network_vsrx_ip }
 
   private_floating_server_port:
     type: OS::Neutron::Port
     properties:
-      network_id: { get_resource: network }
+      network_id: { get_param: private_floating_network_id }
       port_security_enabled: false
       fixed_ips:
         - ip_address: { get_param: private_floating_network_gateway}
@@ -89,10 +70,8 @@
         - port: { get_resource: tun_server_port }
 
 outputs:
-  private_floating_network_id:
-    value: { get_resource: network }
-  private_floating_subnet_id:
-    value: { get_resource: subnet }
   server_public_ip:
     description: Floating IP address of server in public network
     value: { get_attr: [ server_floating_ip, floating_ip_address ] }
+  vsrx_show:
+    value: { get_attr: [ vsrx_instance, show ] }
diff --git a/de/heat-templates/fragments/vmx-components/bridges/bridges_internal.yaml b/de/heat-templates/fragments/vmx-components/bridges/bridges_internal.yaml
new file mode 100644
index 0000000..4e203bf
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/bridges/bridges_internal.yaml
@@ -0,0 +1,26 @@
+heat_template_version: 2015-10-15
+parameters:
+
+resources:
+  bridge_net_re_pfe:
+    type: OS::Neutron::Net
+    properties:
+      admin_state_up: true
+      name:
+        str_replace:
+          template: "%ident%-vfp0-to-vcp0"
+          params:
+            '%ident%': {get_param: "OS::stack_name"}
+
+  bridge_network_subnet_re_pfe:
+    properties:
+      cidr: 128.0.0.0/24
+      network_id: {get_resource: bridge_net_re_pfe}
+      enable_dhcp: False
+      gateway_ip: 128.0.0.3
+    type: OS::Neutron::Subnet
+
+outputs:
+  re_pfe_network:
+    description: RE-PFE bridge
+    value: {get_resource: bridge_net_re_pfe}
diff --git a/de/heat-templates/fragments/vmx-components/network/evpn_network.yaml b/de/heat-templates/fragments/vmx-components/network/evpn_network.yaml
new file mode 100644
index 0000000..384f3c0
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/network/evpn_network.yaml
@@ -0,0 +1,28 @@
+heat_template_version: queens
+
+parameters:
+  evpn_network_cidr:
+    type: string
+  evpn_network_ipam_pool_start:
+    type: string
+  evpn_network_ipam_pool_end:
+    type: string
+
+resources:
+
+  network:
+    type: OS::Neutron::Net
+  subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: { get_resource: network }
+      enable_dhcp: false
+      cidr: { get_param: evpn_network_cidr }
+      gateway_ip: ~
+      allocation_pools:
+        - start: { get_param: evpn_network_ipam_pool_start }
+          end: { get_param: evpn_network_ipam_pool_end }
+
+outputs:
+  evpn_network_id:
+    value: { get_resource: network }
diff --git a/de/heat-templates/fragments/vmx-components/ports/port.yaml b/de/heat-templates/fragments/vmx-components/ports/port.yaml
new file mode 100755
index 0000000..25fbb0c
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/ports/port.yaml
@@ -0,0 +1,26 @@
+heat_template_version: 2015-10-15
+parameters:
+  vnetwork_id: {description: ID of network, type: string}
+  pname: {description: name, type: string}
+
+resources:
+  port:
+    type: OS::Neutron::Port
+    properties:
+      port_security_enabled: false
+      network: {get_param: vnetwork_id}
+      name:
+        str_replace:
+          template: "%ident%_%name%"
+          params:
+            '%ident%': {get_param: "OS::stack_name"}
+            '%name%': {get_param: pname}
+
+outputs:
+  port:
+    description: port
+    value: { get_resource: port}
+  ip:
+    description: The IP address assigned to the VM
+    value: { get_attr: [port, fixed_ips, 0, ip_address] }
+
diff --git a/de/heat-templates/fragments/vmx-components/ports/re_pfe_port.yaml b/de/heat-templates/fragments/vmx-components/ports/re_pfe_port.yaml
new file mode 100755
index 0000000..0e1a1e0
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/ports/re_pfe_port.yaml
@@ -0,0 +1,24 @@
+heat_template_version: 2015-10-15 
+parameters:
+  vnetwork_id: {description: ID of network, type: string}
+  ip_addr: {description: Fixed IP, type: string}
+  name: {description: name, type: string}
+
+resources:
+  port:
+    type: OS::Neutron::Port
+    properties:
+      port_security_enabled: false
+      name: {get_param: name}
+      network: {get_param: vnetwork_id}
+      fixed_ips:
+        - ip_address: {get_param: ip_addr}
+
+outputs:
+  port:
+    description: port
+    value: { get_resource: port}
+  ip:
+    description: The IP address assigned to the VM
+    value: { get_attr: [port, fixed_ips, 0, ip_address] }
+
diff --git a/de/heat-templates/fragments/vmx-components/vms/fpc.yaml b/de/heat-templates/fragments/vmx-components/vms/fpc.yaml
new file mode 100644
index 0000000..301e4e2
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/vms/fpc.yaml
@@ -0,0 +1,54 @@
+heat_template_version: 2015-10-15
+parameters:
+  project_name: {description: Project name, type: string}
+  id: {description: FPC id, type: string}
+  linux_img: {description: Linux PFE image, type: string}
+  linux_flav: {description: Type of FPC/linux Image, type: string}
+  gateway_ip: {description: ip of gateway, type: string}
+  re0_ip: {description: ip of RE0, type: string}
+  all_ports: {description: ge port list, type: comma_delimited_list}
+  stack_name: {description: Stack name, type: string}
+
+resources:
+  fpc:
+    properties:
+      config_drive: true
+      flavor: {get_param: linux_flav}
+      image: {get_param: linux_img}
+      metadata:
+        boot_noveriexec: 'yes'
+        gateway: {get_param: gateway_ip}
+        hostname:
+          str_replace:
+            template: "Instance_%proj%-%ident%-fpc%id%"
+            params:
+              '%proj%': {get_param: project_name}
+              '%ident%': {get_param: stack_name}
+              '%id%': {get_param: id}
+        hw.pci.link.0x60.irq: 10
+        netmask: '24'
+        re0_ip: {get_param: re0_ip}
+        vm_chassname: {get_param: stack_name}
+        vm_chassis_i2cid: "161"
+        vm_i2cid: '0xBAA'
+        vm_instance: {get_param: id} 
+        vm_is_virtual: 1
+        vm_ore_present: 0
+        vm_retype: RE-VMX
+        vmchtype: mx240
+        vmtype: 1
+      name:
+        str_replace:
+          template: "Instance_%proj%-%ident%_fpc%id%"
+          params:
+            '%proj%': {get_param: project_name}
+            '%ident%': {get_param: stack_name}
+            '%id%': {get_param: id}
+      networks:
+        repeat:
+          for_each:
+            <%ports%>: { get_param: all_ports }
+          template:
+            port: <%ports%>
+    type: OS::Nova::Server
+
diff --git a/de/heat-templates/fragments/vmx-components/vms/fpc_fixed_net.yaml b/de/heat-templates/fragments/vmx-components/vms/fpc_fixed_net.yaml
new file mode 100644
index 0000000..5e0b231
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/vms/fpc_fixed_net.yaml
@@ -0,0 +1,40 @@
+heat_template_version: 2015-10-15
+parameters:
+  public_network: {description: ID of public network, type: string}
+  re_pfe_network: {description: ID of RE-PFE network, type: string}
+  id: {description: ID of port, type: string}
+  internal_ip: {description: IP of internal port, type: string}
+
+resources:
+  external_port:
+    type: ../ports/port.yaml
+    properties:
+      vnetwork_id: {get_param: public_network}
+      pname:
+        str_replace:
+          template: "public_fpc_%id%"
+          params:
+            '%id%': {get_param: id}
+
+  internal_port:
+      type: ../ports/re_pfe_port.yaml
+      properties:
+        vnetwork_id: {get_param: re_pfe_network}
+        ip_addr: {get_param: internal_ip}
+        name:
+          str_replace:
+            template: "Port_%ident%_internal_fpc_%id%"
+            params:
+              '%ident%': {get_param: "OS::stack_name"}
+              '%id%': {get_param: id}
+
+outputs:
+  external_port:
+    description: external port
+    value: {get_attr: [external_port, port]}
+  external_ip:
+    description: external port IP
+    value: {get_attr: [external_port, ip]}
+  internal_port:
+    description: internal port
+    value: {get_attr: [internal_port, port]}
diff --git a/de/heat-templates/fragments/vmx-components/vms/fpc_no_metadata.yaml b/de/heat-templates/fragments/vmx-components/vms/fpc_no_metadata.yaml
new file mode 100644
index 0000000..ba129af
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/vms/fpc_no_metadata.yaml
@@ -0,0 +1,26 @@
+heat_template_version: 2015-10-15
+parameters:
+  id: {description: FPC id, type: string}
+  linux_img: {description: Linux PFE image, type: string}
+  linux_flav: {description: Type of FPC/linux Image, type: string}
+  re0_ip: {description: ip of RE0, type: string}
+  all_ports: {description: ge port list, type: comma_delimited_list}
+
+resources:
+  fpc:
+    type: OS::Nova::Server
+    properties:
+      flavor: {get_param: linux_flav}
+      image: {get_param: linux_img}
+      name:
+        str_replace:
+          template: "vMX_fpc%id%_%ident%"
+          params:
+            '%ident%': {get_param: "OS::stack_name"}
+            '%id%': {get_param: id}
+      networks:
+        repeat:
+          for_each:
+            <%ports%>: { get_param: all_ports }
+          template:
+            port: <%ports%>
diff --git a/de/heat-templates/fragments/vmx-components/vms/re.yaml b/de/heat-templates/fragments/vmx-components/vms/re.yaml
new file mode 100755
index 0000000..0c52f50
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/vms/re.yaml
@@ -0,0 +1,67 @@
+heat_template_version: 2015-10-15 
+parameters:
+  access_port: {description: ID of public port, type: string}
+  access_port_ip: {description: IP of public port, type: string}
+  control_network_cidr: { type: string }
+  re_pfe_network: {description: ID of RE-PFE network, type: string}
+  junos_flav: {description: Type of Image, type: string}
+  junos_img: {description: Junos RE image, type: string}
+  gateway_ip: {description: ip of gateway, type: string}
+  lo_ip: {description: ip of lo interface, type: string}
+  floating_port_ip: { type: string }
+  tun_network_cidr: { type: string }
+  tun_port_ip: { description: ip of interface from data (tunnel) network, type: string }
+  evpn_port_ip: { description: ip of interface from network for evpn test, type: string }
+
+resources:
+  re_fixed_net:
+    type: vm_fixed_net.yaml
+    properties:
+      re_pfe_network: { get_param: re_pfe_network }
+      ext_name: public_re
+      int_name: internal_re
+      internal_ip: 128.0.0.1
+
+  re:
+    type: OS::Nova::Server
+    properties:
+      config_drive: true
+      flavor: {get_param: junos_flav}
+      image: {get_param: junos_img}
+      metadata:
+        gateway: { get_param: gateway_ip }
+        hostname: "vMX_re0"
+        hw.pci.link.0x60.irq: 10
+        netmask: '24'
+        re0_ip:
+          {get_param: access_port_ip}
+        vm_chassis_i2cid: "161"
+        vm_chassisname: {get_param: "OS::stack_name"}
+        vm_chassname: {get_param: "OS::stack_name"}
+        vm_i2cid: '0xBAA'
+        vm_instance: 0
+        vm_is_virtual: 1
+        vm_ore_present: 0
+        vm_retype: RE-VMX
+        vmchtype: mx240
+        vmtype: 0
+        console: vidconsole
+      name: 
+        str_replace:
+          template: "vMX_re0_%ident%"
+          params:
+            '%ident%': {get_param: "OS::stack_name"}
+      networks:
+      - port: {get_param: access_port}
+      - port: {get_attr: [re_fixed_net, internal_port]}
+      personality:
+        /var/db/cumulus/baseline_config.template:
+          str_replace:
+            template: { get_file: vmx_evpn.conf }
+            params:
+              $lo_ip: { get_param: lo_ip }
+              $floating_port_ip: { get_param: floating_port_ip }
+              $control_network_cidr: { get_param: control_network_cidr }
+              $tun_network_cidr: { get_param: tun_network_cidr }
+              $tun_port_ip: { get_param: tun_port_ip }
+              $evpn_port_ip: { get_param: evpn_port_ip }
diff --git a/de/heat-templates/fragments/vmx-components/vms/vm_fixed_net.yaml b/de/heat-templates/fragments/vmx-components/vms/vm_fixed_net.yaml
new file mode 100644
index 0000000..7e1c0c4
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/vms/vm_fixed_net.yaml
@@ -0,0 +1,24 @@
+heat_template_version: 2015-10-15
+parameters:
+  re_pfe_network: {description: ID of RE-PFE network, type: string}
+  ext_name: {description: name of external port, type: string}
+  int_name: {description: name of internal port, type: string}
+  internal_ip: {description: IP of internal port, type: string}
+
+resources:
+
+  internal_port:
+      type: ../ports/re_pfe_port.yaml
+      properties:
+        vnetwork_id: {get_param: re_pfe_network}
+        ip_addr: {get_param: internal_ip} 
+        name:
+          str_replace:
+            template: "Port_%ident%_%name%"
+            params:
+              '%ident%': {get_param: "OS::stack_name"}
+              '%name%': {get_param: int_name}
+outputs:
+  internal_port:
+    description: internal port
+    value: {get_attr: [internal_port, port]}
diff --git a/de/heat-templates/fragments/vmx-components/vms/vmx_evpn.conf b/de/heat-templates/fragments/vmx-components/vms/vmx_evpn.conf
new file mode 100755
index 0000000..9fe0dc7
--- /dev/null
+++ b/de/heat-templates/fragments/vmx-components/vms/vmx_evpn.conf
@@ -0,0 +1,177 @@
+groups {
+    re0 {
+        system {
+            host-name %hostname%;
+            backup-router %gateway%;
+        }
+        interfaces {
+            fxp0 {  # Management/telnet Interface
+                unit 0 {
+                    family inet {
+                        address %re0_ip%/%netmask%; # Management/telnet address
+                    }
+                }
+            }
+        }
+    }
+    global {
+        system {
+            debugger-on-panic;
+            debugger-on-break;
+            dump-on-panic;
+            services {
+                finger;
+                ftp;
+                rlogin;
+                rsh;
+                ssh;
+                telnet;
+                xnm-clear-text;
+            }
+            syslog {
+                host log {
+                    kernel info;
+                    any notice;
+                    pfe info;
+                    interactive-commands any;
+                }
+                file messages {
+                    kernel info;
+                    any notice;
+                    authorization info;
+                    pfe info;
+                    archive world-readable;
+                }
+                file security {
+                    interactive-commands any;
+                    archive world-readable;
+                }
+            }
+            processes {
+                routing enable;
+                ntp enable;
+                management enable;
+                watchdog enable;
+                snmp enable;
+                inet-process enable;
+                mib-process enable;
+            }
+        }
+        chassis {
+            dump-on-panic;
+        }
+        interfaces {
+            lo0 {     # Local Loopback interface.
+                unit 0 {
+                    family inet {
+                        address $lo_ip/32;
+                    }
+                }
+            }
+            ge-0/0/0 {
+                unit 0 {
+                    family inet {
+                        address $floating_port_ip/24;
+                    }
+                }
+            }
+            ge-0/0/1 {
+                unit 0 {
+                    family inet {
+                        address  $tun_port_ip/24;
+                    }
+                }
+            }
+            ge-0/0/2 {
+                unit 0 {
+                    family bridge {
+                        interface-mode access;
+                        vlan-id 100;
+                    }
+                }
+            }
+            irb {
+                unit 100 {
+                    family inet {
+                        address $evpn_port_ip/24;
+                    }
+                }
+            }
+        }
+        snmp {
+            interface fxp0.0;
+            community public {
+                authorization read-only;
+            }
+            community private {
+                authorization read-write;
+            }
+        }
+        routing-options {
+            static {
+                route 0.0.0.0/0 next-hop %gateway%;
+            }
+            router-id $lo_ip;
+            route-distinguisher-id $lo_ip;
+            autonomous-system 64512;
+        }
+        protocols {
+            bgp {
+                group Contrail_Controller {
+                    type internal;
+                    local-address $lo_ip;
+                    keep all;
+                    family evpn {
+                        signaling;
+                    }
+                    allow [ $control_network_cidr $tun_network_cidr ];
+                }
+            }
+        }
+        routing-instances {
+            VIRTUAL_SWITCH {
+                vtep-source-interface lo0.0;
+                instance-type virtual-switch;
+                interface ge-0/0/2.0;
+                route-distinguisher 64512:100;
+                vrf-target target:64512:100;
+                protocols {
+                    evpn {
+                        encapsulation vxlan;
+                        extended-vni-list 100;
+                        multicast-mode ingress-replication;
+                    }
+                }
+                bridge-domains {
+                    BD100 {
+                        domain-type bridge;
+                        vlan-id 100;
+                        routing-interface irb.100;
+                        vxlan {
+                            vni 100;
+                            ingress-node-replication;
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+apply-groups [ global re0 ];
+system {
+    root-authentication {
+        encrypted-password "$6$.5tcJTSN$KPRcnIU50oyAWSanuWg7Hktab.kBauqIrjO33YERofHkD0nTTELOLVHnkA/sdoW5.qzg6IVBTg3xQE6wmnuaT0"; ## SECRET-DATA
+    }
+    ports {
+        console log-out-on-disconnect;
+    }
+    services {
+        netconf {
+            ssh;
+            rfc-compliant;
+        }
+    }
+}
+chassis {
+    network-services enhanced-ip;
+}
diff --git a/de/heat-templates/top.yaml b/de/heat-templates/top.yaml
index 4cb255e..d167980 100644
--- a/de/heat-templates/top.yaml
+++ b/de/heat-templates/top.yaml
@@ -24,13 +24,9 @@
       - "destination": "10.100.100.1/32"
         "nexthop": "172.16.1.1"
     default: []
-  control_network_vsrx_peering_ip:
+  control_network_ext_router_ip:
     type: string
-    description: IP address of vsrx for tungsten fabric peering
-    default: ''
-  data_network_vsrx_ip:
-    type: string
-    description: IP address of vsrx in tungsten fabric data network
+    description: IP address of vsrx/vmx in control network
     default: ''
   docker_default_address_pool:
     type: string
@@ -168,6 +164,30 @@
   tungstenfabric_enabled:
     type: boolean
     default: false
+  vmx_linux_img:
+    type: string
+    description: Name of image to use for servers
+    default: "vPFC-20170216"
+  vmx_linux_flav:
+    type: string
+    description: Name of image to use for servers
+    default: "vfp.lite"
+  vmx_junos_img:
+    type: string
+    description: Name of image to use for servers
+    default: "vmx-x86-64-17.1R1.8"
+  vmx_junos_flav:
+    type: string
+    description: Name of image to use for servers
+    default: "vcp.lite"
+  vmx_gateway_ip:
+    type: string
+    description: Default GW for vmx
+    default: '10.10.0.1'
+  vmx_lo_ip:
+    type: string
+    description: Ip of lo interface for vmx
+    default: '10.199.199.199'
   tun_network_cidr:
     type: string
     default: '10.15.0.0/24'
@@ -184,6 +204,10 @@
   tun_network_pool_end:
     type: string
     default: '10.15.0.99'
+  tun_network_ext_router_ip:
+    type: string
+    description: IP address of vsrx/vmx in data network
+    default: ''
   tun_network_host_routes:
     type: json
     description: >
@@ -191,6 +215,27 @@
       - "destination": "10.100.100.1/32"
         "nexthop": "172.16.1.1"
     default: []
+  evpn_network_cidr:
+    type: string
+    default: '10.20.100.0/24'
+  evpn_network_ipam_pool_start:
+    type: string
+    description: pool start which is used as pool for IPAM and assigned to instances port
+    default: '10.20.100.2'
+  evpn_network_ipam_pool_end:
+    type: string
+    description: pool end which is used as pool for IPAM and assigned to instances port
+    default: '10.20.100.99'
+  evpn_network_pool_start:
+    type: string
+    default: '10.20.100.105'
+  evpn_network_pool_end:
+    type: string
+    default: '10.20.100.200'
+  evpn_network_vmx_ip:
+    type: string
+    description: IP address of vmx in a network for evpn test
+    default: ''
   ucp_metadata:
     type: json
     default: {"role":"ucp"}
@@ -341,12 +386,38 @@
   secure_overlay_enabled:
     type: boolean
     default: false
+  vsrx_enabled:
+    type: boolean
+    default: false
+  vmx_enabled:
+    type: boolean
+    default: false
 
 conditions:
   aio_deploy:
     equals:
     - get_param: single_node
     - 'true'
+  tf:
+    equals:
+      - get_param: tungstenfabric_enabled
+      - true
+  vsrx_deploy:
+    equals:
+      - get_param: vsrx_enabled
+      - true
+  vmx_deploy:
+    and:
+      - tf
+      - equals:
+          - get_param: vmx_enabled
+          - true
+      - not:
+          vsrx_deploy
+  ext_router_deploy:
+    or:
+      - vsrx_deploy
+      - vmx_deploy
 
 resources:
   keypair_name:
@@ -369,7 +440,7 @@
       dns_nameservers: { get_param: dns_nameservers }
       control_network_host_routes: { get_param: control_network_host_routes }
       tungstenfabric_enabled: { get_param: tungstenfabric_enabled }
-      control_network_vsrx_peering_ip: { get_param: control_network_vsrx_peering_ip }
+      control_network_ext_router_ip: { get_param: control_network_ext_router_ip }
       private_floating_network_cidr: { get_param: private_floating_network_cidr }
 
   tun_network:
@@ -386,11 +457,50 @@
       private_floating_network_cidr: { get_param: private_floating_network_cidr }
       private_floating_network_ipam_pool_start: { get_param: private_floating_network_ipam_pool_start }
       private_floating_network_ipam_pool_end: { get_param: private_floating_network_ipam_pool_end }
-      private_floating_network_gateway: {get_param: private_floating_network_gateway}
-      control_network_vsrx_peering_ip: {get_param: control_network_vsrx_peering_ip}
-      accessible_network: { get_attr: [accessible_network, public_network]}
-      data_network_vsrx_ip: { get_param: data_network_vsrx_ip }
-      tun_network: { get_attr: [tun_network, tun_network_id] }
+
+  vmx:
+    depends_on:
+      - private_floating_network
+      - accessible_network
+      - tun_network
+    condition: vmx_deploy
+    type: MCP2::VMX
+    properties:
+      linux_img: { get_param: vmx_linux_img }
+      linux_flav: { get_param: vmx_linux_flav }
+      junos_img: { get_param: vmx_junos_img }
+      junos_flav: { get_param: vmx_junos_flav }
+      vmx_gateway_ip: { get_param: vmx_gateway_ip }
+      vmx_lo_ip: { get_param: vmx_lo_ip }
+      accessible_network_id: { get_attr: [ accessible_network, public_network ] }
+      control_network_cidr: { get_param: control_network_cidr }
+      control_network_vmx_ip: { get_param: control_network_ext_router_ip }
+      tun_network_id: { get_attr: [ tun_network, tun_network_id ] }
+      tun_network_vmx_ip: { get_param: tun_network_ext_router_ip }
+      tun_network_cidr: { get_param: tun_network_cidr }
+      private_floating_network_id: { get_attr: [private_floating_network, private_floating_network_id] }
+      private_floating_network_cidr: { get_param: private_floating_network_cidr }
+      private_floating_network_gateway: { get_param: private_floating_network_gateway }
+      evpn_network_cidr: { get_param: evpn_network_cidr }
+      evpn_network_ipam_pool_start: { get_param: evpn_network_ipam_pool_start }
+      evpn_network_ipam_pool_end: { get_param: evpn_network_ipam_pool_end }
+      evpn_network_vmx_ip: { get_param: evpn_network_vmx_ip }
+      public_net_id: { get_param: public_net_id }
+
+  vsrx:
+    depends_on:
+      - private_floating_network
+      - accessible_network
+      - tun_network
+    condition: vsrx_deploy
+    type: MCP2::VSRX
+    properties:
+      private_floating_network_id: { get_attr: [private_floating_network, private_floating_network_id] }
+      private_floating_network_gateway: { get_param: private_floating_network_gateway }
+      control_network_vsrx_ip: { get_param: control_network_ext_router_ip }
+      accessible_network: { get_attr: [ accessible_network, public_network ] }
+      data_network_vsrx_ip: { get_param: tun_network_ext_router_ip }
+      tun_network: { get_attr: [ tun_network, tun_network_id ] }
       vsrx_image: { get_param: vsrx_image }
       vsrx_flavor: { get_param: vsrx_flavor }
       public_net_id: { get_param: public_net_id }
@@ -1040,15 +1150,27 @@
     value: { get_param: storage_backend_network_cidr }
   tungstenfabric_enabled:
     value: { get_param: tungstenfabric_enabled }
-  data_network_vsrx_ip:
-    description: IP address of vsrx in tungsten fabric data network
-    value: { get_param: data_network_vsrx_ip }
-  control_network_vsrx_peering_ip:
-    description: IP address of vsrx in control/accessible network
-    value: { get_param: control_network_vsrx_peering_ip }
-  public_network_vsrx_ip:
-    description: IP address of vsrx in tungsten fabric public network
-    value: { get_attr: [private_floating_network, server_public_ip] }
+  tun_network_ext_router_ip:
+    condition: ext_router_deploy
+    description: IP address of vsrx/vmx in data network
+    value: { get_param: tun_network_ext_router_ip }
+  control_network_ext_router_ip:
+    condition: ext_router_deploy
+    description: IP address of vsrx/vmx in control/accessible network
+    value: { get_param: control_network_ext_router_ip }
+  public_network_ext_router_ip:
+    condition: ext_router_deploy
+    description: Public IP of vsrx/vmx instance
+    value: { if: [ vmx_deploy, get_attr: [ vmx, re_floating_ip ], get_attr: [ vsrx, server_public_ip ] ] }
   accessible_router:
     description: Router from accessible network to public
     value: { get_attr: [accessible_network, accessible_router] }
+  evpn_network_cidr:
+    description: Network CIDR for evpn tests
+    value: { get_param: evpn_network_cidr }
+  evpn_network_pool_start:
+    description: IPAM pool start for evpn tests
+    value: { get_param: evpn_network_pool_start }
+  evpn_network_pool_end:
+    description: IPAM pool end for evpn tests
+    value: { get_param: evpn_network_pool_end }
diff --git a/tox.ini b/tox.ini
index a229dc4..b5769d4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -24,6 +24,7 @@
          -not -name \*.yaml                      \
          -not -name \*.lic                       \
          -not -name \*.py                        \
+         -not -name \*.conf                      \
          \(                                      \
           -name \*.sh -or                        \
           -wholename \*/de/\*                    \