diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/sflow-settings-missing-inband-mgmt-interface.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/sflow-settings-missing-inband-mgmt-interface.yml
new file mode 100644
index 00000000000..7c86a6c0326
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/sflow-settings-missing-inband-mgmt-interface.yml
@@ -0,0 +1,21 @@
+type: l2leaf
+l2leaf:
+ nodes:
+ - name: sflow-settings-missing-inband-mgmt-interface
+ id: 1
+ mgmt_ip: 192.168.0.2/24
+
+sflow_settings:
+ destinations:
+ - destination: 10.10.10.10
+ vrf: use_inband_mgmt_vrf
+
+servers:
+ - name: test
+ adapters:
+ - switches: [sflow-settings-missing-inband-mgmt-interface]
+ switch_ports: [Ethernet1]
+ sflow: true
+
+expected_error_message: >-
+ Unable to configure sFlow source-interface with 'use_inband_mgmt_vrf' since 'inband_mgmt_interface' is not set.
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/sflow-settings-missing-mgmt-ip.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/sflow-settings-missing-mgmt-ip.yml
new file mode 100644
index 00000000000..9a5e819655b
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/sflow-settings-missing-mgmt-ip.yml
@@ -0,0 +1,20 @@
+type: l2leaf
+l2leaf:
+ nodes:
+ - name: sflow-settings-missing-mgmt-ip
+ id: 1
+
+sflow_settings:
+ destinations:
+ - destination: 10.10.10.10
+ vrf: use_mgmt_interface_vrf
+
+servers:
+ - name: test
+ adapters:
+ - switches: [sflow-settings-missing-mgmt-ip]
+ switch_ports: [Ethernet1]
+ sflow: true
+
+expected_error_message: >-
+ Unable to configure sFlow source-interface with 'use_mgmt_interface_vrf' since 'mgmt_ip' or 'ipv6_mgmt_ip' are not set.
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml
index c0d273326f9..a6e4fe188f0 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml
@@ -107,6 +107,8 @@ all:
source-interfaces-tacacs-missing-inband-mgmt-interface:
source-interfaces-tacacs-missing-mgmt-ip:
ul-filter-evpn-default-vrf-services:
+ sflow-settings-missing-inband-mgmt-interface:
+ sflow-settings-missing-mgmt-ip:
children:
duplicate-ip-address-router-bgp:
hosts:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-l2-leaf1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-l2-leaf1.cfg
index 0dce1c3ee16..d63a8b5ea67 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-l2-leaf1.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-l2-leaf1.cfg
@@ -8,19 +8,29 @@ service routing protocols model multi-agent
!
hostname sflow-tests-l2-leaf1
!
+sflow vrf MGMT destination 10.10.10.12
+sflow vrf MGMT source-interface Management1
+sflow destination 10.10.10.10
+sflow destination 10.10.10.11
+sflow source-interface Vlan4092
+sflow run
+!
no enable password
no aaa root
!
vlan 11
name VLAN11
!
+vlan 4092
+ name INBAND_MGMT
+!
vrf instance MGMT
!
interface Port-Channel1
description SFLOW-TESTS-LEAF-MLAG_Po16
no shutdown
switchport
- switchport trunk allowed vlan 11
+ switchport trunk allowed vlan 11,4092
switchport mode trunk
sflow enable
!
@@ -39,9 +49,16 @@ interface Management1
no shutdown
vrf MGMT
ip address 192.168.0.201/24
+!
+interface Vlan4092
+ description Inband Management
+ no shutdown
+ mtu 1500
+ ip address 10.254.254.4/24
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 192.168.0.1
+ip route 0.0.0.0/0 10.254.254.1
!
management api http-commands
protocol https
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-l2-leaf2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-l2-leaf2.cfg
index a7c20aabfda..cf94e9f258a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-l2-leaf2.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-l2-leaf2.cfg
@@ -8,19 +8,29 @@ service routing protocols model multi-agent
!
hostname sflow-tests-l2-leaf2
!
+sflow vrf MGMT destination 10.10.10.12
+sflow vrf MGMT source-interface Management1
+sflow destination 10.10.10.10
+sflow destination 10.10.10.11
+sflow source-interface Vlan4092
+sflow run
+!
no enable password
no aaa root
!
vlan 11
name VLAN11
!
+vlan 4092
+ name INBAND_MGMT
+!
vrf instance MGMT
!
interface Port-Channel1
description SFLOW-TESTS-LEAF-MLAG_Po17
no shutdown
switchport
- switchport trunk allowed vlan 11
+ switchport trunk allowed vlan 11,4092
switchport mode trunk
sflow enable
!
@@ -39,9 +49,16 @@ interface Management1
no shutdown
vrf MGMT
ip address 192.168.0.202/24
+!
+interface Vlan4092
+ description Inband Management
+ no shutdown
+ mtu 1500
+ ip address 10.254.254.5/24
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 192.168.0.1
+ip route 0.0.0.0/0 10.254.254.1
!
management api http-commands
protocol https
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf1.cfg
index 196dfee538c..1cccb62da71 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf1.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf1.cfg
@@ -8,6 +8,13 @@ service routing protocols model multi-agent
!
hostname sflow-tests-leaf1
!
+sflow vrf MGMT destination 10.10.10.10
+sflow vrf MGMT destination 10.10.10.11
+sflow vrf MGMT source-interface Management1
+sflow vrf sflowvrf destination 10.10.10.12 1234
+sflow vrf sflowvrf source-interface Loopback321
+sflow run
+!
spanning-tree mode mstp
spanning-tree mst 0 priority 4096
!
@@ -90,6 +97,8 @@ interface Vxlan1
vxlan vlan 11 vni 10011
vxlan vrf VRF1 vni 1
!
+ip virtual-router mac-address 00:11:22:33:44:55
+!
ip routing
no ip routing vrf MGMT
ip routing vrf VRF1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf2.cfg
index e3470840b65..1fe949bc757 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf2.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf2.cfg
@@ -8,6 +8,13 @@ service routing protocols model multi-agent
!
hostname sflow-tests-leaf2
!
+sflow vrf MGMT destination 10.10.10.10
+sflow vrf MGMT destination 10.10.10.11
+sflow vrf MGMT source-interface Management1
+sflow vrf sflowvrf destination 10.10.10.12 1234
+sflow vrf sflowvrf source-interface Loopback321
+sflow run
+!
spanning-tree mode mstp
spanning-tree mst 0 priority 4096
!
@@ -66,6 +73,8 @@ interface Vxlan1
vxlan vlan 11 vni 10011
vxlan vrf VRF1 vni 1
!
+ip virtual-router mac-address 00:11:22:33:44:55
+!
ip routing
no ip routing vrf MGMT
ip routing vrf VRF1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf3.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf3.cfg
index d39582ba5a7..b4501780568 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf3.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf3.cfg
@@ -8,6 +8,13 @@ service routing protocols model multi-agent
!
hostname sflow-tests-leaf3
!
+sflow vrf MGMT destination 10.10.10.10
+sflow vrf MGMT destination 10.10.10.11
+sflow vrf MGMT source-interface Management1
+sflow vrf sflowvrf destination 10.10.10.12 1234
+sflow vrf sflowvrf source-interface Loopback321
+sflow run
+!
spanning-tree mode mstp
no spanning-tree vlan-id 4093-4094
spanning-tree mst 0 priority 4096
@@ -22,6 +29,9 @@ vlan 3000
name MLAG_iBGP_VRF1
trunk group LEAF_PEER_L3
!
+vlan 4092
+ name INBAND_MGMT
+!
vlan 4093
name LEAF_PEER_L3
trunk group LEAF_PEER_L3
@@ -67,7 +77,7 @@ interface Port-Channel16
description SFLOW-TESTS-L2-LEAF1_Po1
no shutdown
switchport
- switchport trunk allowed vlan 11
+ switchport trunk allowed vlan 11,4092
switchport mode trunk
mlag 16
sflow enable
@@ -76,7 +86,7 @@ interface Port-Channel17
description SFLOW-TESTS-L2-LEAF2_Po1
no shutdown
switchport
- switchport trunk allowed vlan 11
+ switchport trunk allowed vlan 11,4092
switchport mode trunk
mlag 17
sflow enable
@@ -155,6 +165,14 @@ interface Vlan3000
vrf VRF1
ip address 10.254.1.104/31
!
+interface Vlan4092
+ description Inband Management
+ no shutdown
+ mtu 1500
+ ip address 10.254.254.2/24
+ ip attached-host route export 19
+ ip virtual-router address 10.254.254.1
+!
interface Vlan4093
description MLAG_PEER_L3_PEERING
no shutdown
@@ -176,10 +194,15 @@ interface Vxlan1
vxlan vlan 11 vni 10011
vxlan vrf VRF1 vni 1
!
+ip virtual-router mac-address 00:11:22:33:44:55
+!
ip routing
no ip routing vrf MGMT
ip routing vrf VRF1
!
+ip prefix-list PL-L2LEAF-INBAND-MGMT
+ seq 10 permit 10.254.254.0/24
+!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 10.254.1.0/27 eq 32
seq 20 permit 10.254.11.0/27 eq 32
@@ -197,6 +220,9 @@ ip route vrf MGMT 0.0.0.0/0 192.168.0.1
route-map RM-CONN-2-BGP permit 10
match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
!
+route-map RM-CONN-2-BGP permit 20
+ match ip address prefix-list PL-L2LEAF-INBAND-MGMT
+!
route-map RM-MLAG-PEER-IN permit 10
description Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing
set origin incomplete
@@ -235,6 +261,7 @@ router bgp 65105
neighbor 10.255.0.1 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.1 remote-as 65200
neighbor 10.255.0.1 description sflow-tests-spine1
+ redistribute attached-host
redistribute connected route-map RM-CONN-2-BGP
!
vlan 11
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf4.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf4.cfg
index 53e52687235..e0b90f85d99 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf4.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-leaf4.cfg
@@ -8,6 +8,13 @@ service routing protocols model multi-agent
!
hostname sflow-tests-leaf4
!
+sflow vrf MGMT destination 10.10.10.10
+sflow vrf MGMT destination 10.10.10.11
+sflow vrf MGMT source-interface Management1
+sflow vrf sflowvrf destination 10.10.10.12 1234
+sflow vrf sflowvrf source-interface Loopback321
+sflow run
+!
spanning-tree mode mstp
no spanning-tree vlan-id 4093-4094
spanning-tree mst 0 priority 4096
@@ -22,6 +29,9 @@ vlan 3000
name MLAG_iBGP_VRF1
trunk group LEAF_PEER_L3
!
+vlan 4092
+ name INBAND_MGMT
+!
vlan 4093
name LEAF_PEER_L3
trunk group LEAF_PEER_L3
@@ -67,7 +77,7 @@ interface Port-Channel16
description SFLOW-TESTS-L2-LEAF1_Po1
no shutdown
switchport
- switchport trunk allowed vlan 11
+ switchport trunk allowed vlan 11,4092
switchport mode trunk
mlag 16
sflow enable
@@ -76,7 +86,7 @@ interface Port-Channel17
description SFLOW-TESTS-L2-LEAF2_Po1
no shutdown
switchport
- switchport trunk allowed vlan 11
+ switchport trunk allowed vlan 11,4092
switchport mode trunk
mlag 17
sflow enable
@@ -155,6 +165,14 @@ interface Vlan3000
vrf VRF1
ip address 10.254.1.105/31
!
+interface Vlan4092
+ description Inband Management
+ no shutdown
+ mtu 1500
+ ip address 10.254.254.3/24
+ ip attached-host route export 19
+ ip virtual-router address 10.254.254.1
+!
interface Vlan4093
description MLAG_PEER_L3_PEERING
no shutdown
@@ -176,10 +194,15 @@ interface Vxlan1
vxlan vlan 11 vni 10011
vxlan vrf VRF1 vni 1
!
+ip virtual-router mac-address 00:11:22:33:44:55
+!
ip routing
no ip routing vrf MGMT
ip routing vrf VRF1
!
+ip prefix-list PL-L2LEAF-INBAND-MGMT
+ seq 10 permit 10.254.254.0/24
+!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 10.254.1.0/27 eq 32
seq 20 permit 10.254.11.0/27 eq 32
@@ -197,6 +220,9 @@ ip route vrf MGMT 0.0.0.0/0 192.168.0.1
route-map RM-CONN-2-BGP permit 10
match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
!
+route-map RM-CONN-2-BGP permit 20
+ match ip address prefix-list PL-L2LEAF-INBAND-MGMT
+!
route-map RM-MLAG-PEER-IN permit 10
description Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing
set origin incomplete
@@ -235,6 +261,7 @@ router bgp 65105
neighbor 10.255.0.1 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.1 remote-as 65200
neighbor 10.255.0.1 description sflow-tests-spine1
+ redistribute attached-host
redistribute connected route-map RM-CONN-2-BGP
!
vlan 11
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-spine1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-spine1.cfg
index 315808a0bef..848571b9a5a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-spine1.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-spine1.cfg
@@ -8,6 +8,13 @@ service routing protocols model multi-agent
!
hostname sflow-tests-spine1
!
+sflow vrf MGMT destination 10.10.10.10
+sflow vrf MGMT destination 10.10.10.11
+sflow vrf MGMT source-interface Management1
+sflow vrf sflowvrf destination 10.10.10.12 1234
+sflow vrf sflowvrf source-interface Loopback321
+sflow run
+!
spanning-tree mode none
!
no enable password
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-spine2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-spine2.cfg
index e3bd798134a..dc79d3d1caa 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-spine2.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/sflow-tests-spine2.cfg
@@ -8,6 +8,13 @@ service routing protocols model multi-agent
!
hostname sflow-tests-spine2
!
+sflow vrf MGMT destination 10.10.10.10
+sflow vrf MGMT destination 10.10.10.11
+sflow vrf MGMT source-interface Management1
+sflow vrf sflowvrf destination 10.10.10.12 1234
+sflow vrf sflowvrf source-interface Loopback321
+sflow run
+!
spanning-tree mode none
!
no enable password
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf1.yml
index ab4a0fa6044..061fc6c4b57 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf1.yml
@@ -4,6 +4,8 @@ static_routes:
- vrf: MGMT
destination_address_prefix: 0.0.0.0/0
gateway: 192.168.0.1
+- destination_address_prefix: 0.0.0.0/0
+ gateway: 10.254.254.1
service_routing_protocols_model: multi-agent
vlan_internal_order:
allocation: ascending
@@ -54,12 +56,33 @@ port_channel_interfaces:
mode: trunk
sflow:
enable: true
- vlans: '11'
+ vlans: 11,4092
vlans:
- id: 11
name: VLAN11
tenant: SFLOW
+- id: 4092
+ tenant: system
+ name: INBAND_MGMT
ip_igmp_snooping:
globally_enabled: true
+vlan_interfaces:
+- name: Vlan4092
+ description: Inband Management
+ shutdown: false
+ mtu: 1500
+ ip_address: 10.254.254.4/24
+ type: inband_mgmt
+sflow:
+ run: true
+ destinations:
+ - destination: 10.10.10.10
+ - destination: 10.10.10.11
+ source_interface: Vlan4092
+ vrfs:
+ - name: MGMT
+ destinations:
+ - destination: 10.10.10.12
+ source_interface: Management1
metadata:
platform: vEOS-lab
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf2.yml
index 0c7a722ac6d..b3601ed19d5 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf2.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf2.yml
@@ -4,6 +4,8 @@ static_routes:
- vrf: MGMT
destination_address_prefix: 0.0.0.0/0
gateway: 192.168.0.1
+- destination_address_prefix: 0.0.0.0/0
+ gateway: 10.254.254.1
service_routing_protocols_model: multi-agent
vlan_internal_order:
allocation: ascending
@@ -54,12 +56,33 @@ port_channel_interfaces:
mode: trunk
sflow:
enable: true
- vlans: '11'
+ vlans: 11,4092
vlans:
- id: 11
name: VLAN11
tenant: SFLOW
+- id: 4092
+ tenant: system
+ name: INBAND_MGMT
ip_igmp_snooping:
globally_enabled: true
+vlan_interfaces:
+- name: Vlan4092
+ description: Inband Management
+ shutdown: false
+ mtu: 1500
+ ip_address: 10.254.254.5/24
+ type: inband_mgmt
+sflow:
+ run: true
+ destinations:
+ - destination: 10.10.10.10
+ - destination: 10.10.10.11
+ source_interface: Vlan4092
+ vrfs:
+ - name: MGMT
+ destinations:
+ - destination: 10.10.10.12
+ source_interface: Management1
metadata:
platform: vEOS-lab
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf1.yml
index e5fb144cfd4..6c0d75fe3bc 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf1.yml
@@ -198,6 +198,7 @@ vlans:
tenant: SFLOW
ip_igmp_snooping:
globally_enabled: true
+ip_virtual_router_mac_address: 00:11:22:33:44:55
vlan_interfaces:
- name: Vlan11
tenant: SFLOW
@@ -217,5 +218,18 @@ vxlan_interface:
vrfs:
- name: VRF1
vni: 1
+sflow:
+ run: true
+ vrfs:
+ - name: MGMT
+ destinations:
+ - destination: 10.10.10.10
+ - destination: 10.10.10.11
+ source_interface: Management1
+ - name: sflowvrf
+ destinations:
+ - destination: 10.10.10.12
+ port: 1234
+ source_interface: Loopback321
metadata:
platform: vEOS-lab
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf2.yml
index c0b67351e8f..db866f25f31 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf2.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf2.yml
@@ -165,6 +165,7 @@ vlans:
tenant: SFLOW
ip_igmp_snooping:
globally_enabled: true
+ip_virtual_router_mac_address: 00:11:22:33:44:55
vlan_interfaces:
- name: Vlan11
tenant: SFLOW
@@ -184,5 +185,18 @@ vxlan_interface:
vrfs:
- name: VRF1
vni: 1
+sflow:
+ run: true
+ vrfs:
+ - name: MGMT
+ destinations:
+ - destination: 10.10.10.10
+ - destination: 10.10.10.11
+ source_interface: Management1
+ - name: sflowvrf
+ destinations:
+ - destination: 10.10.10.12
+ port: 1234
+ source_interface: Loopback321
metadata:
platform: vEOS-lab
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf3.yml
index 7df0ed5196c..a54c29e2a1c 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf3.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf3.yml
@@ -60,6 +60,7 @@ router_bgp:
redistribute_routes:
- source_protocol: connected
route_map: RM-CONN-2-BGP
+ - source_protocol: attached-host
address_family_evpn:
peer_groups:
- name: EVPN-OVERLAY-PEERS
@@ -145,6 +146,9 @@ vlans:
trunk_groups:
- LEAF_PEER_L3
tenant: SFLOW
+- id: 4092
+ tenant: system
+ name: INBAND_MGMT
vlan_interfaces:
- name: Vlan4093
description: MLAG_PEER_L3_PEERING
@@ -170,6 +174,16 @@ vlan_interfaces:
vrf: VRF1
mtu: 9214
ip_address: 10.254.1.104/31
+- name: Vlan4092
+ description: Inband Management
+ shutdown: false
+ mtu: 1500
+ ip_attached_host_route_export:
+ enabled: true
+ distance: 19
+ ip_address: 10.254.254.2/24
+ ip_virtual_router_addresses:
+ - 10.254.254.1
port_channel_interfaces:
- name: Port-Channel11
description: port-channel-interface-true
@@ -191,7 +205,7 @@ port_channel_interfaces:
mode: trunk
sflow:
enable: true
- vlans: '11'
+ vlans: 11,4092
mlag: 16
- name: Port-Channel17
description: SFLOW-TESTS-L2-LEAF2_Po1
@@ -200,7 +214,7 @@ port_channel_interfaces:
mode: trunk
sflow:
enable: true
- vlans: '11'
+ vlans: 11,4092
mlag: 17
- name: Port-Channel13
description: port-channel-interface-false
@@ -326,6 +340,10 @@ route_maps:
type: permit
match:
- ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ - sequence: 20
+ type: permit
+ match:
+ - ip address prefix-list PL-L2LEAF-INBAND-MGMT
loopback_interfaces:
- name: Loopback0
description: EVPN_Overlay_Peering
@@ -342,6 +360,10 @@ prefix_lists:
action: permit 10.254.1.0/27 eq 32
- sequence: 20
action: permit 10.254.11.0/27 eq 32
+- name: PL-L2LEAF-INBAND-MGMT
+ sequence_numbers:
+ - sequence: 10
+ action: permit 10.254.254.0/24
router_bfd:
multihop:
interval: 300
@@ -349,6 +371,7 @@ router_bfd:
multiplier: 3
ip_igmp_snooping:
globally_enabled: true
+ip_virtual_router_mac_address: 00:11:22:33:44:55
vxlan_interface:
Vxlan1:
description: sflow-tests-leaf3_VTEP
@@ -362,5 +385,18 @@ vxlan_interface:
vrfs:
- name: VRF1
vni: 1
+sflow:
+ run: true
+ vrfs:
+ - name: MGMT
+ destinations:
+ - destination: 10.10.10.10
+ - destination: 10.10.10.11
+ source_interface: Management1
+ - name: sflowvrf
+ destinations:
+ - destination: 10.10.10.12
+ port: 1234
+ source_interface: Loopback321
metadata:
platform: vEOS-lab
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf4.yml
index 2c1f8e533c7..895742939dc 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf4.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf4.yml
@@ -60,6 +60,7 @@ router_bgp:
redistribute_routes:
- source_protocol: connected
route_map: RM-CONN-2-BGP
+ - source_protocol: attached-host
address_family_evpn:
peer_groups:
- name: EVPN-OVERLAY-PEERS
@@ -145,6 +146,9 @@ vlans:
trunk_groups:
- LEAF_PEER_L3
tenant: SFLOW
+- id: 4092
+ tenant: system
+ name: INBAND_MGMT
vlan_interfaces:
- name: Vlan4093
description: MLAG_PEER_L3_PEERING
@@ -170,6 +174,16 @@ vlan_interfaces:
vrf: VRF1
mtu: 9214
ip_address: 10.254.1.105/31
+- name: Vlan4092
+ description: Inband Management
+ shutdown: false
+ mtu: 1500
+ ip_attached_host_route_export:
+ enabled: true
+ distance: 19
+ ip_address: 10.254.254.3/24
+ ip_virtual_router_addresses:
+ - 10.254.254.1
port_channel_interfaces:
- name: Port-Channel11
description: port-channel-interface-true
@@ -191,7 +205,7 @@ port_channel_interfaces:
mode: trunk
sflow:
enable: true
- vlans: '11'
+ vlans: 11,4092
mlag: 16
- name: Port-Channel17
description: SFLOW-TESTS-L2-LEAF2_Po1
@@ -200,7 +214,7 @@ port_channel_interfaces:
mode: trunk
sflow:
enable: true
- vlans: '11'
+ vlans: 11,4092
mlag: 17
- name: Port-Channel13
description: port-channel-interface-false
@@ -326,6 +340,10 @@ route_maps:
type: permit
match:
- ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ - sequence: 20
+ type: permit
+ match:
+ - ip address prefix-list PL-L2LEAF-INBAND-MGMT
loopback_interfaces:
- name: Loopback0
description: EVPN_Overlay_Peering
@@ -342,6 +360,10 @@ prefix_lists:
action: permit 10.254.1.0/27 eq 32
- sequence: 20
action: permit 10.254.11.0/27 eq 32
+- name: PL-L2LEAF-INBAND-MGMT
+ sequence_numbers:
+ - sequence: 10
+ action: permit 10.254.254.0/24
router_bfd:
multihop:
interval: 300
@@ -349,6 +371,7 @@ router_bfd:
multiplier: 3
ip_igmp_snooping:
globally_enabled: true
+ip_virtual_router_mac_address: 00:11:22:33:44:55
vxlan_interface:
Vxlan1:
description: sflow-tests-leaf4_VTEP
@@ -362,5 +385,18 @@ vxlan_interface:
vrfs:
- name: VRF1
vni: 1
+sflow:
+ run: true
+ vrfs:
+ - name: MGMT
+ destinations:
+ - destination: 10.10.10.10
+ - destination: 10.10.10.11
+ source_interface: Management1
+ - name: sflowvrf
+ destinations:
+ - destination: 10.10.10.12
+ port: 1234
+ source_interface: Loopback321
metadata:
platform: vEOS-lab
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine1.yml
index cfcfcb7993a..61b6762f7b8 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine1.yml
@@ -297,5 +297,18 @@ router_bfd:
interval: 300
min_rx: 300
multiplier: 3
+sflow:
+ run: true
+ vrfs:
+ - name: MGMT
+ destinations:
+ - destination: 10.10.10.10
+ - destination: 10.10.10.11
+ source_interface: Management1
+ - name: sflowvrf
+ destinations:
+ - destination: 10.10.10.12
+ port: 1234
+ source_interface: Loopback321
metadata:
platform: vEOS-LAB
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine2.yml
index 45a9d643be1..1ab554b78ca 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine2.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine2.yml
@@ -148,5 +148,18 @@ ethernet_interfaces:
mtu: 9214
sflow:
enable: true
+sflow:
+ run: true
+ vrfs:
+ - name: MGMT
+ destinations:
+ - destination: 10.10.10.10
+ - destination: 10.10.10.11
+ source_interface: Management1
+ - name: sflowvrf
+ destinations:
+ - destination: 10.10.10.12
+ port: 1234
+ source_interface: Loopback321
metadata:
platform: vEOS-LAB
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS.yml
index 7fc32fed52a..64fdc7199bf 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS.yml
@@ -5,6 +5,20 @@ fabric_name: SFLOW_TESTS
mgmt_gateway: 192.168.0.1
+default_mgmt_method: oob
+
+sflow_settings:
+ destinations:
+ - destination: 10.10.10.10
+ vrf: use_mgmt_interface_vrf
+ - destination: 10.10.10.11
+ - destination: 10.10.10.12
+ vrf: sflowvrf
+ port: 1234
+ vrfs:
+ - name: sflowvrf
+ source_interface: Loopback321
+
fabric_sflow:
uplinks: true
downlinks: true
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS_L2_LEAFS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS_L2_LEAFS.yml
index 6d762848376..e3e7be9f472 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS_L2_LEAFS.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS_L2_LEAFS.yml
@@ -1,11 +1,22 @@
---
type: l2leaf
+default_mgmt_method: inband
+
+sflow_settings:
+ destinations:
+ - destination: 10.10.10.10
+ vrf: use_inband_mgmt_vrf
+ - destination: 10.10.10.11
+ - destination: 10.10.10.12
+ vrf: use_mgmt_interface_vrf
+
l2leaf:
defaults:
platform: vEOS-lab
uplink_interfaces: ['Ethernet1', 'Ethernet2']
uplink_switches: ['sflow-tests-leaf3', 'sflow-tests-leaf4']
+ inband_mgmt_subnet: "10.254.254.0/24"
nodes:
- name: sflow-tests-l2-leaf1
@@ -15,7 +26,6 @@ l2leaf:
- Ethernet16
- Ethernet16
-
- name: sflow-tests-l2-leaf2
id: 2
mgmt_ip: 192.168.0.202/24
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS_LEAFS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS_LEAFS.yml
index c6c706d7911..4c71707983d 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS_LEAFS.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/SFLOW_TESTS_LEAFS.yml
@@ -14,7 +14,7 @@ l3leaf:
mlag_peer_l3_ipv4_pool: 10.254.1.96/27
spanning_tree_priority: 4096
spanning_tree_mode: mstp
-
+ virtual_router_mac_address: 00:11:22:33:44:55
nodes:
- name: sflow-tests-leaf1
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/input-variables.md b/ansible_collections/arista/avd/roles/eos_designs/docs/input-variables.md
index c0e1c7145f1..486806289e0 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/input-variables.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/input-variables.md
@@ -712,6 +712,12 @@ roles/eos_designs/docs/tables/management-settings.md
roles/eos_designs/docs/tables/management-source-interfaces-settings.md
--8<--
+### sFlow settings
+
+--8<--
+roles/eos_designs/docs/tables/management-sflow-settings.md
+--8<--
+
### SNMP settings
--8<--
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-sflow-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-sflow-settings.md
new file mode 100644
index 00000000000..3d10ecdfbab
--- /dev/null
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-sflow-settings.md
@@ -0,0 +1,80 @@
+
+=== "Table"
+
+ | Variable | Type | Required | Default | Value Restrictions | Description |
+ | -------- | ---- | -------- | ------- | ------------------ | ----------- |
+ | [fabric_sflow](## "fabric_sflow") | Dictionary | | | | Default enabling of sFlow for various interface types across the fabric.
sFlow can also be enabled/disabled under each of the specific data models.
For general sFlow settings see `sflow_settings`. |
+ | [ uplinks](## "fabric_sflow.uplinks") | Boolean | | | | Enable sFlow on all fabric uplinks. |
+ | [ downlinks](## "fabric_sflow.downlinks") | Boolean | | | | Enable sFlow on all fabric downlinks. |
+ | [ endpoints](## "fabric_sflow.endpoints") | Boolean | | | | Enable sFlow on all endpoints ports. |
+ | [ l3_edge](## "fabric_sflow.l3_edge") | Boolean | | | | Enable sFlow on all p2p_links defined under l3_edge. |
+ | [ core_interfaces](## "fabric_sflow.core_interfaces") | Boolean | | | | Enable sFlow on all p2p_links defined under core_interfaces. |
+ | [ mlag_interfaces](## "fabric_sflow.mlag_interfaces") | Boolean | | | | Enable sFlow on all MLAG peer interfaces. |
+ | [sflow_settings](## "sflow_settings") | Dictionary | | | | sFlow settings.
The sFlow process will only be configured if any interface is enabled for sFlow.
For default enabling of sFlow for various interface types across the fabric see `fabric_sflow`. |
+ | [ destinations](## "sflow_settings.destinations") | List, items: Dictionary | | | | |
+ | [ - destination](## "sflow_settings.destinations.[].destination") | String | Required | | | sFlow destination name or IP address. |
+ | [ port](## "sflow_settings.destinations.[].port") | Integer | | | Min: 1
Max: 65535 | UDP Port number. The default port number for sFlow is 6343. |
+ | [ vrf](## "sflow_settings.destinations.[].vrf") | String | | | | If not set, the VRF is automatically picked up from the global setting `default_mgmt_method`.
The value of `vrf` will be interpreted according to these rules:
- `use_mgmt_interface_vrf` will configure the sFlow destination under the VRF set with `mgmt_interface_vrf` and set the `mgmt_interface` as sFlow source-interface.
An error will be raised if `mgmt_ip` or `ipv6_mgmt_ip` are not configured for the device.
- `use_inband_mgmt_vrf` will configure the sFlow destination under the VRF set with `inband_mgmt_vrf` and set the `inband_mgmt_interface` as sFlow source-interface.
An error will be raised if inband management is not configured for the device.
- Any other string will be used directly as the VRF name. Remember to set the `sflow_settings.vrfs[].source_interface` if needed. |
+ | [ vrfs](## "sflow_settings.vrfs") | List, items: Dictionary | | | | |
+ | [ - name](## "sflow_settings.vrfs.[].name") | String | Required, Unique | | | VRF name. |
+ | [ source_interface](## "sflow_settings.vrfs.[].source_interface") | String | | | | Source interface to use for sFlow destinations in this VRF.
If set for the VRFs defined by `mgmt_interface_vrf` or `inband_mgmt_vrf`, this setting will take precedence. |
+
+=== "YAML"
+
+ ```yaml
+ # Default enabling of sFlow for various interface types across the fabric.
+ # sFlow can also be enabled/disabled under each of the specific data models.
+ # For general sFlow settings see `sflow_settings`.
+ fabric_sflow:
+
+ # Enable sFlow on all fabric uplinks.
+ uplinks:
+
+ # Enable sFlow on all fabric downlinks.
+ downlinks:
+
+ # Enable sFlow on all endpoints ports.
+ endpoints:
+
+ # Enable sFlow on all p2p_links defined under l3_edge.
+ l3_edge:
+
+ # Enable sFlow on all p2p_links defined under core_interfaces.
+ core_interfaces:
+
+ # Enable sFlow on all MLAG peer interfaces.
+ mlag_interfaces:
+
+ # sFlow settings.
+ # The sFlow process will only be configured if any interface is enabled for sFlow.
+ # For default enabling of sFlow for various interface types across the fabric see `fabric_sflow`.
+ sflow_settings:
+ destinations:
+
+ # sFlow destination name or IP address.
+ - destination:
+
+ # UDP Port number. The default port number for sFlow is 6343.
+ port:
+
+ # If not set, the VRF is automatically picked up from the global setting `default_mgmt_method`.
+ # The value of `vrf` will be interpreted according to these rules:
+ # - `use_mgmt_interface_vrf` will configure the sFlow destination under the VRF set with `mgmt_interface_vrf` and set the `mgmt_interface` as sFlow source-interface.
+ # An error will be raised if `mgmt_ip` or `ipv6_mgmt_ip` are not configured for the device.
+ # - `use_inband_mgmt_vrf` will configure the sFlow destination under the VRF set with `inband_mgmt_vrf` and set the `inband_mgmt_interface` as sFlow source-interface.
+ # An error will be raised if inband management is not configured for the device.
+ # - Any other string will be used directly as the VRF name. Remember to set the `sflow_settings.vrfs[].source_interface` if needed.
+ vrf:
+ vrfs:
+
+ # VRF name.
+ - name:
+
+ # Source interface to use for sFlow destinations in this VRF.
+ # If set for the VRFs defined by `mgmt_interface_vrf` or `inband_mgmt_vrf`, this setting will take precedence.
+ source_interface:
+ ```
diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/base/snmp_server.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/base/snmp_server.py
index 1d2f6cc1489..6a6d64dc2d6 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/base/snmp_server.py
+++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/base/snmp_server.py
@@ -168,10 +168,10 @@ def _snmp_hosts(self, snmp_settings) -> list | None:
has_mgmt_ip = (self.shared_utils.mgmt_ip is not None) or (self.shared_utils.ipv6_mgmt_ip is not None)
for host in natural_sort(hosts, "host"):
- # Initialize a set with vrf defined under the host (Catching None value with or [])
vrfs = set()
if (vrf := host.pop("vrf", None)) is not None:
vrfs.add(vrf)
+
if (use_mgmt_interface_vrf := host.pop("use_mgmt_interface_vrf", False)) is True and has_mgmt_ip:
vrfs.add(self.shared_utils.mgmt_interface_vrf)
diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/flows/__init__.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/flows/__init__.py
new file mode 100644
index 00000000000..25ad0425934
--- /dev/null
+++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/flows/__init__.py
@@ -0,0 +1,6 @@
+# Copyright (c) 2023-2024 Arista Networks, Inc.
+# Use of this source code is governed by the Apache License 2.0
+# that can be found in the LICENSE file.
+from .avdstructuredconfig import AvdStructuredConfigFlows
+
+__all__ = ["AvdStructuredConfigFlows"]
diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/flows/avdstructuredconfig.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/flows/avdstructuredconfig.py
new file mode 100644
index 00000000000..1880b41b4f0
--- /dev/null
+++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/flows/avdstructuredconfig.py
@@ -0,0 +1,126 @@
+# Copyright (c) 2023-2024 Arista Networks, Inc.
+# Use of this source code is governed by the Apache License 2.0
+# that can be found in the LICENSE file.
+from __future__ import annotations
+
+from functools import cached_property
+
+from ansible_collections.arista.avd.plugins.filter.natural_sort import natural_sort
+from ansible_collections.arista.avd.plugins.plugin_utils.avdfacts import AvdFacts
+from ansible_collections.arista.avd.plugins.plugin_utils.errors import AristaAvdMissingVariableError
+from ansible_collections.arista.avd.plugins.plugin_utils.strip_empties import strip_null_from_data
+from ansible_collections.arista.avd.plugins.plugin_utils.utils import get, get_item
+
+
+class AvdStructuredConfigFlows(AvdFacts):
+ """
+ This class must be rendered after all other eos_designs modules since it relies on
+ detecting sflow from the interface structured config generated by the other modules.
+
+ The only exception is of course custom_structured_configuration which always comes last.
+ """
+
+ @cached_property
+ def sflow(self) -> dict | None:
+ """
+ Structured config for sFlow.
+
+ Only configure if any interface is enabled for sFlow.
+
+ Covers:
+ - sflow_settings
+ - source-interfaces based on source_interfaces.sflow
+ """
+ if not self._enable_sflow:
+ return None
+
+ destinations = get(self._hostvars, "sflow_settings.destinations")
+ if destinations is None:
+ # TODO:
+ # AVD5.0.0 raise an error if sflow is enabled on an interface but there are no destinations configured.
+ # This cannot be implemented today since it would be breaking for already released support for sflow on interfaces.
+ return None
+
+ sflow_settings_vrfs = get(self._hostvars, "sflow_settings.vrfs", default=[])
+
+ # At this point we have at least one interface with sFlow enabled
+ # and at least one destination.
+ sflow = {"run": True}
+
+ # Using a temporary dict for VRFs
+ sflow_vrfs = {}
+
+ for destination in natural_sort(destinations, "destination"):
+ vrf = get(destination, "vrf")
+ if vrf is None:
+ vrf = self.shared_utils.default_mgmt_protocol_vrf
+ source_interface = self.shared_utils.default_mgmt_protocol_interface
+
+ elif vrf == "use_mgmt_interface_vrf":
+ if (self.shared_utils.mgmt_ip is None) and (self.shared_utils.ipv6_mgmt_ip is None):
+ raise AristaAvdMissingVariableError(
+ "Unable to configure sFlow source-interface with 'use_mgmt_interface_vrf' since 'mgmt_ip' or 'ipv6_mgmt_ip' are not set."
+ )
+
+ vrf = self.shared_utils.mgmt_interface_vrf
+ source_interface = get(get_item(sflow_settings_vrfs, "name", vrf, default={}), "source_interface", default=self.shared_utils.mgmt_interface)
+
+ elif vrf == "use_inband_mgmt_vrf":
+ # Check for missing interface
+ if self.shared_utils.inband_mgmt_interface is None:
+ raise AristaAvdMissingVariableError(
+ "Unable to configure sFlow source-interface with 'use_inband_mgmt_vrf' since 'inband_mgmt_interface' is not set."
+ )
+
+ # self.shared_utils.inband_mgmt_vrf returns None for the default VRF, but here we need "default" to avoid duplicates.
+ vrf = self.shared_utils.inband_mgmt_vrf or "default"
+ source_interface = get(
+ get_item(sflow_settings_vrfs, "name", vrf, default={}), "source_interface", default=self.shared_utils.inband_mgmt_interface
+ )
+
+ else:
+ # Default is none, meaning we will not configure a source interface for this VRF.
+ source_interface = get(get_item(sflow_settings_vrfs, "name", vrf, default={}), "source_interface")
+
+ if vrf in [None, "default"]:
+ # Add destination without VRF field
+ sflow.setdefault("destinations", []).append(
+ {
+ "destination": destination.get("destination"),
+ "port": destination.get("port"),
+ }
+ )
+ sflow["source_interface"] = source_interface
+
+ else:
+ # Add destination with VRF field.
+ sflow_vrfs.setdefault(vrf, {}).setdefault("destinations", []).append(
+ {
+ "destination": destination.get("destination"),
+ "port": destination.get("port"),
+ }
+ )
+ sflow_vrfs[vrf]["source_interface"] = source_interface
+
+ # convert sflow_vrfs dict into list and insert into sflow
+ if sflow_vrfs:
+ sflow["vrfs"] = [{"name": vrf_name, **vrf} for vrf_name, vrf in sflow_vrfs.items()]
+
+ return strip_null_from_data(sflow)
+
+ @cached_property
+ def _enable_sflow(self) -> bool:
+ """
+ Enable sFlow if any interface is enabled for sFlow.
+
+ This relies on sFlow being rendered after all other eos_designs modules (except structured config).
+ """
+ for interface in get(self._hostvars, "ethernet_interfaces", default=[]):
+ if get(interface, "sflow.enable") is True:
+ return True
+
+ for interface in get(self._hostvars, "port_channel_interfaces", default=[]):
+ if get(interface, "sflow.enable") is True:
+ return True
+
+ return False
diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/get_structured_config/get_structured_config.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/get_structured_config/get_structured_config.py
index ea742dbbc42..811d2353e68 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/get_structured_config/get_structured_config.py
+++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/get_structured_config/get_structured_config.py
@@ -15,6 +15,7 @@
from ..connected_endpoints import AvdStructuredConfigConnectedEndpoints
from ..core_interfaces_and_l3_edge import AvdStructuredConfigCoreInterfacesAndL3Edge
from ..custom_structured_configuration import AvdStructuredConfigCustomStructuredConfiguration
+from ..flows import AvdStructuredConfigFlows
from ..inband_management import AvdStructuredConfigInbandManagement
from ..metadata import AvdStructuredConfigMetadata
from ..mlag import AvdStructuredConfigMlag
@@ -31,8 +32,13 @@
AvdStructuredConfigNetworkServices,
AvdStructuredConfigConnectedEndpoints,
AvdStructuredConfigInbandManagement,
+ # The Flows module must be rendered after others contributing interfaces,
+ # since it parses those interfaces for sFlow or flow tracking (ipfix) config.
+ AvdStructuredConfigFlows,
# Metadata must be after anything else that can generate structured config, since CV tags can consume from structured config.
AvdStructuredConfigMetadata,
+ # The Custom Structured Configuration module must be rendered last,
+ # since it parses all supported object looking for `struct_cfg`.
AvdStructuredConfigCustomStructuredConfiguration,
]
"""
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json
index 90259f58254..cf654694ed8 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json
@@ -5033,6 +5033,47 @@
"type": "string",
"title": "Fabric Name"
},
+ "fabric_sflow": {
+ "type": "object",
+ "description": "Default enabling of sFlow for various interface types across the fabric.\nsFlow can also be enabled/disabled under each of the specific data models.\nFor general sFlow settings see `sflow_settings`.",
+ "properties": {
+ "uplinks": {
+ "description": "Enable sFlow on all fabric uplinks.",
+ "type": "boolean",
+ "title": "Uplinks"
+ },
+ "downlinks": {
+ "description": "Enable sFlow on all fabric downlinks.",
+ "type": "boolean",
+ "title": "Downlinks"
+ },
+ "endpoints": {
+ "description": "Enable sFlow on all endpoints ports.",
+ "type": "boolean",
+ "title": "Endpoints"
+ },
+ "l3_edge": {
+ "description": "Enable sFlow on all p2p_links defined under l3_edge.",
+ "type": "boolean",
+ "title": "L3 Edge"
+ },
+ "core_interfaces": {
+ "description": "Enable sFlow on all p2p_links defined under core_interfaces.",
+ "type": "boolean",
+ "title": "Core Interfaces"
+ },
+ "mlag_interfaces": {
+ "description": "Enable sFlow on all MLAG peer interfaces.",
+ "type": "boolean",
+ "title": "MLAG Interfaces"
+ }
+ },
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ },
+ "title": "Fabric Sflow"
+ },
"flow_tracking_settings": {
"description": "Define the flow tracking parameters for this topology.",
"type": "object",
@@ -20541,6 +20582,76 @@
"type": "string",
"title": "Serial Number"
},
+ "sflow_settings": {
+ "type": "object",
+ "description": "sFlow settings.\nThe sFlow process will only be configured if any interface is enabled for sFlow.\nFor default enabling of sFlow for various interface types across the fabric see `fabric_sflow`.",
+ "properties": {
+ "destinations": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "destination": {
+ "type": "string",
+ "description": "sFlow destination name or IP address.",
+ "title": "Destination"
+ },
+ "port": {
+ "type": "integer",
+ "description": "UDP Port number. The default port number for sFlow is 6343.",
+ "minimum": 1,
+ "maximum": 65535,
+ "title": "Port"
+ },
+ "vrf": {
+ "type": "string",
+ "description": "If not set, the VRF is automatically picked up from the global setting `default_mgmt_method`.\nThe value of `vrf` will be interpreted according to these rules:\n- `use_mgmt_interface_vrf` will configure the sFlow destination under the VRF set with `mgmt_interface_vrf` and set the `mgmt_interface` as sFlow source-interface.\n An error will be raised if `mgmt_ip` or `ipv6_mgmt_ip` are not configured for the device.\n- `use_inband_mgmt_vrf` will configure the sFlow destination under the VRF set with `inband_mgmt_vrf` and set the `inband_mgmt_interface` as sFlow source-interface.\n An error will be raised if inband management is not configured for the device.\n- Any other string will be used directly as the VRF name. Remember to set the `sflow_settings.vrfs[].source_interface` if needed.",
+ "title": "VRF"
+ }
+ },
+ "required": [
+ "destination"
+ ],
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ }
+ },
+ "title": "Destinations"
+ },
+ "vrfs": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "VRF name.",
+ "title": "Name"
+ },
+ "source_interface": {
+ "type": "string",
+ "description": "Source interface to use for sFlow destinations in this VRF.\nIf set for the VRFs defined by `mgmt_interface_vrf` or `inband_mgmt_vrf`, this setting will take precedence.",
+ "title": "Source Interface"
+ }
+ },
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ },
+ "required": [
+ "name"
+ ]
+ },
+ "title": "VRFs"
+ }
+ },
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ },
+ "title": "Sflow Settings"
+ },
"shutdown_interfaces_towards_undeployed_peers": {
"type": "boolean",
"default": false,
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
index 01579856efa..12f55477847 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
@@ -1198,6 +1198,35 @@ keys:
in the Fabric, **must** be an inventory group name.
type: str
required: true
+ fabric_sflow:
+ documentation_options:
+ table: management-sflow-settings
+ type: dict
+ description: 'Default enabling of sFlow for various interface types across the
+ fabric.
+
+ sFlow can also be enabled/disabled under each of the specific data models.
+
+ For general sFlow settings see `sflow_settings`.'
+ keys:
+ uplinks:
+ description: Enable sFlow on all fabric uplinks.
+ type: bool
+ downlinks:
+ description: Enable sFlow on all fabric downlinks.
+ type: bool
+ endpoints:
+ description: Enable sFlow on all endpoints ports.
+ type: bool
+ l3_edge:
+ description: Enable sFlow on all p2p_links defined under l3_edge.
+ type: bool
+ core_interfaces:
+ description: Enable sFlow on all p2p_links defined under core_interfaces.
+ type: bool
+ mlag_interfaces:
+ description: Enable sFlow on all MLAG peer interfaces.
+ type: bool
flow_tracking_settings:
description: Define the flow tracking parameters for this topology.
type: dict
@@ -2845,6 +2874,67 @@ keys:
type: str
convert_types:
- int
+ sflow_settings:
+ documentation_options:
+ table: management-sflow-settings
+ type: dict
+ description: 'sFlow settings.
+
+ The sFlow process will only be configured if any interface is enabled for sFlow.
+
+ For default enabling of sFlow for various interface types across the fabric
+ see `fabric_sflow`.'
+ keys:
+ destinations:
+ type: list
+ items:
+ type: dict
+ keys:
+ destination:
+ type: str
+ required: true
+ description: sFlow destination name or IP address.
+ port:
+ type: int
+ description: UDP Port number. The default port number for sFlow is 6343.
+ convert_types:
+ - str
+ min: 1
+ max: 65535
+ vrf:
+ type: str
+ description: "If not set, the VRF is automatically picked up from the
+ global setting `default_mgmt_method`.\nThe value of `vrf` will be
+ interpreted according to these rules:\n- `use_mgmt_interface_vrf`
+ will configure the sFlow destination under the VRF set with `mgmt_interface_vrf`
+ and set the `mgmt_interface` as sFlow source-interface.\n An error
+ will be raised if `mgmt_ip` or `ipv6_mgmt_ip` are not configured for
+ the device.\n- `use_inband_mgmt_vrf` will configure the sFlow destination
+ under the VRF set with `inband_mgmt_vrf` and set the `inband_mgmt_interface`
+ as sFlow source-interface.\n An error will be raised if inband management
+ is not configured for the device.\n- Any other string will be used
+ directly as the VRF name. Remember to set the `sflow_settings.vrfs[].source_interface`
+ if needed."
+ convert_types:
+ - int
+ vrfs:
+ type: list
+ primary_key: name
+ items:
+ type: dict
+ keys:
+ name:
+ type: str
+ convert_types:
+ - int
+ description: VRF name.
+ source_interface:
+ type: str
+ description: 'Source interface to use for sFlow destinations in this
+ VRF.
+
+ If set for the VRFs defined by `mgmt_interface_vrf` or `inband_mgmt_vrf`,
+ this setting will take precedence.'
shutdown_interfaces_towards_undeployed_peers:
documentation_options:
table: fabric-settings
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/fabric_sflow.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/fabric_sflow.schema.yml
similarity index 80%
rename from ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/fabric_sflow.yml
rename to ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/fabric_sflow.schema.yml
index 42f0bce8637..1ce60f489da 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/fabric_sflow.yml
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/fabric_sflow.schema.yml
@@ -8,9 +8,12 @@ type: dict
keys:
fabric_sflow:
documentation_options:
- table: fabric-settings
+ table: management-sflow-settings
type: dict
- description: Fabric-wide sFlow settings.
+ description: |-
+ Default enabling of sFlow for various interface types across the fabric.
+ sFlow can also be enabled/disabled under each of the specific data models.
+ For general sFlow settings see `sflow_settings`.
keys:
uplinks:
description: Enable sFlow on all fabric uplinks.
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/sflow_settings.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/sflow_settings.schema.yml
new file mode 100644
index 00000000000..bd66cc05cc2
--- /dev/null
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/sflow_settings.schema.yml
@@ -0,0 +1,61 @@
+# Copyright (c) 2023-2024 Arista Networks, Inc.
+# Use of this source code is governed by the Apache License 2.0
+# that can be found in the LICENSE file.
+# yaml-language-server: $schema=../../../../plugins/plugin_utils/schema/avd_meta_schema.json
+# Line above is used by RedHat's YAML Schema vscode extension
+# Use Ctrl + Space to get suggestions for every field. Autocomplete will pop up after typing 2 letters.
+type: dict
+keys:
+ sflow_settings:
+ documentation_options:
+ table: management-sflow-settings
+ type: dict
+ description: |-
+ sFlow settings.
+ The sFlow process will only be configured if any interface is enabled for sFlow.
+ For default enabling of sFlow for various interface types across the fabric see `fabric_sflow`.
+ keys:
+ destinations:
+ type: list
+ items:
+ type: dict
+ keys:
+ destination:
+ type: str
+ required: true
+ description: sFlow destination name or IP address.
+ port:
+ type: int
+ description: UDP Port number. The default port number for sFlow is 6343.
+ convert_types:
+ - str
+ min: 1
+ max: 65535
+ vrf:
+ type: str
+ description: |-
+ If not set, the VRF is automatically picked up from the global setting `default_mgmt_method`.
+ The value of `vrf` will be interpreted according to these rules:
+ - `use_mgmt_interface_vrf` will configure the sFlow destination under the VRF set with `mgmt_interface_vrf` and set the `mgmt_interface` as sFlow source-interface.
+ An error will be raised if `mgmt_ip` or `ipv6_mgmt_ip` are not configured for the device.
+ - `use_inband_mgmt_vrf` will configure the sFlow destination under the VRF set with `inband_mgmt_vrf` and set the `inband_mgmt_interface` as sFlow source-interface.
+ An error will be raised if inband management is not configured for the device.
+ - Any other string will be used directly as the VRF name. Remember to set the `sflow_settings.vrfs[].source_interface` if needed.
+ convert_types:
+ - int
+ vrfs:
+ type: list
+ primary_key: name
+ items:
+ type: dict
+ keys:
+ name:
+ type: str
+ convert_types:
+ - int
+ description: VRF name.
+ source_interface:
+ type: str
+ description: |-
+ Source interface to use for sFlow destinations in this VRF.
+ If set for the VRFs defined by `mgmt_interface_vrf` or `inband_mgmt_vrf`, this setting will take precedence.