Config Templates
Config Templates are reusable edge configuration blueprints that define the full desired state for an edge device. Instead of configuring each edge individually, you create a template once and apply it across multiple devices to enforce a consistent baseline.
Navigate to Admin > Config Templates to manage templates.
Template List
The template list displays all available templates for your organisation.
| Column | Description |
|---|---|
| Template Name | Display name and optional description. Click the name to open the template detail page. |
| Edge Model | The hardware model this template targets (e.g., VSR1000). |
| Default | Indicates whether this template is automatically applied to newly provisioned edges. |
| Type | System templates are built-in and read-only. Custom templates are user-created and fully editable. |
| Actions | Duplicate, edit, or delete the template. |
Creating a Template
Click Create Template to open a blank template editor. System templates cannot be edited, but any template — including system ones — can be duplicated to create an editable copy.
Duplicating a Template
Click the copy icon on any row to create a duplicate. The new template is named <original name> (Copy) and immediately appears in the list. Renaming and editing can be done from the detail page.
Deleting a Template
Click the delete icon and confirm the prompt. System templates cannot be deleted. Deletion is permanent and cannot be undone.
Deleting a template does not reconfigure edges that previously had the template applied. Edges retain their last-pushed configuration.
Template Detail
The template detail page is divided into named configuration sections. Each section maps to a specific subsystem on the edge device.
Physical Interfaces
Configures the raw hardware ports on the edge (G0–G6 for VSR1000).
| Field | Description |
|---|---|
| Port Name | Hardware port identifier (e.g., G0, G1). |
| Enabled | Toggle to include or exclude this port in the configuration push. |
| Port Type | Ethernet interface type code. |
| MTU | Maximum transmission unit in bytes (default 1500). |
| Description | Free-text label for the port. |
Logical Interfaces
Defines virtual interfaces (VLANs, sub-interfaces) layered on top of physical ports.
| Field | Description |
|---|---|
| Logical Name | Interface identifier used within VPP (e.g., G0.100). |
| Role | WAN, LAN, or custom role label. |
| Type | Interface type (dot1q for VLAN sub-interfaces). |
| Port ID | Parent physical port. |
| VLAN ID | 802.1Q VLAN tag (required for VLAN sub-interfaces). |
| DHCP Client | When enabled, the interface requests an IP address via DHCP rather than using a static assignment. |
| IPv4 / Gateway | Static IP address and default gateway (used when DHCP is disabled). |
| MTU / MSS | Layer 3 MTU and TCP MSS clamping value. |
| VRF | VRF table assignment for multi-tenant routing isolation. |
Static Routes
Defines static IPv4 routes to be installed in the VPP FIB.
| Field | Description |
|---|---|
| Destination | Target network in CIDR notation. |
| Next Hop | Forwarding next-hop IP address. |
| Next Hop Port | Egress interface for the route. |
| Metric / Distance | Route preference values. |
| Enabled | Toggle to include or suppress this route. |
NAT Rules (SNAT / DNAT)
Configures source and destination NAT mappings applied by the VPP NAT44-EI engine.
- SNAT — outbound masquerade rules mapping internal IPs to an external address or interface.
- DNAT — inbound port-forwarding rules mapping external IP/port combinations to internal hosts.
WireGuard (wg0 / wg1)
| Section | Purpose |
|---|---|
| wg0 | IoT/backbone mesh backbone interface. Configures listen port, tunnel address, and MTU. |
| wg1 | App VPN server interface. Supports wireguard or ikev2 tunnel protocol. |
SSH Tunnel
Enables or disables the SSH reverse tunnel that allows the orchestrator to reach the edge via the SSH bastion without requiring inbound firewall rules.
IPFIX / Flowprobe
Controls the IPFIX flow export configuration pushed to the edge agent.
| Field | Description |
|---|---|
| Enabled | Activates flow export on all monitored interfaces. |
| Collector Address / Port | IPFIX collector endpoint (typically the Loki/VictoriaMetrics pipeline). |
| Template Interval | How often (seconds) IPFIX template records are re-sent. |
| Active / Passive Timer | Flow export timers controlling record granularity. |
| Record L2 / L3 / L4 | Toggle which protocol layers are included in exported flow records. |
DHCP Pools
Defines DHCP server pools served by the edge for downstream LAN clients.
| Field | Description |
|---|---|
| Name | Pool identifier. |
| Interface | LAN interface on which the pool is active. |
| Start / End IP | Address range allocated to clients. |
| Gateway / DNS | Options delivered to DHCP clients. |
| Lease Time | Lease duration in seconds. |
Applying a Template to an Edge
Templates are applied to edges from the edge detail page, not from this page directly.
- Navigate to the target edge (Edges > select edge > Config tab).
- Select a template from the Apply Template dropdown.
- Review the diff summary and click Confirm.
- The orchestrator serialises the template into a batch configuration message and publishes it to the edge MQTT topic.
- The edge agent reconciles the received batch against its current state and applies only the changed sections.
Template application is additive — sections not covered by the template (e.g., active WireGuard peers) are preserved on the edge.
Mark a template as Default to have it pre-selected when provisioning new edges. This speeds up the onboarding workflow for sites with a standard configuration.
Permissions
| Action | Required Role |
|---|---|
| View templates | Viewer |
| Create / duplicate | Admin |
| Edit custom templates | Admin |
| Delete custom templates | Admin |
| Edit or delete system templates | Not permitted |