diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg
index f8119cb248b..6158d0b6fea 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg
@@ -117,6 +117,8 @@ spanning-tree mode none
no enable password
no aaa root
!
+vrf instance ATTRACTED-VRF-FROM-UPLINK
+!
vrf instance IT
!
vrf instance MGMT
@@ -175,19 +177,27 @@ interface Ethernet52
flow tracker hardware WAN-FLOW-TRACKER
ip address 172.17.0.3/31
!
-interface Ethernet52.42
- description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.42_vrf_PROD
+interface Ethernet52.142
+ description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.142_vrf_PROD
no shutdown
mtu 9214
- encapsulation dot1q vlan 42
+ encapsulation dot1q vlan 142
vrf PROD
ip address 172.17.0.3/31
!
-interface Ethernet52.100
- description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.100_vrf_IT
+interface Ethernet52.666
+ description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ no shutdown
+ mtu 9214
+ encapsulation dot1q vlan 666
+ vrf ATTRACTED-VRF-FROM-UPLINK
+ ip address 172.17.0.3/31
+!
+interface Ethernet52.1000
+ description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.1000_vrf_IT
no shutdown
mtu 9214
- encapsulation dot1q vlan 100
+ encapsulation dot1q vlan 1000
vrf IT
ip address 172.17.0.3/31
!
@@ -200,6 +210,7 @@ interface Vxlan1
description cv-pathfinder-edge-no-common-path-group_VTEP
vxlan source-interface Dps1
vxlan udp-port 4789
+ vxlan vrf ATTRACTED-VRF-FROM-UPLINK vni 166
vxlan vrf default vni 1
vxlan vrf IT vni 100
vxlan vrf PROD vni 42
@@ -247,6 +258,7 @@ application traffic recognition
42
!
ip routing
+ip routing vrf ATTRACTED-VRF-FROM-UPLINK
ip routing vrf IT
no ip routing vrf MGMT
ip routing vrf PROD
@@ -329,6 +341,16 @@ router bgp 65000
bgp additional-paths send any
neighbor WAN-OVERLAY-PEERS activate
!
+ vrf ATTRACTED-VRF-FROM-UPLINK
+ rd 192.168.42.2:666
+ route-target import evpn 666:666
+ route-target export evpn 666:666
+ router-id 192.168.42.2
+ neighbor 172.17.0.2 remote-as 65000
+ neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS
+ neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ redistribute connected
+ !
vrf default
rd 192.168.42.2:1
route-target import evpn 1:1
@@ -336,23 +358,23 @@ router bgp 65000
route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
!
vrf IT
- rd 192.168.42.2:100
- route-target import evpn 100:100
- route-target export evpn 100:100
+ rd 192.168.42.2:1000
+ route-target import evpn 1000:1000
+ route-target export evpn 1000:1000
router-id 192.168.42.2
neighbor 172.17.0.2 remote-as 65199
neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS
- neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT
+ neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.1000_vrf_IT
redistribute connected
!
vrf PROD
- rd 192.168.42.2:42
- route-target import evpn 42:42
- route-target export evpn 42:42
+ rd 192.168.42.2:142
+ route-target import evpn 142:142
+ route-target export evpn 142:142
router-id 192.168.42.2
neighbor 172.17.0.2 remote-as 65199
neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS
- neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD
+ neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.142_vrf_PROD
redistribute connected
!
router traffic-engineering
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg
index d32f1c865bd..418dfd971af 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg
@@ -153,6 +153,8 @@ spanning-tree mode none
no enable password
no aaa root
!
+vrf instance ATTRACTED-VRF-FROM-UPLINK
+!
vrf instance IT
!
vrf instance MGMT
@@ -223,19 +225,27 @@ interface Ethernet52
flow tracker hardware WAN-FLOW-TRACKER
ip address 172.17.0.1/31
!
-interface Ethernet52.42
- description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.42_vrf_PROD
+interface Ethernet52.142
+ description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.142_vrf_PROD
no shutdown
mtu 9214
- encapsulation dot1q vlan 42
+ encapsulation dot1q vlan 142
vrf PROD
ip address 172.17.0.1/31
!
-interface Ethernet52.100
- description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.100_vrf_IT
+interface Ethernet52.666
+ description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ no shutdown
+ mtu 9214
+ encapsulation dot1q vlan 666
+ vrf ATTRACTED-VRF-FROM-UPLINK
+ ip address 172.17.0.1/31
+!
+interface Ethernet52.1000
+ description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.1000_vrf_IT
no shutdown
mtu 9214
- encapsulation dot1q vlan 100
+ encapsulation dot1q vlan 1000
vrf IT
ip address 172.17.0.1/31
!
@@ -248,6 +258,7 @@ interface Vxlan1
description cv-pathfinder-edge_VTEP
vxlan source-interface Dps1
vxlan udp-port 4789
+ vxlan vrf ATTRACTED-VRF-FROM-UPLINK vni 166
vxlan vrf default vni 1
vxlan vrf IT vni 100
vxlan vrf PROD vni 42
@@ -296,6 +307,7 @@ application traffic recognition
42
!
ip routing
+ip routing vrf ATTRACTED-VRF-FROM-UPLINK
ip routing vrf IT
no ip routing vrf MGMT
ip routing vrf PROD
@@ -393,6 +405,16 @@ router bgp 65000
bgp additional-paths send any
neighbor WAN-OVERLAY-PEERS activate
!
+ vrf ATTRACTED-VRF-FROM-UPLINK
+ rd 192.168.42.1:666
+ route-target import evpn 666:666
+ route-target export evpn 666:666
+ router-id 192.168.42.1
+ neighbor 172.17.0.0 remote-as 65000
+ neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS
+ neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ redistribute connected
+ !
vrf default
rd 192.168.42.1:1
route-target import evpn 1:1
@@ -400,23 +422,23 @@ router bgp 65000
route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
!
vrf IT
- rd 192.168.42.1:100
- route-target import evpn 100:100
- route-target export evpn 100:100
+ rd 192.168.42.1:1000
+ route-target import evpn 1000:1000
+ route-target export evpn 1000:1000
router-id 192.168.42.1
neighbor 172.17.0.0 remote-as 65199
neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS
- neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.100_vrf_IT
+ neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.1000_vrf_IT
redistribute connected
!
vrf PROD
- rd 192.168.42.1:42
- route-target import evpn 42:42
- route-target export evpn 42:42
+ rd 192.168.42.1:142
+ route-target import evpn 142:142
+ route-target export evpn 142:142
router-id 192.168.42.1
neighbor 172.17.0.0 remote-as 65199
neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS
- neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.42_vrf_PROD
+ neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.142_vrf_PROD
redistribute connected
!
router traffic-engineering
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg
index 34295a82050..db3d028a045 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg
@@ -193,6 +193,8 @@ vrf instance IT
!
vrf instance MGMT
!
+vrf instance NOT-WAN-VRF
+!
vrf instance PROD
!
vrf instance TRANSIT
@@ -343,6 +345,7 @@ application traffic recognition
ip routing
ip routing vrf IT
no ip routing vrf MGMT
+ip routing vrf NOT-WAN-VRF
ip routing vrf PROD
ip routing vrf TRANSIT
!
@@ -463,9 +466,9 @@ router bgp 65000
route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
!
vrf IT
- rd 192.168.43.1:100
- route-target import evpn 100:100
- route-target export evpn 100:100
+ rd 192.168.43.1:1000
+ route-target import evpn 1000:1000
+ route-target export evpn 1000:1000
router-id 192.168.43.1
neighbor 172.17.0.0 remote-as 65199
neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS
@@ -473,9 +476,9 @@ router bgp 65000
redistribute connected
!
vrf PROD
- rd 192.168.43.1:42
- route-target import evpn 42:42
- route-target export evpn 42:42
+ rd 192.168.43.1:142
+ route-target import evpn 142:142
+ route-target export evpn 142:142
router-id 192.168.43.1
neighbor 172.17.0.0 remote-as 65199
neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg
index 0a962cbfeda..99554be20f1 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg
@@ -17,6 +17,11 @@ vlan 100
vlan 101
name VLAN101
!
+vlan 666
+ name VLAN666
+!
+vrf instance ATTRACTED-VRF-FROM-UPLINK
+!
vrf instance IT
!
vrf instance MGMT
@@ -30,19 +35,27 @@ interface Ethernet1
no switchport
ip address 172.17.0.0/31
!
-interface Ethernet1.42
- description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.42_vrf_PROD
+interface Ethernet1.142
+ description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.142_vrf_PROD
no shutdown
mtu 9214
- encapsulation dot1q vlan 42
+ encapsulation dot1q vlan 142
vrf PROD
ip address 172.17.0.0/31
!
-interface Ethernet1.100
- description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.100_vrf_IT
+interface Ethernet1.666
+ description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ no shutdown
+ mtu 9214
+ encapsulation dot1q vlan 666
+ vrf ATTRACTED-VRF-FROM-UPLINK
+ ip address 172.17.0.0/31
+!
+interface Ethernet1.1000
+ description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.1000_vrf_IT
no shutdown
mtu 9214
- encapsulation dot1q vlan 100
+ encapsulation dot1q vlan 1000
vrf IT
ip address 172.17.0.0/31
!
@@ -53,19 +66,27 @@ interface Ethernet2
no switchport
ip address 172.17.0.2/31
!
-interface Ethernet2.42
- description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.42_vrf_PROD
+interface Ethernet2.142
+ description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.142_vrf_PROD
no shutdown
mtu 9214
- encapsulation dot1q vlan 42
+ encapsulation dot1q vlan 142
vrf PROD
ip address 172.17.0.2/31
!
-interface Ethernet2.100
- description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.100_vrf_IT
+interface Ethernet2.666
+ description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ no shutdown
+ mtu 9214
+ encapsulation dot1q vlan 666
+ vrf ATTRACTED-VRF-FROM-UPLINK
+ ip address 172.17.0.2/31
+!
+interface Ethernet2.1000
+ description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.1000_vrf_IT
no shutdown
mtu 9214
- encapsulation dot1q vlan 100
+ encapsulation dot1q vlan 1000
vrf IT
ip address 172.17.0.2/31
!
@@ -85,19 +106,29 @@ interface Vlan100
vrf PROD
ip address virtual 10.0.100.1/24
!
+interface Vlan666
+ description VLAN666
+ shutdown
+ vrf ATTRACTED-VRF-FROM-UPLINK
+ ip address 10.66.66.1
+ ip address virtual 10.66.66.66/24
+!
interface Vxlan1
description site-ha-disabled-leaf_VTEP
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 100 vni 1100
vxlan vlan 101 vni 1101
+ vxlan vlan 666 vni 1666
+ vxlan vrf ATTRACTED-VRF-FROM-UPLINK vni 666
vxlan vrf default vni 1
- vxlan vrf IT vni 100
- vxlan vrf PROD vni 42
+ vxlan vrf IT vni 1000
+ vxlan vrf PROD vni 142
!
ip virtual-router mac-address 00:1c:73:00:00:01
!
ip routing
+ip routing vrf ATTRACTED-VRF-FROM-UPLINK
ip routing vrf IT
no ip routing vrf MGMT
ip routing vrf PROD
@@ -144,6 +175,11 @@ router bgp 65199
route-target both 1101:1101
redistribute learned
!
+ vlan 666
+ rd 192.168.45.3:1666
+ route-target both 1666:1666
+ redistribute learned
+ !
address-family evpn
neighbor EVPN-OVERLAY-PEERS activate
!
@@ -151,35 +187,62 @@ router bgp 65199
no neighbor EVPN-OVERLAY-PEERS activate
neighbor IPv4-UNDERLAY-PEERS activate
!
+ vrf ATTRACTED-VRF-FROM-UPLINK
+ rd 192.168.45.3:666
+ route-target import evpn 666:666
+ route-target export evpn 666:666
+ router-id 192.168.45.3
+ neighbor 172.17.0.1 remote-as 65000
+ neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS
+ neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ neighbor 172.17.0.3 remote-as 65000
+ neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS
+ neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ redistribute connected
+ !
vrf default
rd 192.168.45.4:1
route-target import evpn 1:1
route-target export evpn 1:1
!
vrf IT
+<<<<<<< HEAD
rd 192.168.45.4:100
route-target import evpn 100:100
route-target export evpn 100:100
router-id 192.168.45.4
+=======
+ rd 192.168.45.3:1000
+ route-target import evpn 1000:1000
+ route-target export evpn 1000:1000
+ router-id 192.168.45.3
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF)
neighbor 172.17.0.1 remote-as 65000
neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS
- neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.100_vrf_IT
+ neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.1000_vrf_IT
neighbor 172.17.0.3 remote-as 65000
neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS
- neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.100_vrf_IT
+ neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.1000_vrf_IT
redistribute connected
!
vrf PROD
+<<<<<<< HEAD
rd 192.168.45.4:42
route-target import evpn 42:42
route-target export evpn 42:42
router-id 192.168.45.4
+=======
+ rd 192.168.45.3:142
+ route-target import evpn 142:142
+ route-target export evpn 142:142
+ router-id 192.168.45.3
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF)
neighbor 172.17.0.1 remote-as 65000
neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS
- neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.42_vrf_PROD
+ neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.142_vrf_PROD
neighbor 172.17.0.3 remote-as 65000
neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS
- neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.42_vrf_PROD
+ neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.142_vrf_PROD
redistribute connected
!
management api http-commands
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml
index c7723bd9586..0e335d14fe4 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml
@@ -47,18 +47,24 @@ router_bgp:
neighbors:
- ip_address: 172.17.0.2
peer_group: IPv4-UNDERLAY-PEERS
+<<<<<<< HEAD
remote_as: '65199'
description: site-ha-disabled-leaf_Ethernet2.100_vrf_IT
rd: 192.168.42.2:100
+=======
+ remote_as: '65000'
+ description: site-ha-disabled-leaf_Ethernet2.1000_vrf_IT
+ rd: 192.168.42.2:1000
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF)
route_targets:
import:
- address_family: evpn
route_targets:
- - 100:100
+ - 1000:1000
export:
- address_family: evpn
route_targets:
- - 100:100
+ - 1000:1000
redistribute_routes:
- source_protocol: connected
- name: PROD
@@ -66,18 +72,43 @@ router_bgp:
neighbors:
- ip_address: 172.17.0.2
peer_group: IPv4-UNDERLAY-PEERS
+<<<<<<< HEAD
remote_as: '65199'
description: site-ha-disabled-leaf_Ethernet2.42_vrf_PROD
rd: 192.168.42.2:42
+=======
+ remote_as: '65000'
+ description: site-ha-disabled-leaf_Ethernet2.142_vrf_PROD
+ rd: 192.168.42.2:142
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF)
route_targets:
import:
- address_family: evpn
route_targets:
- - '42:42'
+ - 142:142
export:
- address_family: evpn
route_targets:
- - '42:42'
+ - 142:142
+ redistribute_routes:
+ - source_protocol: connected
+ - name: ATTRACTED-VRF-FROM-UPLINK
+ router_id: 192.168.42.2
+ neighbors:
+ - ip_address: 172.17.0.2
+ peer_group: IPv4-UNDERLAY-PEERS
+ remote_as: '65000'
+ description: site-ha-disabled-leaf_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ rd: 192.168.42.2:666
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 666:666
+ export:
+ - address_family: evpn
+ route_targets:
+ - 666:666
redistribute_routes:
- source_protocol: connected
- name: default
@@ -132,6 +163,9 @@ vrfs:
- name: PROD
tenant: TenantA
ip_routing: true
+- name: ATTRACTED-VRF-FROM-UPLINK
+ tenant: TenantC
+ ip_routing: true
management_api_http:
enable_vrfs:
- name: MGMT
@@ -148,26 +182,37 @@ ethernet_interfaces:
ip_address: 172.17.0.3/31
flow_tracker:
hardware: WAN-FLOW-TRACKER
-- name: Ethernet52.100
+- name: Ethernet52.1000
peer: site-ha-disabled-leaf
- peer_interface: Ethernet2.100
+ peer_interface: Ethernet2.1000
peer_type: l3leaf
vrf: IT
- description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.100_vrf_IT
+ description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.1000_vrf_IT
shutdown: false
type: l3dot1q
- encapsulation_dot1q_vlan: 100
+ encapsulation_dot1q_vlan: 1000
mtu: 9214
ip_address: 172.17.0.3/31
-- name: Ethernet52.42
+- name: Ethernet52.142
peer: site-ha-disabled-leaf
- peer_interface: Ethernet2.42
+ peer_interface: Ethernet2.142
peer_type: l3leaf
vrf: PROD
- description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.42_vrf_PROD
+ description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.142_vrf_PROD
+ shutdown: false
+ type: l3dot1q
+ encapsulation_dot1q_vlan: 142
+ mtu: 9214
+ ip_address: 172.17.0.3/31
+- name: Ethernet52.666
+ peer: site-ha-disabled-leaf
+ peer_interface: Ethernet2.666
+ peer_type: l3leaf
+ vrf: ATTRACTED-VRF-FROM-UPLINK
+ description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK
shutdown: false
type: l3dot1q
- encapsulation_dot1q_vlan: 42
+ encapsulation_dot1q_vlan: 666
mtu: 9214
ip_address: 172.17.0.3/31
- name: Ethernet1
@@ -468,6 +513,8 @@ vxlan_interface:
vni: 100
- name: PROD
vni: 42
+ - name: ATTRACTED-VRF-FROM-UPLINK
+ vni: 166
metadata:
cv_tags:
device_tags:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml
index 1e0504342cb..d88debcb9c8 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml
@@ -57,18 +57,24 @@ router_bgp:
neighbors:
- ip_address: 172.17.0.0
peer_group: IPv4-UNDERLAY-PEERS
+<<<<<<< HEAD
remote_as: '65199'
description: site-ha-disabled-leaf_Ethernet1.100_vrf_IT
rd: 192.168.42.1:100
+=======
+ remote_as: '65000'
+ description: site-ha-disabled-leaf_Ethernet1.1000_vrf_IT
+ rd: 192.168.42.1:1000
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF)
route_targets:
import:
- address_family: evpn
route_targets:
- - 100:100
+ - 1000:1000
export:
- address_family: evpn
route_targets:
- - 100:100
+ - 1000:1000
redistribute_routes:
- source_protocol: connected
- name: PROD
@@ -76,18 +82,43 @@ router_bgp:
neighbors:
- ip_address: 172.17.0.0
peer_group: IPv4-UNDERLAY-PEERS
+<<<<<<< HEAD
remote_as: '65199'
description: site-ha-disabled-leaf_Ethernet1.42_vrf_PROD
rd: 192.168.42.1:42
+=======
+ remote_as: '65000'
+ description: site-ha-disabled-leaf_Ethernet1.142_vrf_PROD
+ rd: 192.168.42.1:142
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF)
route_targets:
import:
- address_family: evpn
route_targets:
- - '42:42'
+ - 142:142
export:
- address_family: evpn
route_targets:
- - '42:42'
+ - 142:142
+ redistribute_routes:
+ - source_protocol: connected
+ - name: ATTRACTED-VRF-FROM-UPLINK
+ router_id: 192.168.42.1
+ neighbors:
+ - ip_address: 172.17.0.0
+ peer_group: IPv4-UNDERLAY-PEERS
+ remote_as: '65000'
+ description: site-ha-disabled-leaf_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ rd: 192.168.42.1:666
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 666:666
+ export:
+ - address_family: evpn
+ route_targets:
+ - 666:666
redistribute_routes:
- source_protocol: connected
- name: default
@@ -142,6 +173,9 @@ vrfs:
- name: PROD
tenant: TenantA
ip_routing: true
+- name: ATTRACTED-VRF-FROM-UPLINK
+ tenant: TenantC
+ ip_routing: true
management_api_http:
enable_vrfs:
- name: MGMT
@@ -158,26 +192,37 @@ ethernet_interfaces:
ip_address: 172.17.0.1/31
flow_tracker:
hardware: WAN-FLOW-TRACKER
-- name: Ethernet52.100
+- name: Ethernet52.1000
peer: site-ha-disabled-leaf
- peer_interface: Ethernet1.100
+ peer_interface: Ethernet1.1000
peer_type: l3leaf
vrf: IT
- description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.100_vrf_IT
+ description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.1000_vrf_IT
shutdown: false
type: l3dot1q
- encapsulation_dot1q_vlan: 100
+ encapsulation_dot1q_vlan: 1000
mtu: 9214
ip_address: 172.17.0.1/31
-- name: Ethernet52.42
+- name: Ethernet52.142
peer: site-ha-disabled-leaf
- peer_interface: Ethernet1.42
+ peer_interface: Ethernet1.142
peer_type: l3leaf
vrf: PROD
- description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.42_vrf_PROD
+ description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.142_vrf_PROD
+ shutdown: false
+ type: l3dot1q
+ encapsulation_dot1q_vlan: 142
+ mtu: 9214
+ ip_address: 172.17.0.1/31
+- name: Ethernet52.666
+ peer: site-ha-disabled-leaf
+ peer_interface: Ethernet1.666
+ peer_type: l3leaf
+ vrf: ATTRACTED-VRF-FROM-UPLINK
+ description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK
shutdown: false
type: l3dot1q
- encapsulation_dot1q_vlan: 42
+ encapsulation_dot1q_vlan: 666
mtu: 9214
ip_address: 172.17.0.1/31
- name: Ethernet1
@@ -573,6 +618,8 @@ vxlan_interface:
vni: 100
- name: PROD
vni: 42
+ - name: ATTRACTED-VRF-FROM-UPLINK
+ vni: 166
metadata:
cv_tags:
device_tags:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
index 2b1aa9ce8d4..6ae24d73c62 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
@@ -559,7 +559,7 @@ metadata:
- name: MPLS
preference: alternate
- name: PROD
- vni: 42
+ vni: 142
avts:
- constraints:
jitter: 42
@@ -593,7 +593,7 @@ metadata:
- name: MPLS
preference: alternate
- name: IT
- vni: 100
+ vni: 1000
avts:
- id: 3
name: DEFAULT-AVT-POLICY-VIDEO
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
index fdf7a691b67..62c80cee7c1 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
@@ -548,7 +548,7 @@ metadata:
- name: MPLS
preference: alternate
- name: PROD
- vni: 42
+ vni: 142
avts:
- constraints:
jitter: 42
@@ -582,7 +582,7 @@ metadata:
- name: MPLS
preference: alternate
- name: IT
- vni: 100
+ vni: 1000
avts:
- id: 3
name: DEFAULT-AVT-POLICY-VIDEO
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
index 5423793e882..56ac5de0e5c 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
@@ -579,7 +579,7 @@ metadata:
- name: MPLS
preference: alternate
- name: PROD
- vni: 42
+ vni: 142
avts:
- constraints:
jitter: 42
@@ -613,7 +613,7 @@ metadata:
- name: MPLS
preference: alternate
- name: IT
- vni: 100
+ vni: 1000
avts:
- id: 3
name: DEFAULT-AVT-POLICY-VIDEO
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml
index 59f19216a25..a1c21c338be 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml
@@ -143,6 +143,69 @@ router_bgp:
receive: true
send:
any: true
+<<<<<<< HEAD:ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml
+=======
+ neighbors:
+ - ip_address: 192.168.144.1
+ peer_group: WAN-OVERLAY-PEERS
+ peer: cv-pathfinder-pathfinder
+ description: cv-pathfinder-pathfinder
+ vrfs:
+ - name: default
+ rd: 192.168.43.1:1
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - '1:1'
+ export:
+ - address_family: evpn
+ route_targets:
+ - '1:1'
+ - route-map RM-EVPN-EXPORT-VRF-DEFAULT
+ - name: IT
+ router_id: 192.168.43.1
+ rd: 192.168.43.1:1000
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 1000:1000
+ export:
+ - address_family: evpn
+ route_targets:
+ - 1000:1000
+ redistribute_routes:
+ - source_protocol: connected
+ - name: PROD
+ router_id: 192.168.43.1
+ rd: 192.168.43.1:142
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 142:142
+ export:
+ - address_family: evpn
+ route_targets:
+ - 142:142
+ redistribute_routes:
+ - source_protocol: connected
+ - name: TRANSIT
+ router_id: 192.168.43.1
+ rd: 192.168.43.1:66
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 66:66
+ export:
+ - address_family: evpn
+ route_targets:
+ - 66:66
+ redistribute_routes:
+ - source_protocol: connected
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF):ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml
service_routing_protocols_model: multi-agent
ip_routing: true
transceiver_qsfp_default_mode_4x10: false
@@ -157,6 +220,9 @@ vrfs:
- name: PROD
tenant: TenantA
ip_routing: true
+- name: NOT-WAN-VRF
+ tenant: TenantB
+ ip_routing: true
- name: TRANSIT
tenant: TenantB
ip_routing: true
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml
index 7982092661c..e396481e781 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml
@@ -50,21 +50,26 @@ router_bgp:
- ip_address: 172.17.0.1
peer_group: IPv4-UNDERLAY-PEERS
remote_as: '65000'
- description: cv-pathfinder-edge_Ethernet52.100_vrf_IT
+ description: cv-pathfinder-edge_Ethernet52.1000_vrf_IT
- ip_address: 172.17.0.3
peer_group: IPv4-UNDERLAY-PEERS
remote_as: '65000'
+<<<<<<< HEAD
description: cv-pathfinder-edge-no-common-path-group_Ethernet52.100_vrf_IT
rd: 192.168.45.4:100
+=======
+ description: cv-pathfinder-edge-no-common-path-group_Ethernet52.1000_vrf_IT
+ rd: 192.168.45.3:1000
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF)
route_targets:
import:
- address_family: evpn
route_targets:
- - 100:100
+ - 1000:1000
export:
- address_family: evpn
route_targets:
- - 100:100
+ - 1000:1000
redistribute_routes:
- source_protocol: connected
- name: PROD
@@ -73,21 +78,49 @@ router_bgp:
- ip_address: 172.17.0.1
peer_group: IPv4-UNDERLAY-PEERS
remote_as: '65000'
- description: cv-pathfinder-edge_Ethernet52.42_vrf_PROD
+ description: cv-pathfinder-edge_Ethernet52.142_vrf_PROD
- ip_address: 172.17.0.3
peer_group: IPv4-UNDERLAY-PEERS
remote_as: '65000'
+<<<<<<< HEAD
description: cv-pathfinder-edge-no-common-path-group_Ethernet52.42_vrf_PROD
rd: 192.168.45.4:42
+=======
+ description: cv-pathfinder-edge-no-common-path-group_Ethernet52.142_vrf_PROD
+ rd: 192.168.45.3:142
+>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF)
route_targets:
import:
- address_family: evpn
route_targets:
- - '42:42'
+ - 142:142
export:
- address_family: evpn
route_targets:
- - '42:42'
+ - 142:142
+ redistribute_routes:
+ - source_protocol: connected
+ - name: ATTRACTED-VRF-FROM-UPLINK
+ router_id: 192.168.45.3
+ neighbors:
+ - ip_address: 172.17.0.1
+ peer_group: IPv4-UNDERLAY-PEERS
+ remote_as: '65000'
+ description: cv-pathfinder-edge_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ - ip_address: 172.17.0.3
+ peer_group: IPv4-UNDERLAY-PEERS
+ remote_as: '65000'
+ description: cv-pathfinder-edge-no-common-path-group_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ rd: 192.168.45.3:666
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 666:666
+ export:
+ - address_family: evpn
+ route_targets:
+ - 666:666
redistribute_routes:
- source_protocol: connected
- name: default
@@ -122,6 +155,14 @@ router_bgp:
- 1101:1101
redistribute_routes:
- learned
+ - id: 666
+ tenant: TenantC
+ rd: 192.168.45.3:1666
+ route_targets:
+ both:
+ - 1666:1666
+ redistribute_routes:
+ - learned
service_routing_protocols_model: multi-agent
ip_routing: true
vlan_internal_order:
@@ -138,6 +179,9 @@ vrfs:
- name: PROD
tenant: TenantA
ip_routing: true
+- name: ATTRACTED-VRF-FROM-UPLINK
+ tenant: TenantC
+ ip_routing: true
management_api_http:
enable_vrfs:
- name: MGMT
@@ -152,26 +196,37 @@ ethernet_interfaces:
mtu: 9214
type: routed
ip_address: 172.17.0.0/31
-- name: Ethernet1.100
+- name: Ethernet1.1000
peer: cv-pathfinder-edge
- peer_interface: Ethernet52.100
+ peer_interface: Ethernet52.1000
peer_type: wan_edge
vrf: IT
- description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.100_vrf_IT
+ description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.1000_vrf_IT
shutdown: false
type: l3dot1q
- encapsulation_dot1q_vlan: 100
+ encapsulation_dot1q_vlan: 1000
mtu: 9214
ip_address: 172.17.0.0/31
-- name: Ethernet1.42
+- name: Ethernet1.142
peer: cv-pathfinder-edge
- peer_interface: Ethernet52.42
+ peer_interface: Ethernet52.142
peer_type: wan_edge
vrf: PROD
- description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.42_vrf_PROD
+ description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.142_vrf_PROD
shutdown: false
type: l3dot1q
- encapsulation_dot1q_vlan: 42
+ encapsulation_dot1q_vlan: 142
+ mtu: 9214
+ ip_address: 172.17.0.0/31
+- name: Ethernet1.666
+ peer: cv-pathfinder-edge
+ peer_interface: Ethernet52.666
+ peer_type: wan_edge
+ vrf: ATTRACTED-VRF-FROM-UPLINK
+ description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK
+ shutdown: false
+ type: l3dot1q
+ encapsulation_dot1q_vlan: 666
mtu: 9214
ip_address: 172.17.0.0/31
- name: Ethernet2
@@ -183,26 +238,37 @@ ethernet_interfaces:
mtu: 9214
type: routed
ip_address: 172.17.0.2/31
-- name: Ethernet2.100
+- name: Ethernet2.1000
peer: cv-pathfinder-edge-no-common-path-group
- peer_interface: Ethernet52.100
+ peer_interface: Ethernet52.1000
peer_type: wan_edge
vrf: IT
- description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.100_vrf_IT
+ description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.1000_vrf_IT
shutdown: false
type: l3dot1q
- encapsulation_dot1q_vlan: 100
+ encapsulation_dot1q_vlan: 1000
mtu: 9214
ip_address: 172.17.0.2/31
-- name: Ethernet2.42
+- name: Ethernet2.142
peer: cv-pathfinder-edge-no-common-path-group
- peer_interface: Ethernet52.42
+ peer_interface: Ethernet52.142
peer_type: wan_edge
vrf: PROD
- description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.42_vrf_PROD
+ description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.142_vrf_PROD
+ shutdown: false
+ type: l3dot1q
+ encapsulation_dot1q_vlan: 142
+ mtu: 9214
+ ip_address: 172.17.0.2/31
+- name: Ethernet2.666
+ peer: cv-pathfinder-edge-no-common-path-group
+ peer_interface: Ethernet52.666
+ peer_type: wan_edge
+ vrf: ATTRACTED-VRF-FROM-UPLINK
+ description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK
shutdown: false
type: l3dot1q
- encapsulation_dot1q_vlan: 42
+ encapsulation_dot1q_vlan: 666
mtu: 9214
ip_address: 172.17.0.2/31
loopback_interfaces:
@@ -240,6 +306,9 @@ vlans:
- id: 101
name: VLAN101
tenant: TenantA
+- id: 666
+ name: VLAN666
+ tenant: TenantC
ip_igmp_snooping:
globally_enabled: true
ip_virtual_router_mac_address: 00:1c:73:00:00:01
@@ -250,6 +319,13 @@ vlan_interfaces:
shutdown: true
ip_address_virtual: 10.0.100.1/24
vrf: PROD
+- name: Vlan666
+ tenant: TenantC
+ description: VLAN666
+ shutdown: true
+ ip_address: 10.66.66.1
+ ip_address_virtual: 10.66.66.66/24
+ vrf: ATTRACTED-VRF-FROM-UPLINK
vxlan_interface:
Vxlan1:
description: site-ha-disabled-leaf_VTEP
@@ -261,10 +337,14 @@ vxlan_interface:
vni: 1100
- id: 101
vni: 1101
+ - id: 666
+ vni: 1666
vrfs:
- name: default
vni: 1
- name: IT
- vni: 100
+ vni: 1000
- name: PROD
- vni: 42
+ vni: 142
+ - name: ATTRACTED-VRF-FROM-UPLINK
+ vni: 666
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml
index c119f807637..6f07482fdf4 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml
@@ -100,14 +100,18 @@ tenants:
vrfs:
- name: default
vrf_id: 1
+ # Testing VRF default without wan_vni set to check it is inserted and
+ # does not explode
- name: PROD
vrf_id: 42
+ wan_vni: 42
svis:
- id: 100
name: VLAN100
ip_address_virtual: 10.0.100.1/24
- name: IT
vrf_id: 100
+ wan_vni: 100
l2vlans:
- id: 101
name: VLAN101
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
index d95f90ea84a..0bfff5c5bff 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
@@ -282,18 +282,23 @@ tenants:
vrfs:
- name: default
vrf_id: 1
+ wan_vni: 1
+ # Checking static route on VRF default is redistributed in a route-map
static_routes:
- destination_address_prefix: 66.66.66.0/24
gateway: 172.17.0.0
nodes: [cv-pathfinder-edge]
- name: PROD
- vrf_id: 42
+ # Showing that wan_vni and vrf_id can be different. `vrf_id` influences the subinterface id.
+ vrf_id: 142
+ wan_vni: 42
svis:
- id: 100
name: VLAN100
ip_address_virtual: 10.0.100.1/24
- name: IT
- vrf_id: 100
+ vrf_id: 1000
+ wan_vni: 100
l2vlans:
- id: 101
name: VLAN101
@@ -301,8 +306,28 @@ tenants:
vrfs:
- name: default
vrf_id: 1
+ wan_vni: 1
- name: TRANSIT
vrf_id: 66
+ wan_vni: 66
+ # Test that a VRF with address_families: [] on a WAN router is not configured on Vxlan1 interface nor BGP
+ - name: NOT-WAN-VRF
+ vrf_id: 13
+ address_families: []
+ - name: TenantC
+ mac_vrf_vni_base: 1000
+ vrfs:
+ # Test adding a VRF on an uplink switch and seeing it configured on the WAN routers
+ - name: ATTRACTED-VRF-FROM-UPLINK
+ vrf_id: 666
+ wan_vni: 166
+ svis:
+ - id: 666
+ name: VLAN666
+ ip_address_virtual: 10.66.66.66/24
+ nodes:
+ - node: site-ha-disabled-leaf
+ ip_address: 10.66.66.1
wan_virtual_topologies:
vrfs:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml
index 820e1f4fb0e..11cd0abc476 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml
@@ -73,8 +73,10 @@ tenants:
vrf_id: 1
- name: PROD
vrf_id: 42
+ wan_vni: 42
- name: IT
vrf_id: 100
+ wan_vni: 100
# empty
wan_virtual_topologies: null
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge-no-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge-no-default-policy.yml
index aa9db2cb24e..e687bf965ec 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge-no-default-policy.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge-no-default-policy.yml
@@ -116,7 +116,9 @@ tenants:
vrf_id: 1
- name: PROD
vrf_id: 42
+ wan_vni: 42
- name: IT
vrf_id: 100
+ wan_vni: 100
wan_virtual_topologies: null
diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py
index 684fa81d8e4..cbc0f88edf6 100644
--- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py
+++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py
@@ -6,6 +6,8 @@
from functools import cached_property
from typing import TYPE_CHECKING
+from ansible_collections.arista.avd.plugins.filter.natural_sort import natural_sort
+
if TYPE_CHECKING:
from .eos_designs_facts import EosDesignsFacts
@@ -30,3 +32,31 @@ def wan_path_groups(self: EosDesignsFacts) -> list | None:
return None
return self.shared_utils.wan_local_path_groups
+
+ @cached_property
+ def wan_router_uplink_vrfs(self: EosDesignsFacts) -> list[str] | None:
+ """
+ Exposed in avd_switch_facts
+
+ Return the list of VRF names present on uplink switches.
+ These VRFs will be attracted (configured) on WAN "clients" (edge/transit) unless filtered.
+
+ Note that if the attracted VRFs do not have 'wan_vni' set, the code for interface Vxlan1 will raise an error.
+ """
+ if not self.shared_utils.is_wan_client or self.shared_utils.uplink_type != "p2p-vrfs":
+ return None
+
+ # Partially recreating logic from 'uplinks', but since this fact is used to build 'filtered_tenants',
+ # which in turn is used to build 'uplinks', we cannot reuse 'uplinks' (recursion)
+
+ # Since uplinks logic silently skips extra entries in uplink vars, we only need to parse shortest list.
+ min_length = min(len(self._uplink_switch_interfaces), len(self._uplink_interfaces), len(self.shared_utils.uplink_switches))
+ # Using set to only get unique uplink switches
+ unique_uplink_switches = set(self.shared_utils.uplink_switches[:min_length])
+
+ vrfs = set()
+ for uplink_switch in unique_uplink_switches:
+ uplink_switch_facts = self.shared_utils.get_peer_facts(uplink_switch)
+ vrfs.update(uplink_switch_facts.shared_utils.vrfs)
+
+ return natural_sort(vrfs) or None
diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py
index e43ed3cc695..d709425a811 100644
--- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py
+++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py
@@ -57,6 +57,7 @@ def filtered_tenants(self: SharedUtils) -> list[dict]:
"vrfs": [
{
"name": "default",
+ "wan_vni": 1,
"vrf_id": 1,
"svis": [],
"l3_interfaces": [],
@@ -81,6 +82,10 @@ def filtered_tenants(self: SharedUtils) -> list[dict]:
raise AristaAvdError(
"WAN configuration requires EVPN to be enabled for VRF 'default'. Got 'address_families: {vrf_default['address_families']}."
)
+ # Injecting `wan_vni` on WAN routers if it is missing to make sure that VRF default is always included
+ # on the WAN.
+ if vrf_default.get("wan_vni") is None:
+ vrf_default["wan_vni"] = 1
break
return natural_sort(filtered_tenants, "name")
@@ -157,16 +162,32 @@ def accepted_vlans(self: SharedUtils) -> list[int]:
return accepted_vlans
+ def is_forced_vrf(self: SharedUtils, vrf: dict) -> bool:
+ """
+ Returns True if the given VRF name should be configured even without any loopbacks or SVIs etc.
+
+ There can be various causes for this:
+ - The VRF is part of a tenant set under 'always_include_vrfs_in_tenants'
+ - 'always_include_vrfs_in_tenants' is set to ['all']
+ - This is a WAN router and the VRF present on the uplink switch.
+ Note that if the attracted VRF does not have a wan_vni configured, the code for interface Vxlan1 will raise an error.
+ """
+ if "all" in self.always_include_vrfs_in_tenants or vrf["tenant"] in self.always_include_vrfs_in_tenants:
+ return True
+
+ if self.is_wan_client and vrf["name"] in (self.get_switch_fact("wan_router_uplink_vrfs", required=False) or []):
+ return True
+
+ return False
+
def filtered_vrfs(self: SharedUtils, tenant: dict) -> list[dict]:
"""
Return sorted and filtered vrf list from given tenant.
- Filtering based on svi tags, l3interfaces and filter.always_include_vrfs_in_tenants.
+ Filtering based on svi tags, l3interfaces, loopbacks or self.is_forced_vrf() check.
Keys of VRF data model will be converted to lists.
"""
filtered_vrfs = []
- always_include_vrfs_in_tenants = get(self.switch_data_combined, "filter.always_include_vrfs_in_tenants", default=[])
-
vrfs: list[dict] = natural_sort(convert_dicts(tenant.get("vrfs", []), "name"), "name")
for original_vrf in vrfs:
# Copying original_vrf and setting "tenant" for use by child objects like SVIs
@@ -237,13 +258,7 @@ def filtered_vrfs(self: SharedUtils, tenant: dict) -> list[dict]:
)
]
- if (
- vrf["svis"]
- or vrf["l3_interfaces"]
- or vrf["loopbacks"]
- or "all" in always_include_vrfs_in_tenants
- or tenant["name"] in always_include_vrfs_in_tenants
- ):
+ if vrf["svis"] or vrf["l3_interfaces"] or vrf["loopbacks"] or self.is_forced_vrf(vrf):
filtered_vrfs.append(vrf)
return filtered_vrfs
diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py
index 12d50ba3dd5..1d56fc77dda 100644
--- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py
+++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py
@@ -71,6 +71,10 @@ def filter_tags(self: SharedUtils) -> list:
def filter_tenants(self: SharedUtils) -> list:
return get(self.switch_data_combined, "filter.tenants", default=["all"])
+ @cached_property
+ def always_include_vrfs_in_tenants(self: SharedUtils) -> list:
+ return get(self.switch_data_combined, "filter.always_include_vrfs_in_tenants", default=[])
+
@cached_property
def igmp_snooping_enabled(self: SharedUtils) -> bool:
default_igmp_snooping_enabled = get(self.hostvars, "default_igmp_snooping_enabled", default=True)
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-settings.md
index a7fc699e0b9..1e33a32bbb1 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-settings.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-settings.md
@@ -17,6 +17,7 @@
| [ - <str>](## ".[].vrfs.[].address_families.[]") | String | | | Valid Values:
- evpn
- vpn-ipv4
- vpn-ipv6 | |
| [ description](## ".[].vrfs.[].description") | String | | | | VRF description. |
| [ vrf_vni](## ".[].vrfs.[].vrf_vni") | Integer | | | Min: 1
Max: 16777215 | Required if "vrf_id" is not set.
The VRF VNI range is not limited, but if vrf_id is not set, "vrf_vni" is used for calculating MLAG iBGP peering vlan id.
"vrf_vni" may also be used for VRF RD/RT ID. See "overlay_rd_type" and "overlay_rt_type" for details.
See "mlag_ibgp_peering_vrfs.base_vlan" for details.
If vrf_vni > 10000 make sure to adjust "mac_vrf_vni_base" accordingly to avoid overlap.
|
+ | [ wan_vni](## ".[].vrfs.[].wan_vni") | Integer | | | Min: 1
Max: 255 | Required for VRFs carried over AutoVPN or CV Pathfinder WAN.
A VRF can have a different VNI in the Datacenters and in the WAN.
Note that if no VRF default is configured for WAN, AVD will automatically inject the VRF default with
`wan_vni` set to `1`.
In addition either `vrf_id` or `vrf_vni` must be set to enforce consistant route-targets across domains.
|
| [ vrf_id](## ".[].vrfs.[].vrf_id") | Integer | | | | Required if "vrf_vni" is not set.
"vrf_id" is used as default value for "vrf_vni" and "ospf.process_id" unless those are set.
"vrf_id" may also be used for VRF RD/RT ID. See "overlay_rd_type" and "overlay_rt_type" for details.
"vrf_id" is preferred over "vrf_vni" for MLAG iBGP peering vlan, see "mlag_ibgp_peering_vrfs.base_vlan" for details.
|
| [ rd_override](## ".[].vrfs.[].rd_override") | String | | | | By default, the VRF RD will be derived from the pattern defined in `overlay_rd_type`.
The rd_override allows us to override this value and statically define it.
rd_override supports two formats:
- A single number will be used in the RD assigned number subfield (second part of the RD).
- A full RD string with colon seperator which will override the full RD.
|
| [ rt_override](## ".[].vrfs.[].rt_override") | String | | | | By default, the VRF RT will be derived from the pattern defined in `overlay_rt_type`.
The rt_override allows us to override this value and statically define it.
rt_override supports two formats:
- A single number will be used in the RT assigned number subfield (second part of the RT).
- A full RT string with colon seperator which will override the full RT.
|
@@ -115,6 +116,14 @@
# If vrf_vni > 10000 make sure to adjust "mac_vrf_vni_base" accordingly to avoid overlap.
vrf_vni:
+ # Required for VRFs carried over AutoVPN or CV Pathfinder WAN.
+
+ # A VRF can have a different VNI in the Datacenters and in the WAN.
+ # Note that if no VRF default is configured for WAN, AVD will automatically inject the VRF default with
+ # `wan_vni` set to `1`.
+ # In addition either `vrf_id` or `vrf_vni` must be set to enforce consistant route-targets across domains.
+ wan_vni:
+
# Required if "vrf_vni" is not set.
# "vrf_id" is used as default value for "vrf_vni" and "ospf.process_id" unless those are set.
# "vrf_id" may also be used for VRF RD/RT ID. See "overlay_rd_type" and "overlay_rt_type" for details.
diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py
index 6a8134cb798..3cfab23e4bc 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py
+++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py
@@ -6,6 +6,7 @@
import ipaddress
from functools import cached_property
+from ansible_collections.arista.avd.plugins.filter.natural_sort import natural_sort
from ansible_collections.arista.avd.plugins.plugin_utils.eos_designs_shared_utils import SharedUtils
from ansible_collections.arista.avd.plugins.plugin_utils.errors import AristaAvdError, AristaAvdMissingVariableError
from ansible_collections.arista.avd.plugins.plugin_utils.utils import append_if_not_duplicate, default, get, get_item
@@ -120,7 +121,7 @@ def _vrf_default_ipv4_static_routes(self) -> dict:
redistribute_in_overlay = False
return {
- "static_routes": list(vrf_default_ipv4_static_routes),
+ "static_routes": natural_sort(vrf_default_ipv4_static_routes),
"redistribute_in_underlay": redistribute_in_underlay,
"redistribute_in_overlay": redistribute_in_overlay,
}
diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py
index 42e40136987..5e142ac4cec 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py
+++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py
@@ -132,10 +132,29 @@ def _get_vxlan_interface_config_for_vrf(self, vrf: dict, tenant: dict, vrfs: lis
if "evpn" not in vrf.get("address_families", ["evpn"]):
return
- vni = default(
- vrf.get("vrf_vni"),
- vrf.get("vrf_id"),
- )
+ if self.shared_utils.is_wan_router:
+ vni = get(
+ vrf,
+ "wan_vni",
+ required=True,
+ # TODO when adding VRF filter, change the error message
+ # org_key=(
+ # f"VRF {vrf_name} in tenant {tenant['name']} does not have a `wan_vni` defined. "
+ # "If this VRF was not intended to be extended over WAN, set 'address_families: []' under the VRF definition."
+ # "If not intended on the WAN router, use the VRF filter"
+ # )
+ org_key=(
+ f"VRF {vrf_name} in tenant {tenant['name']} does not have a `wan_vni` defined. "
+ "If this VRF was not intended to be extended over WAN, set 'address_families: []' under the VRF definition."
+ ),
+ )
+ else:
+ vni = default(
+ vrf.get("vrf_vni"),
+ vrf.get("vrf_id"),
+ )
+
+ # NOTE: this can never be None here, it would be caught previously in the code
id = default(
vrf.get("vrf_id"),
vrf.get("vrf_vni"),
@@ -145,10 +164,6 @@ def _get_vxlan_interface_config_for_vrf(self, vrf: dict, tenant: dict, vrfs: lis
# This is legacy behavior so we will leave stricter enforcement to the schema
vrf_data = {"name": vrf_name, "vni": vni}
- # TODO need to handle this better from a design point of view
- if self.shared_utils.is_wan_router and vni > 255:
- raise AristaAvdError("VNI for WAN with DPS use cases cannot be > 255, got '{vni}' for vrf '{vrf_name}' in tenant '{tenant['name']}'.")
-
if get(vrf, "_evpn_l3_multicast_enabled"):
underlay_l3_multicast_group_ipv4_pool = get(
tenant,
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
index 7145402ea4f..5915f193e70 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
@@ -4982,6 +4982,27 @@ $defs:
If vrf_vni > 10000 make sure to adjust "mac_vrf_vni_base" accordingly
to avoid overlap.
+ '
+ wan_vni:
+ type: int
+ convert_types:
+ - str
+ min: 1
+ max: 255
+ description: 'Required for VRFs carried over AutoVPN or CV Pathfinder
+ WAN.
+
+
+ A VRF can have a different VNI in the Datacenters and in the WAN.
+
+ Note that if no VRF default is configured for WAN, AVD will automatically
+ inject the VRF default with
+
+ `wan_vni` set to `1`.
+
+ In addition either `vrf_id` or `vrf_vni` must be set to enforce
+ consistant route-targets across domains.
+
'
vrf_id:
type: int
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_network_services.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_network_services.schema.yml
index ddd87f6be5e..e0e0f67740e 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_network_services.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_network_services.schema.yml
@@ -280,6 +280,19 @@ $defs:
"vrf_vni" may also be used for VRF RD/RT ID. See "overlay_rd_type" and "overlay_rt_type" for details.
See "mlag_ibgp_peering_vrfs.base_vlan" for details.
If vrf_vni > 10000 make sure to adjust "mac_vrf_vni_base" accordingly to avoid overlap.
+ wan_vni:
+ type: int
+ convert_types:
+ - str
+ min: 1
+ max: 255
+ description: |
+ Required for VRFs carried over AutoVPN or CV Pathfinder WAN.
+
+ A VRF can have a different VNI in the Datacenters and in the WAN.
+ Note that if no VRF default is configured for WAN, AVD will automatically inject the VRF default with
+ `wan_vni` set to `1`.
+ In addition either `vrf_id` or `vrf_vni` must be set to enforce consistant route-targets across domains.
vrf_id:
type: int
convert_types: