Fix(eos_designs): Remove EVPN related config if VRF 'default' is not …

…EVPN enabled (#2888) (#3041) Co-authored-by: Claus Holbech <holbech@arista.com>
aristanetworks · Jul 14, 2023 · f543977 · f543977
1 parent e2b0bf0
commit f543977
Show file tree

Hide file tree

Showing 9 changed files with 256 additions and 6 deletions.
diff --git a/.../molecule/eos_designs_unit_tests/intended/configs/evpn-vtep-with-default-vrf-not-evpn.cfg b/.../molecule/eos_designs_unit_tests/intended/configs/evpn-vtep-with-default-vrf-not-evpn.cfg
@@ -0,0 +1,88 @@
+!RANCID-CONTENT-TYPE: arista
+!
+vlan internal order ascending range 1006 1199
+!
+transceiver qsfp default-mode 4x10G
+!
+service routing protocols model multi-agent
+!
+hostname evpn-vtep-with-default-vrf-not-evpn
+!
+no enable password
+no aaa root
+!
+vlan 110
+   name SVI-110
+!
+vrf instance MGMT
+!
+interface Loopback0
+   description EVPN_Overlay_Peering
+   no shutdown
+   ip address 192.168.255.109/32
+!
+interface Loopback1
+   description VTEP_VXLAN_Tunnel_Source
+   no shutdown
+   ip address 192.168.254.109/32
+!
+interface Vlan110
+   description SVI-110
+   no shutdown
+   ip address virtual 10.1.10.1
+!
+interface Vxlan1
+   description evpn-vtep-with-default-vrf-not-evpn_VTEP
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan vlan 110 vni 10110
+!
+ip virtual-router mac-address 00:dc:00:00:00:0a
+!
+ip routing
+no ip routing vrf MGMT
+!
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+   seq 10 permit 192.168.255.0/24 eq 32
+   seq 20 permit 192.168.254.0/24 eq 32
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+!
+router bfd
+   multihop interval 300 min-rx 300 multiplier 3
+!
+router bgp 101
+   router-id 192.168.255.109
+   maximum-paths 4 ecmp 4
+   neighbor EVPN-OVERLAY-PEERS peer group
+   neighbor EVPN-OVERLAY-PEERS update-source Loopback0
+   neighbor EVPN-OVERLAY-PEERS bfd
+   neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3
+   neighbor EVPN-OVERLAY-PEERS send-community
+   neighbor EVPN-OVERLAY-PEERS maximum-routes 0
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS send-community
+   neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   vlan 110
+      rd 192.168.255.109:10110
+      route-target both 10110:10110
+      redistribute learned
+   !
+   address-family evpn
+      neighbor EVPN-OVERLAY-PEERS activate
+   !
+   address-family ipv4
+      no neighbor EVPN-OVERLAY-PEERS activate
+      neighbor IPv4-UNDERLAY-PEERS activate
+!
+management api http-commands
+   protocol https
+   no shutdown
+   !
+   vrf MGMT
+      no shutdown
+!
+end
diff --git a/...os_designs_unit_tests/intended/structured_configs/evpn-vtep-with-default-vrf-not-evpn.yml b/...os_designs_unit_tests/intended/structured_configs/evpn-vtep-with-default-vrf-not-evpn.yml
@@ -0,0 +1,103 @@
+router_bgp:
+  as: '101'
+  router_id: 192.168.255.109
+  bgp_defaults:
+  - maximum-paths 4 ecmp 4
+  peer_groups:
+    IPv4-UNDERLAY-PEERS:
+      type: ipv4
+      maximum_routes: 12000
+      send_community: all
+    EVPN-OVERLAY-PEERS:
+      type: evpn
+      update_source: Loopback0
+      bfd: true
+      send_community: all
+      maximum_routes: 0
+      ebgp_multihop: 3
+  address_family_ipv4:
+    peer_groups:
+      IPv4-UNDERLAY-PEERS:
+        activate: true
+      EVPN-OVERLAY-PEERS:
+        activate: false
+  redistribute_routes:
+    connected:
+      route_map: RM-CONN-2-BGP
+  address_family_evpn:
+    peer_groups:
+      EVPN-OVERLAY-PEERS:
+        activate: true
+  vlans:
+    110:
+      tenant: MY_FABRIC
+      rd: 192.168.255.109:10110
+      route_targets:
+        both:
+        - 10110:10110
+      redistribute_routes:
+      - learned
+service_routing_protocols_model: multi-agent
+ip_routing: true
+vlan_internal_order:
+  allocation: ascending
+  range:
+    beginning: 1006
+    ending: 1199
+vrfs:
+  MGMT:
+    ip_routing: false
+management_api_http:
+  enable_vrfs:
+    MGMT: {}
+  enable_https: true
+loopback_interfaces:
+  Loopback0:
+    description: EVPN_Overlay_Peering
+    shutdown: false
+    ip_address: 192.168.255.109/32
+  Loopback1:
+    description: VTEP_VXLAN_Tunnel_Source
+    shutdown: false
+    ip_address: 192.168.254.109/32
+prefix_lists:
+  PL-LOOPBACKS-EVPN-OVERLAY:
+    sequence_numbers:
+      10:
+        action: permit 192.168.255.0/24 eq 32
+      20:
+        action: permit 192.168.254.0/24 eq 32
+route_maps:
+  RM-CONN-2-BGP:
+    sequence_numbers:
+      10:
+        type: permit
+        match:
+        - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+router_bfd:
+  multihop:
+    interval: 300
+    min_rx: 300
+    multiplier: 3
+vlans:
+  110:
+    tenant: MY_FABRIC
+    name: SVI-110
+ip_igmp_snooping:
+  globally_enabled: true
+ip_virtual_router_mac_address: 00:dc:00:00:00:0a
+vlan_interfaces:
+  Vlan110:
+    tenant: MY_FABRIC
+    description: SVI-110
+    shutdown: false
+    ip_address_virtual: 10.1.10.1
+vxlan_interface:
+  Vxlan1:
+    description: evpn-vtep-with-default-vrf-not-evpn_VTEP
+    vxlan:
+      udp_port: 4789
+      source_interface: Loopback1
+      vlans:
+        110:
+          vni: 10110
diff --git a/...lecule/eos_designs_unit_tests/inventory/host_vars/evpn-vtep-with-default-vrf-not-evpn.yml b/...lecule/eos_designs_unit_tests/inventory/host_vars/evpn-vtep-with-default-vrf-not-evpn.yml
@@ -0,0 +1,28 @@
+# Testing an EVPN VTEP where the default VRF is _not_ EVPN enabled.
+# Make sure there is no route-map added to the underlay peer group filtering the evpn prefixes.
+# Also make sure the VRF is not configured under interface Vxlan 1
+# Minimum config to only test the specific feature.
+type: l3leaf
+l3leaf:
+  defaults:
+    loopback_ipv4_pool: 192.168.255.0/24
+    loopback_ipv4_offset: 8
+    vtep_loopback_ipv4_pool: 192.168.254.0/24
+    virtual_router_mac_address: 00:dc:00:00:00:0a
+  nodes:
+    evpn-vtep-with-default-vrf-not-evpn:
+      id: 101
+      bgp_as: 101
+
+tenants:
+  MY_FABRIC:
+    mac_vrf_vni_base: 10000
+    vrfs:
+      default:
+        address_families: []
+        vrf_id: 1
+        svis:
+          110:
+            name: SVI-110
+            enabled: true
+            ip_address_virtual: 10.1.10.1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml
@@ -8,6 +8,7 @@ all:
             connected_endpoints:
             cvp-instance-ips-cvaas:
             device.with.dots.in.hostname:
+            evpn-vtep-with-default-vrf-not-evpn:
             filter.only_vlans_in_use:
             no_mgmt_interface:
             no_mgmt_gateway:

diff --git a/..._collections/arista/avd/roles/eos_designs/python_modules/network_services/prefix_lists.py b/..._collections/arista/avd/roles/eos_designs/python_modules/network_services/prefix_lists.py
@@ -18,7 +18,7 @@ def prefix_lists(self) -> dict | None:
 
         Only used for EVPN services in VRF "default"
         """
-        if not (self._network_services_l3 and self._overlay_vtep and self._overlay_evpn):
+        if not self._vrf_default_evpn:
             return None
 
         subnets = self._vrf_default_ipv4_subnets

diff --git a/...le_collections/arista/avd/roles/eos_designs/python_modules/network_services/route_maps.py b/...le_collections/arista/avd/roles/eos_designs/python_modules/network_services/route_maps.py
@@ -68,7 +68,7 @@ def _route_maps_vrf_default(self) -> dict | None:
 
         Called from main route_maps function
         """
-        if not (self._overlay_vtep and self._overlay_evpn):
+        if not self._vrf_default_evpn:
             return None
 
         subnets = self._vrf_default_ipv4_subnets

diff --git a/...le_collections/arista/avd/roles/eos_designs/python_modules/network_services/router_bgp.py b/...le_collections/arista/avd/roles/eos_designs/python_modules/network_services/router_bgp.py
@@ -95,7 +95,8 @@ def _router_bgp_peer_groups(self) -> dict | None:
                 bgp_peer_groups[peer_group_name] = peer_group
 
         # router bgp default vrf configuration for evpn
-        if (self._vrf_default_ipv4_subnets or self._vrf_default_ipv4_static_routes["static_routes"]) and self._overlay_vtep and self._overlay_evpn:
+
+        if self._vrf_default_evpn and (self._vrf_default_ipv4_subnets or self._vrf_default_ipv4_static_routes["static_routes"]):
             peer_group_name = self._peer_group_ipv4_underlay_peers_name
             bgp_peer_groups[peer_group_name] = {
                 "type": "ipv4",
@@ -140,7 +141,7 @@ def _router_bgp_vrfs(self) -> dict | None:
                 for rt in vrf["additional_route_targets"]:
                     route_targets.setdefault(rt["type"], {}).setdefault(rt["address_family"], []).append(rt["route_target"])
 
-                if vrf_name == "default" and self._overlay_evpn and self._vrf_default_ipv4_subnets:
+                if vrf_name == "default" and self._vrf_default_evpn and self._vrf_default_ipv4_subnets:
                     # Special handling of vrf default.
                     route_targets["export"].setdefault("evpn", []).append("route-map RM-EVPN-EXPORT-VRF-DEFAULT")
                     bgp_vrf = {

diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py
@@ -104,7 +104,6 @@ def _endpoint_vlans(self) -> list:
             return []
         return [int(id) for id in range_expand(endpoint_vlans)]
 
-    @cached_property
     def _underlay_rfc5549(self) -> bool:
         return get(self._hostvars, "underlay_rfc5549") is True
 
@@ -174,6 +173,31 @@ def _id(self) -> int:
     def _loopback_ipv4_offset(self) -> int:
         return int(get(self._hostvars, "switch.loopback_ipv4_offset", required=True))
 
+    @cached_property
+    def _evpn_encapsulation(self) -> str:
+        return get(self._hostvars, "switch.evpn_encapsulation")
+
+    @cached_property
+    def _overlay_evpn_vxlan(self) -> bool:
+        return self._overlay_evpn and self._evpn_encapsulation == "vxlan"
+
+    @cached_property
+    def _vrf_default_evpn(self) -> bool:
+        """
+        Return boolean telling if VRF "default" is running EVPN or not.
+        """
+        if not (self._network_services_l3 and self._overlay_vtep and self._overlay_evpn):
+            return False
+
+        for tenant in self._filtered_tenants:
+            if (vrf_default := get_item(tenant["vrfs"], "name", "default")) is None:
+                continue
+
+            if "evpn" in vrf_default.get("address_families", ["evpn"]):
+                return True
+
+        return False
+
     @cached_property
     def _vrf_default_ipv4_subnets(self) -> list[str]:
         """

diff --git a/...llections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py b/...llections/arista/avd/roles/eos_designs/python_modules/network_services/vxlan_interface.py
@@ -67,8 +67,13 @@ def vxlan_interface(self) -> dict | None:
                         vnis[vni] = tenant["name"]
                         vlans[vlan_id] = vlan
 
-                if self._network_services_l3 and self._overlay_evpn:
+                if self._network_services_l3 and self._overlay_evpn_vxlan:
                     vrf_name = vrf["name"]
+
+                    # Only configure VNI for VRF if the VRF is EVPN enabled
+                    if "evpn" not in vrf.get("address_families", ["evpn"]):
+                        continue
+
                     vni = default(
                         vrf.get("vrf_vni"),
                         vrf.get("vrf_id"),