Feat(eos_designs): l3_edge with rfc5549 underlay and next-hop address-family ipv6

[nathanmusser]

Change Summary

When routing_protocol is set to ebgp and the underlay is set to rfc5549 we now override the next-hop address-family ipv6 directive the neighbor inherits from the underlay peer-group.

Related Issue(s)

Partially fixes #4379

Component(s) name

arista.avd.eos_designs

Proposed changes

Override the next-hop address-family ipv6 directive the neighbor inherits from the underlay peer-group.

How to test

Checklist

User Checklist

• N/A

Repository Checklist

• My code has been rebased from devel before I start
• I have read the CONTRIBUTING document.
• My change requires a change to the documentation and documentation have been updated accordingly.
• I have updated molecule CI testing accordingly. (check the box if not applicable)

[github-actions]

Review docs on Read the Docs

To test this pull request:

# Create virtual environment for this testing below the current directory
python -m venv test-avd-pr-4491
# Activate the virtual environment
source test-avd-pr-4491/bin/activate
# Install all requirements including PyAVD
pip install "pyavd[ansible] @ git+https://github.com/nathanmusser/avd.git@issue4379_p2p_links#subdirectory=python-avd" --force
# Point Ansible collections path to the Python virtual environment
export ANSIBLE_COLLECTIONS_PATH=$VIRTUAL_ENV/ansible_collections
# Install Ansible collection
ansible-galaxy collection install git+https://github.com/nathanmusser/avd.git#/ansible_collections/arista/avd/,issue4379_p2p_links --force
# Optional: Install AVD examples
cd test-avd-pr-4491
ansible-playbook arista.avd.install_examples

[ClausHolbechArista]

Please update the description for the routing_protocol key in the schema fragment to explain the new behavior.

[ClausHolbechArista]

Also please add a test in molecule for this scenario. It should be enough to add another interface to one of the existing tests. I suggest ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_bgp.yml. To update the outputs (and verify that is is doing what you expect) run

cd ansible_collections/arista/avd
molecule converge -s eos_designs_unit_tests -- --limit l3_edge_bgp

[nathanmusser]

Started a refactor of this after a discussion with @ClausHolbechArista . New iteration is such that when the underlay is set to RFC5549 and routing_protocol is set to ebgp we explicitly override the next-hop ipv6 command for that specific neighbor (since it's part of the underlay peer-group that gets it due to enabling RFC5549).

eos_cli_config_gen had the next-hop ipv6 knob for peer groups in router_bgp.address_family_ipv4 and for neighbors in the router_bgp.vrfs[].address_family_ipv4 path but did not have it exposed for neighbors for the default vrf router_bgp.address_family_ipv4. Since that's what we needed that key(s) had to be added.

I haven't done extensive testing of the latest commit yet, just verified it did what I wanted against a prod fabric. Need to finish testing the various edge cases and make sure it's implemented correctly. Need to update molecule, probably need to flesh out the documentation to correctly describe the eos_cli_config_gen keys as well as the behavior in eos_designs.

Ultimately I still want to explore having the ability to override the peer group for l3_edge neighbors, but not sure I want to tackle that here.

[ClausHolbechArista]

Thanks Nathan

Ultimately I still want to explore having the ability to override the peer group for l3_edge neighbors, but not sure I want to tackle that here.

We would not want that capability in the l3_edge model. If you need custom peers and peer-groups, you should use the models under tenants to do it. There you can build interfaces, peers and peer-groups. With AVD 5.0 it also works well for VRF default.

[nathanmusser]

We would not want that capability in the l3_edge model. If you need custom peers and peer-groups, you should use the models under tenants to do it. There you can build interfaces, peers and peer-groups. With AVD 5.0 it also works well for VRF default.

Respectfully I disagree here. I started to type a novel justifying my thoughts, but I figure we can revisit after 5.0. I did successfully prototype custom peer_groups yesterday after my initial comment. I'm sure I haven't considered all the implications but it wasn't as difficult as I imagined.

In the meantime I'll keep this PR focused on the above solution, I'll update the title and description today to better reflect the new focus.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[nathanmusser]

Added a new molecule test l3_edge_rfc5549 to validate the various interactions between rfc5549 and l3_edge. Though this edge case was present in some of the existing molecule tests so some of those artifacts have been updated to reflect this.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[ClausHolbechArista]

Not sure why we are rendering BGP for this neighbor

[ClausHolbechArista]

@kornoa you implemented this 9 months ago. If we implement this change, we will no add this extra line, but as I see it, the config would actually be more correct with this change. Do you have a running network using the rfc5549 + the ebgp knob under l3_edge without ipv6_enable?

[kornoa]

Sorry, the customer's project had finished. I don't have access to this implementation anymore.
I think this line is redundant. An IPv4-based neighbor session with an IPv4 address-family defaults to a IPv4 next-hop within the NLRI. But anyway, it doesn't harm.

[nathanmusser]

An IPv4-based neighbor session with an IPv4 address-family defaults to a IPv4 next-hop within the NLRI.

This is true, but if the neighbor is is a member of the UNDERLAY_PEERS group (which l3_edge does) then line 252 forces the advertisements to advertise with ipv6 next-hops instead. Or at least this was my experience in my testing. Hence the need for the suggested 253.

[kornoa]

Copy. :-)

[ClausHolbechArista]

@nathanmusser I think we need to keep this neighbor with the next-hop, since we have ipv6_enable. Now I understand why you asked about this a long time ago :-/

[laxmikantchintakindi]

Suggested change

	{% if neighbor.next_hop.address_family_ipv6.enabled is arista.avd.defined %}
	{% if neighbor.next_hop.address_family_ipv6.enabled is arista.avd.defined(true) %}
	{% set ipv6_originate_cli = "neighbor " ~ neighbor.ip_address ~ " next-hop address-family ipv6" %}
	{% if neighbor.next_hop.address_family_ipv6.originate is arista.avd.defined(true) %}
	{% set ipv6_originate_cli = ipv6_originate_cli ~ " originate" %}
	{% endif %}
	{% elif neighbor.next_hop.address_family_ipv6.enabled is arista.avd.defined(false) %}
	{% set ipv6_originate_cli = "no neighbor " ~ neighbor.ip_address ~ " next-hop address-family ipv6" %}
	{% endif %}
	{{ ipv6_originate_cli }}
	{% endif %}
	{% if neighbor.next_hop.address_family_ipv6.enabled is arista.avd.defined(true) %}
	{% set ipv6_originate_cli = "neighbor " ~ neighbor.ip_address ~ " next-hop address-family ipv6" %}
	{% if neighbor.next_hop.address_family_ipv6.originate is arista.avd.defined(true) %}
	{% set ipv6_originate_cli = ipv6_originate_cli ~ " originate" %}
	{% endif %}
	{{ ipv6_originate_cli }}
	{% elif neighbor.next_hop.address_family_ipv6.enabled is arista.avd.defined(false) %}
	{% set ipv6_originate_cli = "no neighbor " ~ neighbor.ip_address ~ " next-hop address-family ipv6" %}
	{{ ipv6_originate_cli }}
	{% endif %}

[ClausHolbechArista]

Moving to draft until comments have been addressed.

[nathanmusser]

I will likely not have the cycles for this until mid/late December or January. I plan to complete at that time but just adding that for transparency here.