From d602bb16031e707f974c2c49110aba9bbf290fcc Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 7 Feb 2024 17:02:52 +0100 Subject: [PATCH] Feat(eos_designs): Add wan_vni for WAN VRF --- ...v-pathfinder-edge-no-common-path-group.cfg | 50 +++++-- .../intended/configs/cv-pathfinder-edge.cfg | 50 +++++-- .../configs/cv-pathfinder-transit1A.cfg | 15 +- .../configs/site-ha-disabled-leaf.cfg | 99 +++++++++++--- ...v-pathfinder-edge-no-common-path-group.yml | 71 ++++++++-- .../structured_configs/cv-pathfinder-edge.yml | 71 ++++++++-- .../cv-pathfinder-pathfinder.yml | 4 +- .../cv-pathfinder-pathfinder1.yml | 4 +- .../cv-pathfinder-pathfinder2.yml | 4 +- .../cv-pathfinder-transit1A.yml | 66 +++++++++ .../site-ha-disabled-leaf.yml | 128 ++++++++++++++---- .../inventory/group_vars/AUTOVPN_TESTS.yml | 4 + .../group_vars/CV_PATHFINDER_TESTS.yml | 29 +++- .../autovpn-edge-no-default-policy.yml | 2 + .../cv-pathfinder-edge-no-default-policy.yml | 2 + .../plugin_utils/eos_designs_facts/wan.py | 30 ++++ .../filtered_tenants.py | 35 +++-- .../eos_designs_shared_utils/misc.py | 4 + .../tables/network-services-vrfs-settings.md | 9 ++ .../python_modules/network_services/utils.py | 3 +- .../network_services/vxlan_interface.py | 31 +++-- .../schemas/eos_designs.schema.yml | 21 +++ .../defs_network_services.schema.yml | 13 ++ 23 files changed, 618 insertions(+), 127 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg index f8119cb248b..6158d0b6fea 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg @@ -117,6 +117,8 @@ spanning-tree mode none no enable password no aaa root ! +vrf instance ATTRACTED-VRF-FROM-UPLINK +! vrf instance IT ! vrf instance MGMT @@ -175,19 +177,27 @@ interface Ethernet52 flow tracker hardware WAN-FLOW-TRACKER ip address 172.17.0.3/31 ! -interface Ethernet52.42 - description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.42_vrf_PROD +interface Ethernet52.142 + description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.142_vrf_PROD no shutdown mtu 9214 - encapsulation dot1q vlan 42 + encapsulation dot1q vlan 142 vrf PROD ip address 172.17.0.3/31 ! -interface Ethernet52.100 - description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.100_vrf_IT +interface Ethernet52.666 + description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK + no shutdown + mtu 9214 + encapsulation dot1q vlan 666 + vrf ATTRACTED-VRF-FROM-UPLINK + ip address 172.17.0.3/31 +! +interface Ethernet52.1000 + description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.1000_vrf_IT no shutdown mtu 9214 - encapsulation dot1q vlan 100 + encapsulation dot1q vlan 1000 vrf IT ip address 172.17.0.3/31 ! @@ -200,6 +210,7 @@ interface Vxlan1 description cv-pathfinder-edge-no-common-path-group_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf ATTRACTED-VRF-FROM-UPLINK vni 166 vxlan vrf default vni 1 vxlan vrf IT vni 100 vxlan vrf PROD vni 42 @@ -247,6 +258,7 @@ application traffic recognition 42 ! ip routing +ip routing vrf ATTRACTED-VRF-FROM-UPLINK ip routing vrf IT no ip routing vrf MGMT ip routing vrf PROD @@ -329,6 +341,16 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf ATTRACTED-VRF-FROM-UPLINK + rd 192.168.42.2:666 + route-target import evpn 666:666 + route-target export evpn 666:666 + router-id 192.168.42.2 + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute connected + ! vrf default rd 192.168.42.2:1 route-target import evpn 1:1 @@ -336,23 +358,23 @@ router bgp 65000 route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT ! vrf IT - rd 192.168.42.2:100 - route-target import evpn 100:100 - route-target export evpn 100:100 + rd 192.168.42.2:1000 + route-target import evpn 1000:1000 + route-target export evpn 1000:1000 router-id 192.168.42.2 neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.1000_vrf_IT redistribute connected ! vrf PROD - rd 192.168.42.2:42 - route-target import evpn 42:42 - route-target export evpn 42:42 + rd 192.168.42.2:142 + route-target import evpn 142:142 + route-target export evpn 142:142 router-id 192.168.42.2 neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.142_vrf_PROD redistribute connected ! router traffic-engineering diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index d32f1c865bd..418dfd971af 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -153,6 +153,8 @@ spanning-tree mode none no enable password no aaa root ! +vrf instance ATTRACTED-VRF-FROM-UPLINK +! vrf instance IT ! vrf instance MGMT @@ -223,19 +225,27 @@ interface Ethernet52 flow tracker hardware WAN-FLOW-TRACKER ip address 172.17.0.1/31 ! -interface Ethernet52.42 - description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.42_vrf_PROD +interface Ethernet52.142 + description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.142_vrf_PROD no shutdown mtu 9214 - encapsulation dot1q vlan 42 + encapsulation dot1q vlan 142 vrf PROD ip address 172.17.0.1/31 ! -interface Ethernet52.100 - description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.100_vrf_IT +interface Ethernet52.666 + description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK + no shutdown + mtu 9214 + encapsulation dot1q vlan 666 + vrf ATTRACTED-VRF-FROM-UPLINK + ip address 172.17.0.1/31 +! +interface Ethernet52.1000 + description P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.1000_vrf_IT no shutdown mtu 9214 - encapsulation dot1q vlan 100 + encapsulation dot1q vlan 1000 vrf IT ip address 172.17.0.1/31 ! @@ -248,6 +258,7 @@ interface Vxlan1 description cv-pathfinder-edge_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf ATTRACTED-VRF-FROM-UPLINK vni 166 vxlan vrf default vni 1 vxlan vrf IT vni 100 vxlan vrf PROD vni 42 @@ -296,6 +307,7 @@ application traffic recognition 42 ! ip routing +ip routing vrf ATTRACTED-VRF-FROM-UPLINK ip routing vrf IT no ip routing vrf MGMT ip routing vrf PROD @@ -393,6 +405,16 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf ATTRACTED-VRF-FROM-UPLINK + rd 192.168.42.1:666 + route-target import evpn 666:666 + route-target export evpn 666:666 + router-id 192.168.42.1 + neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute connected + ! vrf default rd 192.168.42.1:1 route-target import evpn 1:1 @@ -400,23 +422,23 @@ router bgp 65000 route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT ! vrf IT - rd 192.168.42.1:100 - route-target import evpn 100:100 - route-target export evpn 100:100 + rd 192.168.42.1:1000 + route-target import evpn 1000:1000 + route-target export evpn 1000:1000 router-id 192.168.42.1 neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.100_vrf_IT + neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.1000_vrf_IT redistribute connected ! vrf PROD - rd 192.168.42.1:42 - route-target import evpn 42:42 - route-target export evpn 42:42 + rd 192.168.42.1:142 + route-target import evpn 142:142 + route-target export evpn 142:142 router-id 192.168.42.1 neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.42_vrf_PROD + neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.142_vrf_PROD redistribute connected ! router traffic-engineering diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg index 34295a82050..db3d028a045 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg @@ -193,6 +193,8 @@ vrf instance IT ! vrf instance MGMT ! +vrf instance NOT-WAN-VRF +! vrf instance PROD ! vrf instance TRANSIT @@ -343,6 +345,7 @@ application traffic recognition ip routing ip routing vrf IT no ip routing vrf MGMT +ip routing vrf NOT-WAN-VRF ip routing vrf PROD ip routing vrf TRANSIT ! @@ -463,9 +466,9 @@ router bgp 65000 route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT ! vrf IT - rd 192.168.43.1:100 - route-target import evpn 100:100 - route-target export evpn 100:100 + rd 192.168.43.1:1000 + route-target import evpn 1000:1000 + route-target export evpn 1000:1000 router-id 192.168.43.1 neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS @@ -473,9 +476,9 @@ router bgp 65000 redistribute connected ! vrf PROD - rd 192.168.43.1:42 - route-target import evpn 42:42 - route-target export evpn 42:42 + rd 192.168.43.1:142 + route-target import evpn 142:142 + route-target export evpn 142:142 router-id 192.168.43.1 neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg index 0a962cbfeda..99554be20f1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg @@ -17,6 +17,11 @@ vlan 100 vlan 101 name VLAN101 ! +vlan 666 + name VLAN666 +! +vrf instance ATTRACTED-VRF-FROM-UPLINK +! vrf instance IT ! vrf instance MGMT @@ -30,19 +35,27 @@ interface Ethernet1 no switchport ip address 172.17.0.0/31 ! -interface Ethernet1.42 - description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.42_vrf_PROD +interface Ethernet1.142 + description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.142_vrf_PROD no shutdown mtu 9214 - encapsulation dot1q vlan 42 + encapsulation dot1q vlan 142 vrf PROD ip address 172.17.0.0/31 ! -interface Ethernet1.100 - description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.100_vrf_IT +interface Ethernet1.666 + description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + no shutdown + mtu 9214 + encapsulation dot1q vlan 666 + vrf ATTRACTED-VRF-FROM-UPLINK + ip address 172.17.0.0/31 +! +interface Ethernet1.1000 + description P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.1000_vrf_IT no shutdown mtu 9214 - encapsulation dot1q vlan 100 + encapsulation dot1q vlan 1000 vrf IT ip address 172.17.0.0/31 ! @@ -53,19 +66,27 @@ interface Ethernet2 no switchport ip address 172.17.0.2/31 ! -interface Ethernet2.42 - description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.42_vrf_PROD +interface Ethernet2.142 + description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.142_vrf_PROD no shutdown mtu 9214 - encapsulation dot1q vlan 42 + encapsulation dot1q vlan 142 vrf PROD ip address 172.17.0.2/31 ! -interface Ethernet2.100 - description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.100_vrf_IT +interface Ethernet2.666 + description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + no shutdown + mtu 9214 + encapsulation dot1q vlan 666 + vrf ATTRACTED-VRF-FROM-UPLINK + ip address 172.17.0.2/31 +! +interface Ethernet2.1000 + description P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.1000_vrf_IT no shutdown mtu 9214 - encapsulation dot1q vlan 100 + encapsulation dot1q vlan 1000 vrf IT ip address 172.17.0.2/31 ! @@ -85,19 +106,29 @@ interface Vlan100 vrf PROD ip address virtual 10.0.100.1/24 ! +interface Vlan666 + description VLAN666 + shutdown + vrf ATTRACTED-VRF-FROM-UPLINK + ip address 10.66.66.1 + ip address virtual 10.66.66.66/24 +! interface Vxlan1 description site-ha-disabled-leaf_VTEP vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 100 vni 1100 vxlan vlan 101 vni 1101 + vxlan vlan 666 vni 1666 + vxlan vrf ATTRACTED-VRF-FROM-UPLINK vni 666 vxlan vrf default vni 1 - vxlan vrf IT vni 100 - vxlan vrf PROD vni 42 + vxlan vrf IT vni 1000 + vxlan vrf PROD vni 142 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf ATTRACTED-VRF-FROM-UPLINK ip routing vrf IT no ip routing vrf MGMT ip routing vrf PROD @@ -144,6 +175,11 @@ router bgp 65199 route-target both 1101:1101 redistribute learned ! + vlan 666 + rd 192.168.45.3:1666 + route-target both 1666:1666 + redistribute learned + ! address-family evpn neighbor EVPN-OVERLAY-PEERS activate ! @@ -151,35 +187,62 @@ router bgp 65199 no neighbor EVPN-OVERLAY-PEERS activate neighbor IPv4-UNDERLAY-PEERS activate ! + vrf ATTRACTED-VRF-FROM-UPLINK + rd 192.168.45.3:666 + route-target import evpn 666:666 + route-target export evpn 666:666 + router-id 192.168.45.3 + neighbor 172.17.0.1 remote-as 65000 + neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute connected + ! vrf default rd 192.168.45.4:1 route-target import evpn 1:1 route-target export evpn 1:1 ! vrf IT +<<<<<<< HEAD rd 192.168.45.4:100 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.45.4 +======= + rd 192.168.45.3:1000 + route-target import evpn 1000:1000 + route-target export evpn 1000:1000 + router-id 192.168.45.3 +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF) neighbor 172.17.0.1 remote-as 65000 neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.100_vrf_IT + neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.1000_vrf_IT neighbor 172.17.0.3 remote-as 65000 neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.100_vrf_IT + neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.1000_vrf_IT redistribute connected ! vrf PROD +<<<<<<< HEAD rd 192.168.45.4:42 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.45.4 +======= + rd 192.168.45.3:142 + route-target import evpn 142:142 + route-target export evpn 142:142 + router-id 192.168.45.3 +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF) neighbor 172.17.0.1 remote-as 65000 neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.42_vrf_PROD + neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.142_vrf_PROD neighbor 172.17.0.3 remote-as 65000 neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.42_vrf_PROD + neighbor 172.17.0.3 description cv-pathfinder-edge-no-common-path-group_Ethernet52.142_vrf_PROD redistribute connected ! management api http-commands diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml index c7723bd9586..0e335d14fe4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml @@ -47,18 +47,24 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS +<<<<<<< HEAD remote_as: '65199' description: site-ha-disabled-leaf_Ethernet2.100_vrf_IT rd: 192.168.42.2:100 +======= + remote_as: '65000' + description: site-ha-disabled-leaf_Ethernet2.1000_vrf_IT + rd: 192.168.42.2:1000 +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF) route_targets: import: - address_family: evpn route_targets: - - 100:100 + - 1000:1000 export: - address_family: evpn route_targets: - - 100:100 + - 1000:1000 redistribute_routes: - source_protocol: connected - name: PROD @@ -66,18 +72,43 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS +<<<<<<< HEAD remote_as: '65199' description: site-ha-disabled-leaf_Ethernet2.42_vrf_PROD rd: 192.168.42.2:42 +======= + remote_as: '65000' + description: site-ha-disabled-leaf_Ethernet2.142_vrf_PROD + rd: 192.168.42.2:142 +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF) route_targets: import: - address_family: evpn route_targets: - - '42:42' + - 142:142 export: - address_family: evpn route_targets: - - '42:42' + - 142:142 + redistribute_routes: + - source_protocol: connected + - name: ATTRACTED-VRF-FROM-UPLINK + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-disabled-leaf_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.42.2:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 redistribute_routes: - source_protocol: connected - name: default @@ -132,6 +163,9 @@ vrfs: - name: PROD tenant: TenantA ip_routing: true +- name: ATTRACTED-VRF-FROM-UPLINK + tenant: TenantC + ip_routing: true management_api_http: enable_vrfs: - name: MGMT @@ -148,26 +182,37 @@ ethernet_interfaces: ip_address: 172.17.0.3/31 flow_tracker: hardware: WAN-FLOW-TRACKER -- name: Ethernet52.100 +- name: Ethernet52.1000 peer: site-ha-disabled-leaf - peer_interface: Ethernet2.100 + peer_interface: Ethernet2.1000 peer_type: l3leaf vrf: IT - description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.100_vrf_IT + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.1000_vrf_IT shutdown: false type: l3dot1q - encapsulation_dot1q_vlan: 100 + encapsulation_dot1q_vlan: 1000 mtu: 9214 ip_address: 172.17.0.3/31 -- name: Ethernet52.42 +- name: Ethernet52.142 peer: site-ha-disabled-leaf - peer_interface: Ethernet2.42 + peer_interface: Ethernet2.142 peer_type: l3leaf vrf: PROD - description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.42_vrf_PROD + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.142_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 142 + mtu: 9214 + ip_address: 172.17.0.3/31 +- name: Ethernet52.666 + peer: site-ha-disabled-leaf + peer_interface: Ethernet2.666 + peer_type: l3leaf + vrf: ATTRACTED-VRF-FROM-UPLINK + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK shutdown: false type: l3dot1q - encapsulation_dot1q_vlan: 42 + encapsulation_dot1q_vlan: 666 mtu: 9214 ip_address: 172.17.0.3/31 - name: Ethernet1 @@ -468,6 +513,8 @@ vxlan_interface: vni: 100 - name: PROD vni: 42 + - name: ATTRACTED-VRF-FROM-UPLINK + vni: 166 metadata: cv_tags: device_tags: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 1e0504342cb..d88debcb9c8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -57,18 +57,24 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS +<<<<<<< HEAD remote_as: '65199' description: site-ha-disabled-leaf_Ethernet1.100_vrf_IT rd: 192.168.42.1:100 +======= + remote_as: '65000' + description: site-ha-disabled-leaf_Ethernet1.1000_vrf_IT + rd: 192.168.42.1:1000 +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF) route_targets: import: - address_family: evpn route_targets: - - 100:100 + - 1000:1000 export: - address_family: evpn route_targets: - - 100:100 + - 1000:1000 redistribute_routes: - source_protocol: connected - name: PROD @@ -76,18 +82,43 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS +<<<<<<< HEAD remote_as: '65199' description: site-ha-disabled-leaf_Ethernet1.42_vrf_PROD rd: 192.168.42.1:42 +======= + remote_as: '65000' + description: site-ha-disabled-leaf_Ethernet1.142_vrf_PROD + rd: 192.168.42.1:142 +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF) route_targets: import: - address_family: evpn route_targets: - - '42:42' + - 142:142 export: - address_family: evpn route_targets: - - '42:42' + - 142:142 + redistribute_routes: + - source_protocol: connected + - name: ATTRACTED-VRF-FROM-UPLINK + router_id: 192.168.42.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-disabled-leaf_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.42.1:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 redistribute_routes: - source_protocol: connected - name: default @@ -142,6 +173,9 @@ vrfs: - name: PROD tenant: TenantA ip_routing: true +- name: ATTRACTED-VRF-FROM-UPLINK + tenant: TenantC + ip_routing: true management_api_http: enable_vrfs: - name: MGMT @@ -158,26 +192,37 @@ ethernet_interfaces: ip_address: 172.17.0.1/31 flow_tracker: hardware: WAN-FLOW-TRACKER -- name: Ethernet52.100 +- name: Ethernet52.1000 peer: site-ha-disabled-leaf - peer_interface: Ethernet1.100 + peer_interface: Ethernet1.1000 peer_type: l3leaf vrf: IT - description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.100_vrf_IT + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.1000_vrf_IT shutdown: false type: l3dot1q - encapsulation_dot1q_vlan: 100 + encapsulation_dot1q_vlan: 1000 mtu: 9214 ip_address: 172.17.0.1/31 -- name: Ethernet52.42 +- name: Ethernet52.142 peer: site-ha-disabled-leaf - peer_interface: Ethernet1.42 + peer_interface: Ethernet1.142 peer_type: l3leaf vrf: PROD - description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.42_vrf_PROD + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.142_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 142 + mtu: 9214 + ip_address: 172.17.0.1/31 +- name: Ethernet52.666 + peer: site-ha-disabled-leaf + peer_interface: Ethernet1.666 + peer_type: l3leaf + vrf: ATTRACTED-VRF-FROM-UPLINK + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK shutdown: false type: l3dot1q - encapsulation_dot1q_vlan: 42 + encapsulation_dot1q_vlan: 666 mtu: 9214 ip_address: 172.17.0.1/31 - name: Ethernet1 @@ -573,6 +618,8 @@ vxlan_interface: vni: 100 - name: PROD vni: 42 + - name: ATTRACTED-VRF-FROM-UPLINK + vni: 166 metadata: cv_tags: device_tags: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 2b1aa9ce8d4..6ae24d73c62 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -559,7 +559,7 @@ metadata: - name: MPLS preference: alternate - name: PROD - vni: 42 + vni: 142 avts: - constraints: jitter: 42 @@ -593,7 +593,7 @@ metadata: - name: MPLS preference: alternate - name: IT - vni: 100 + vni: 1000 avts: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index fdf7a691b67..62c80cee7c1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -548,7 +548,7 @@ metadata: - name: MPLS preference: alternate - name: PROD - vni: 42 + vni: 142 avts: - constraints: jitter: 42 @@ -582,7 +582,7 @@ metadata: - name: MPLS preference: alternate - name: IT - vni: 100 + vni: 1000 avts: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 5423793e882..56ac5de0e5c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -579,7 +579,7 @@ metadata: - name: MPLS preference: alternate - name: PROD - vni: 42 + vni: 142 avts: - constraints: jitter: 42 @@ -613,7 +613,7 @@ metadata: - name: MPLS preference: alternate - name: IT - vni: 100 + vni: 1000 avts: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml index 59f19216a25..a1c21c338be 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml @@ -143,6 +143,69 @@ router_bgp: receive: true send: any: true +<<<<<<< HEAD:ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml +======= + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: default + rd: 192.168.43.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: IT + router_id: 192.168.43.1 + rd: 192.168.43.1:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.43.1 + rd: 192.168.43.1:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + redistribute_routes: + - source_protocol: connected + - name: TRANSIT + router_id: 192.168.43.1 + rd: 192.168.43.1:66 + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + redistribute_routes: + - source_protocol: connected +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF):ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml service_routing_protocols_model: multi-agent ip_routing: true transceiver_qsfp_default_mode_4x10: false @@ -157,6 +220,9 @@ vrfs: - name: PROD tenant: TenantA ip_routing: true +- name: NOT-WAN-VRF + tenant: TenantB + ip_routing: true - name: TRANSIT tenant: TenantB ip_routing: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml index 7982092661c..e396481e781 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml @@ -50,21 +50,26 @@ router_bgp: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge_Ethernet52.100_vrf_IT + description: cv-pathfinder-edge_Ethernet52.1000_vrf_IT - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' +<<<<<<< HEAD description: cv-pathfinder-edge-no-common-path-group_Ethernet52.100_vrf_IT rd: 192.168.45.4:100 +======= + description: cv-pathfinder-edge-no-common-path-group_Ethernet52.1000_vrf_IT + rd: 192.168.45.3:1000 +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF) route_targets: import: - address_family: evpn route_targets: - - 100:100 + - 1000:1000 export: - address_family: evpn route_targets: - - 100:100 + - 1000:1000 redistribute_routes: - source_protocol: connected - name: PROD @@ -73,21 +78,49 @@ router_bgp: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge_Ethernet52.42_vrf_PROD + description: cv-pathfinder-edge_Ethernet52.142_vrf_PROD - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' +<<<<<<< HEAD description: cv-pathfinder-edge-no-common-path-group_Ethernet52.42_vrf_PROD rd: 192.168.45.4:42 +======= + description: cv-pathfinder-edge-no-common-path-group_Ethernet52.142_vrf_PROD + rd: 192.168.45.3:142 +>>>>>>> ff441f2cd (Feat(eos_designs): Add wan_vni for WAN VRF) route_targets: import: - address_family: evpn route_targets: - - '42:42' + - 142:142 export: - address_family: evpn route_targets: - - '42:42' + - 142:142 + redistribute_routes: + - source_protocol: connected + - name: ATTRACTED-VRF-FROM-UPLINK + router_id: 192.168.45.3 + neighbors: + - ip_address: 172.17.0.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge-no-common-path-group_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.45.3:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 redistribute_routes: - source_protocol: connected - name: default @@ -122,6 +155,14 @@ router_bgp: - 1101:1101 redistribute_routes: - learned + - id: 666 + tenant: TenantC + rd: 192.168.45.3:1666 + route_targets: + both: + - 1666:1666 + redistribute_routes: + - learned service_routing_protocols_model: multi-agent ip_routing: true vlan_internal_order: @@ -138,6 +179,9 @@ vrfs: - name: PROD tenant: TenantA ip_routing: true +- name: ATTRACTED-VRF-FROM-UPLINK + tenant: TenantC + ip_routing: true management_api_http: enable_vrfs: - name: MGMT @@ -152,26 +196,37 @@ ethernet_interfaces: mtu: 9214 type: routed ip_address: 172.17.0.0/31 -- name: Ethernet1.100 +- name: Ethernet1.1000 peer: cv-pathfinder-edge - peer_interface: Ethernet52.100 + peer_interface: Ethernet52.1000 peer_type: wan_edge vrf: IT - description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.100_vrf_IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.1000_vrf_IT shutdown: false type: l3dot1q - encapsulation_dot1q_vlan: 100 + encapsulation_dot1q_vlan: 1000 mtu: 9214 ip_address: 172.17.0.0/31 -- name: Ethernet1.42 +- name: Ethernet1.142 peer: cv-pathfinder-edge - peer_interface: Ethernet52.42 + peer_interface: Ethernet52.142 peer_type: wan_edge vrf: PROD - description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.42_vrf_PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.142_vrf_PROD shutdown: false type: l3dot1q - encapsulation_dot1q_vlan: 42 + encapsulation_dot1q_vlan: 142 + mtu: 9214 + ip_address: 172.17.0.0/31 +- name: Ethernet1.666 + peer: cv-pathfinder-edge + peer_interface: Ethernet52.666 + peer_type: wan_edge + vrf: ATTRACTED-VRF-FROM-UPLINK + description: P2P_LINK_TO_CV-PATHFINDER-EDGE_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 666 mtu: 9214 ip_address: 172.17.0.0/31 - name: Ethernet2 @@ -183,26 +238,37 @@ ethernet_interfaces: mtu: 9214 type: routed ip_address: 172.17.0.2/31 -- name: Ethernet2.100 +- name: Ethernet2.1000 peer: cv-pathfinder-edge-no-common-path-group - peer_interface: Ethernet52.100 + peer_interface: Ethernet52.1000 peer_type: wan_edge vrf: IT - description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.100_vrf_IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.1000_vrf_IT shutdown: false type: l3dot1q - encapsulation_dot1q_vlan: 100 + encapsulation_dot1q_vlan: 1000 mtu: 9214 ip_address: 172.17.0.2/31 -- name: Ethernet2.42 +- name: Ethernet2.142 peer: cv-pathfinder-edge-no-common-path-group - peer_interface: Ethernet52.42 + peer_interface: Ethernet52.142 peer_type: wan_edge vrf: PROD - description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.42_vrf_PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.142_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 142 + mtu: 9214 + ip_address: 172.17.0.2/31 +- name: Ethernet2.666 + peer: cv-pathfinder-edge-no-common-path-group + peer_interface: Ethernet52.666 + peer_type: wan_edge + vrf: ATTRACTED-VRF-FROM-UPLINK + description: P2P_LINK_TO_CV-PATHFINDER-EDGE-NO-COMMON-PATH-GROUP_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK shutdown: false type: l3dot1q - encapsulation_dot1q_vlan: 42 + encapsulation_dot1q_vlan: 666 mtu: 9214 ip_address: 172.17.0.2/31 loopback_interfaces: @@ -240,6 +306,9 @@ vlans: - id: 101 name: VLAN101 tenant: TenantA +- id: 666 + name: VLAN666 + tenant: TenantC ip_igmp_snooping: globally_enabled: true ip_virtual_router_mac_address: 00:1c:73:00:00:01 @@ -250,6 +319,13 @@ vlan_interfaces: shutdown: true ip_address_virtual: 10.0.100.1/24 vrf: PROD +- name: Vlan666 + tenant: TenantC + description: VLAN666 + shutdown: true + ip_address: 10.66.66.1 + ip_address_virtual: 10.66.66.66/24 + vrf: ATTRACTED-VRF-FROM-UPLINK vxlan_interface: Vxlan1: description: site-ha-disabled-leaf_VTEP @@ -261,10 +337,14 @@ vxlan_interface: vni: 1100 - id: 101 vni: 1101 + - id: 666 + vni: 1666 vrfs: - name: default vni: 1 - name: IT - vni: 100 + vni: 1000 - name: PROD - vni: 42 + vni: 142 + - name: ATTRACTED-VRF-FROM-UPLINK + vni: 666 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index c119f807637..6f07482fdf4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -100,14 +100,18 @@ tenants: vrfs: - name: default vrf_id: 1 + # Testing VRF default without wan_vni set to check it is inserted and + # does not explode - name: PROD vrf_id: 42 + wan_vni: 42 svis: - id: 100 name: VLAN100 ip_address_virtual: 10.0.100.1/24 - name: IT vrf_id: 100 + wan_vni: 100 l2vlans: - id: 101 name: VLAN101 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index d95f90ea84a..0bfff5c5bff 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -282,18 +282,23 @@ tenants: vrfs: - name: default vrf_id: 1 + wan_vni: 1 + # Checking static route on VRF default is redistributed in a route-map static_routes: - destination_address_prefix: 66.66.66.0/24 gateway: 172.17.0.0 nodes: [cv-pathfinder-edge] - name: PROD - vrf_id: 42 + # Showing that wan_vni and vrf_id can be different. `vrf_id` influences the subinterface id. + vrf_id: 142 + wan_vni: 42 svis: - id: 100 name: VLAN100 ip_address_virtual: 10.0.100.1/24 - name: IT - vrf_id: 100 + vrf_id: 1000 + wan_vni: 100 l2vlans: - id: 101 name: VLAN101 @@ -301,8 +306,28 @@ tenants: vrfs: - name: default vrf_id: 1 + wan_vni: 1 - name: TRANSIT vrf_id: 66 + wan_vni: 66 + # Test that a VRF with address_families: [] on a WAN router is not configured on Vxlan1 interface nor BGP + - name: NOT-WAN-VRF + vrf_id: 13 + address_families: [] + - name: TenantC + mac_vrf_vni_base: 1000 + vrfs: + # Test adding a VRF on an uplink switch and seeing it configured on the WAN routers + - name: ATTRACTED-VRF-FROM-UPLINK + vrf_id: 666 + wan_vni: 166 + svis: + - id: 666 + name: VLAN666 + ip_address_virtual: 10.66.66.66/24 + nodes: + - node: site-ha-disabled-leaf + ip_address: 10.66.66.1 wan_virtual_topologies: vrfs: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml index 820e1f4fb0e..11cd0abc476 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml @@ -73,8 +73,10 @@ tenants: vrf_id: 1 - name: PROD vrf_id: 42 + wan_vni: 42 - name: IT vrf_id: 100 + wan_vni: 100 # empty wan_virtual_topologies: null diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge-no-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge-no-default-policy.yml index aa9db2cb24e..e687bf965ec 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge-no-default-policy.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge-no-default-policy.yml @@ -116,7 +116,9 @@ tenants: vrf_id: 1 - name: PROD vrf_id: 42 + wan_vni: 42 - name: IT vrf_id: 100 + wan_vni: 100 wan_virtual_topologies: null diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py index 684fa81d8e4..cbc0f88edf6 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -6,6 +6,8 @@ from functools import cached_property from typing import TYPE_CHECKING +from ansible_collections.arista.avd.plugins.filter.natural_sort import natural_sort + if TYPE_CHECKING: from .eos_designs_facts import EosDesignsFacts @@ -30,3 +32,31 @@ def wan_path_groups(self: EosDesignsFacts) -> list | None: return None return self.shared_utils.wan_local_path_groups + + @cached_property + def wan_router_uplink_vrfs(self: EosDesignsFacts) -> list[str] | None: + """ + Exposed in avd_switch_facts + + Return the list of VRF names present on uplink switches. + These VRFs will be attracted (configured) on WAN "clients" (edge/transit) unless filtered. + + Note that if the attracted VRFs do not have 'wan_vni' set, the code for interface Vxlan1 will raise an error. + """ + if not self.shared_utils.is_wan_client or self.shared_utils.uplink_type != "p2p-vrfs": + return None + + # Partially recreating logic from 'uplinks', but since this fact is used to build 'filtered_tenants', + # which in turn is used to build 'uplinks', we cannot reuse 'uplinks' (recursion) + + # Since uplinks logic silently skips extra entries in uplink vars, we only need to parse shortest list. + min_length = min(len(self._uplink_switch_interfaces), len(self._uplink_interfaces), len(self.shared_utils.uplink_switches)) + # Using set to only get unique uplink switches + unique_uplink_switches = set(self.shared_utils.uplink_switches[:min_length]) + + vrfs = set() + for uplink_switch in unique_uplink_switches: + uplink_switch_facts = self.shared_utils.get_peer_facts(uplink_switch) + vrfs.update(uplink_switch_facts.shared_utils.vrfs) + + return natural_sort(vrfs) or None diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py index e43ed3cc695..d709425a811 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py @@ -57,6 +57,7 @@ def filtered_tenants(self: SharedUtils) -> list[dict]: "vrfs": [ { "name": "default", + "wan_vni": 1, "vrf_id": 1, "svis": [], "l3_interfaces": [], @@ -81,6 +82,10 @@ def filtered_tenants(self: SharedUtils) -> list[dict]: raise AristaAvdError( "WAN configuration requires EVPN to be enabled for VRF 'default'. Got 'address_families: {vrf_default['address_families']}." ) + # Injecting `wan_vni` on WAN routers if it is missing to make sure that VRF default is always included + # on the WAN. + if vrf_default.get("wan_vni") is None: + vrf_default["wan_vni"] = 1 break return natural_sort(filtered_tenants, "name") @@ -157,16 +162,32 @@ def accepted_vlans(self: SharedUtils) -> list[int]: return accepted_vlans + def is_forced_vrf(self: SharedUtils, vrf: dict) -> bool: + """ + Returns True if the given VRF name should be configured even without any loopbacks or SVIs etc. + + There can be various causes for this: + - The VRF is part of a tenant set under 'always_include_vrfs_in_tenants' + - 'always_include_vrfs_in_tenants' is set to ['all'] + - This is a WAN router and the VRF present on the uplink switch. + Note that if the attracted VRF does not have a wan_vni configured, the code for interface Vxlan1 will raise an error. + """ + if "all" in self.always_include_vrfs_in_tenants or vrf["tenant"] in self.always_include_vrfs_in_tenants: + return True + + if self.is_wan_client and vrf["name"] in (self.get_switch_fact("wan_router_uplink_vrfs", required=False) or []): + return True + + return False + def filtered_vrfs(self: SharedUtils, tenant: dict) -> list[dict]: """ Return sorted and filtered vrf list from given tenant. - Filtering based on svi tags, l3interfaces and filter.always_include_vrfs_in_tenants. + Filtering based on svi tags, l3interfaces, loopbacks or self.is_forced_vrf() check. Keys of VRF data model will be converted to lists. """ filtered_vrfs = [] - always_include_vrfs_in_tenants = get(self.switch_data_combined, "filter.always_include_vrfs_in_tenants", default=[]) - vrfs: list[dict] = natural_sort(convert_dicts(tenant.get("vrfs", []), "name"), "name") for original_vrf in vrfs: # Copying original_vrf and setting "tenant" for use by child objects like SVIs @@ -237,13 +258,7 @@ def filtered_vrfs(self: SharedUtils, tenant: dict) -> list[dict]: ) ] - if ( - vrf["svis"] - or vrf["l3_interfaces"] - or vrf["loopbacks"] - or "all" in always_include_vrfs_in_tenants - or tenant["name"] in always_include_vrfs_in_tenants - ): + if vrf["svis"] or vrf["l3_interfaces"] or vrf["loopbacks"] or self.is_forced_vrf(vrf): filtered_vrfs.append(vrf) return filtered_vrfs diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py index 12d50ba3dd5..1d56fc77dda 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py @@ -71,6 +71,10 @@ def filter_tags(self: SharedUtils) -> list: def filter_tenants(self: SharedUtils) -> list: return get(self.switch_data_combined, "filter.tenants", default=["all"]) + @cached_property + def always_include_vrfs_in_tenants(self: SharedUtils) -> list: + return get(self.switch_data_combined, "filter.always_include_vrfs_in_tenants", default=[]) + @cached_property def igmp_snooping_enabled(self: SharedUtils) -> bool: default_igmp_snooping_enabled = get(self.hostvars, "default_igmp_snooping_enabled", default=True) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-settings.md index a7fc699e0b9..1e33a32bbb1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-settings.md @@ -17,6 +17,7 @@ | [          - <str>](## ".[].vrfs.[].address_families.[]") | String | | | Valid Values:
- evpn
- vpn-ipv4
- vpn-ipv6 | | | [        description](## ".[].vrfs.[].description") | String | | | | VRF description. | | [        vrf_vni](## ".[].vrfs.[].vrf_vni") | Integer | | | Min: 1
Max: 16777215 | Required if "vrf_id" is not set.
The VRF VNI range is not limited, but if vrf_id is not set, "vrf_vni" is used for calculating MLAG iBGP peering vlan id.
"vrf_vni" may also be used for VRF RD/RT ID. See "overlay_rd_type" and "overlay_rt_type" for details.
See "mlag_ibgp_peering_vrfs.base_vlan" for details.
If vrf_vni > 10000 make sure to adjust "mac_vrf_vni_base" accordingly to avoid overlap.
| + | [        wan_vni](## ".[].vrfs.[].wan_vni") | Integer | | | Min: 1
Max: 255 | Required for VRFs carried over AutoVPN or CV Pathfinder WAN.

A VRF can have a different VNI in the Datacenters and in the WAN.
Note that if no VRF default is configured for WAN, AVD will automatically inject the VRF default with
`wan_vni` set to `1`.
In addition either `vrf_id` or `vrf_vni` must be set to enforce consistant route-targets across domains.
| | [        vrf_id](## ".[].vrfs.[].vrf_id") | Integer | | | | Required if "vrf_vni" is not set.
"vrf_id" is used as default value for "vrf_vni" and "ospf.process_id" unless those are set.
"vrf_id" may also be used for VRF RD/RT ID. See "overlay_rd_type" and "overlay_rt_type" for details.
"vrf_id" is preferred over "vrf_vni" for MLAG iBGP peering vlan, see "mlag_ibgp_peering_vrfs.base_vlan" for details.
| | [        rd_override](## ".[].vrfs.[].rd_override") | String | | | | By default, the VRF RD will be derived from the pattern defined in `overlay_rd_type`.
The rd_override allows us to override this value and statically define it.

rd_override supports two formats:
- A single number will be used in the RD assigned number subfield (second part of the RD).
- A full RD string with colon seperator which will override the full RD.
| | [        rt_override](## ".[].vrfs.[].rt_override") | String | | | | By default, the VRF RT will be derived from the pattern defined in `overlay_rt_type`.
The rt_override allows us to override this value and statically define it.

rt_override supports two formats:
- A single number will be used in the RT assigned number subfield (second part of the RT).
- A full RT string with colon seperator which will override the full RT.
| @@ -115,6 +116,14 @@ # If vrf_vni > 10000 make sure to adjust "mac_vrf_vni_base" accordingly to avoid overlap. vrf_vni: + # Required for VRFs carried over AutoVPN or CV Pathfinder WAN. + + # A VRF can have a different VNI in the Datacenters and in the WAN. + # Note that if no VRF default is configured for WAN, AVD will automatically inject the VRF default with + # `wan_vni` set to `1`. + # In addition either `vrf_id` or `vrf_vni` must be set to enforce consistant route-targets across domains. + wan_vni: + # Required if "vrf_vni" is not set. # "vrf_id" is used as default value for "vrf_vni" and "ospf.process_id" unless those are set. # "vrf_id" may also be used for VRF RD/RT ID. See "overlay_rd_type" and "overlay_rt_type" for details. diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py index 6a8134cb798..3cfab23e4bc 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py @@ -6,6 +6,7 @@ import ipaddress from functools import cached_property +from ansible_collections.arista.avd.plugins.filter.natural_sort import natural_sort from ansible_collections.arista.avd.plugins.plugin_utils.eos_designs_shared_utils import SharedUtils from ansible_collections.arista.avd.plugins.plugin_utils.errors import AristaAvdError, AristaAvdMissingVariableError from ansible_collections.arista.avd.plugins.plugin_utils.utils import append_if_not_duplicate, default, get, get_item @@ -120,7 +121,7 @@ def _vrf_default_ipv4_static_routes(self) -> dict: redistribute_in_overlay = False return { - "static_routes": list(vrf_default_ipv4_static_routes), + "static_routes": natural_sort(vrf_default_ipv4_static_routes), "redistribute_in_underlay": redistribute_in_underlay, "redistribute_in_overlay": redistribute_in_overlay, } diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py index 42e40136987..5e142ac4cec 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py @@ -132,10 +132,29 @@ def _get_vxlan_interface_config_for_vrf(self, vrf: dict, tenant: dict, vrfs: lis if "evpn" not in vrf.get("address_families", ["evpn"]): return - vni = default( - vrf.get("vrf_vni"), - vrf.get("vrf_id"), - ) + if self.shared_utils.is_wan_router: + vni = get( + vrf, + "wan_vni", + required=True, + # TODO when adding VRF filter, change the error message + # org_key=( + # f"VRF {vrf_name} in tenant {tenant['name']} does not have a `wan_vni` defined. " + # "If this VRF was not intended to be extended over WAN, set 'address_families: []' under the VRF definition." + # "If not intended on the WAN router, use the VRF filter" + # ) + org_key=( + f"VRF {vrf_name} in tenant {tenant['name']} does not have a `wan_vni` defined. " + "If this VRF was not intended to be extended over WAN, set 'address_families: []' under the VRF definition." + ), + ) + else: + vni = default( + vrf.get("vrf_vni"), + vrf.get("vrf_id"), + ) + + # NOTE: this can never be None here, it would be caught previously in the code id = default( vrf.get("vrf_id"), vrf.get("vrf_vni"), @@ -145,10 +164,6 @@ def _get_vxlan_interface_config_for_vrf(self, vrf: dict, tenant: dict, vrfs: lis # This is legacy behavior so we will leave stricter enforcement to the schema vrf_data = {"name": vrf_name, "vni": vni} - # TODO need to handle this better from a design point of view - if self.shared_utils.is_wan_router and vni > 255: - raise AristaAvdError("VNI for WAN with DPS use cases cannot be > 255, got '{vni}' for vrf '{vrf_name}' in tenant '{tenant['name']}'.") - if get(vrf, "_evpn_l3_multicast_enabled"): underlay_l3_multicast_group_ipv4_pool = get( tenant, diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 7145402ea4f..5915f193e70 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -4982,6 +4982,27 @@ $defs: If vrf_vni > 10000 make sure to adjust "mac_vrf_vni_base" accordingly to avoid overlap. + ' + wan_vni: + type: int + convert_types: + - str + min: 1 + max: 255 + description: 'Required for VRFs carried over AutoVPN or CV Pathfinder + WAN. + + + A VRF can have a different VNI in the Datacenters and in the WAN. + + Note that if no VRF default is configured for WAN, AVD will automatically + inject the VRF default with + + `wan_vni` set to `1`. + + In addition either `vrf_id` or `vrf_vni` must be set to enforce + consistant route-targets across domains. + ' vrf_id: type: int diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_network_services.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_network_services.schema.yml index ddd87f6be5e..e0e0f67740e 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_network_services.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_network_services.schema.yml @@ -280,6 +280,19 @@ $defs: "vrf_vni" may also be used for VRF RD/RT ID. See "overlay_rd_type" and "overlay_rt_type" for details. See "mlag_ibgp_peering_vrfs.base_vlan" for details. If vrf_vni > 10000 make sure to adjust "mac_vrf_vni_base" accordingly to avoid overlap. + wan_vni: + type: int + convert_types: + - str + min: 1 + max: 255 + description: | + Required for VRFs carried over AutoVPN or CV Pathfinder WAN. + + A VRF can have a different VNI in the Datacenters and in the WAN. + Note that if no VRF default is configured for WAN, AVD will automatically inject the VRF default with + `wan_vni` set to `1`. + In addition either `vrf_id` or `vrf_vni` must be set to enforce consistant route-targets across domains. vrf_id: type: int convert_types: