"no advertise-all-vni" causes EVPN commands to fail

[isaacbus]

Describe the bug If "no advertise-all-vni" is the first EVPN command entered, then all other EVPN commands fail because it thinks EVPN is disabled so they get stuck in the config.

DUT1T# show run
Building configuration...

Current configuration:
!
frr version 7.2
frr defaults traditional
hostname DUT1T
!
line vty
!
end
DUT1T#  conf t
DUT1T(config)# router bgp 1
DUT1T(config-router)# address-family l2vpn evpn 
DUT1T(config-router-af)# advertise-all-vni 
DUT1T(config-router-af)# advertise-svi-ip 
DUT1T(config-router-af)# no advertise-all-vni 
DUT1T(config-router-af)# no advertise-svi-ip 
This command is only supported under EVPN VRF
DUT1T(config-router-af)# end
DUT1T# show run
Building configuration...

Current configuration:
!
frr version 7.2
frr defaults traditional
hostname awplus
hostname DUT1T
!
router bgp 1
 !
 address-family l2vpn evpn
  advertise-svi-ip
 exit-address-family
!
line vty
!
end

[x] Did you check if this is a duplicate issue? [ ] Did you test it on the latest FRRouting/frr master branch?

Versions

• Kernel: 4.4.6
• FRR Version 7.2

[chiragshah6]

advertise-all-vni enables EVPN feature under the bgp instance. When no advertise-all-vni is performed which disables the feature. The advertise-svi-ip is a sub feature under the EVPN, it checks if the feature is enabled before it excepts the configuration. In the above snippet no advertise-all-vni is done then no advertise-svi-ip is performed. The similar behavior applies to many other configuration clis.

[isaacbus]

Sorry might have been a bit of miscommunication on my part describing the issue. If advertise-svi-ip is a sub feature of advertise-all-vni, then should it be removed automatically from the config when no advertise-all-vni is entered? As it is, advertise-svi-ip is still stuck in the running config and cannot be removed except by re-enabling advertise-all-vni, then disabling both again. This applies to anything with if (!EVPN_ENABLED(bgp)) in its CLI command code such asadvertise-svi-ip and advertise-default-gw etc.

[hydro-b]

If I understand @chiragshah6 correctly the advertise-all-vni command is needed to enable EVPN support for the BGP instance. I want to be able to use EVPN, but do not want to advertise all vni.

Consider this:

A number of Hypervisors running FRR (BGP/EVPN/VXLAN) together make up a "cloud". Those hypervisors are connected to a leaf-spine network. That network is used to distribute the traffic between those hypervisors. In most cases this is L2VNI traffic between VMs. Besides passing on the type 2 EVPN announcements, the leafs have nothing to do with it. For routable IP space this is different however, and we use L3VNI to get the traffic routed through the leafs and up to core routers. For that traffic we do need to advertise the VNIs to the leafs.

We have network policies in place that require route distinguisher and explicit route targets per VNI. If those policies are not met they are rejected.

We are now forced to advertise all VNI. This results in a lot of PolicyReject on the leaf switches that have nothing to do with this traffic. So we would like to have the option to enable only specific VNI, not all.

Or be able to define a policy (template) that all VNIs are exported a certain way (so they match the policy)

[taspelund]

@hydro-b the ability to selectively enable EVPN support on a per-VNI basis is a separate discussion from what this ticket is meant to cover. I agree it's a worthwhile conversation to have, but I think it's a bit off-topic for this Issue. Maybe this would be worth filing a new Issue that's specific to that discussion?

The problem description in this Issue looks to be that certain EVPN configurations can be added to BGP without advertise-all-vni in place but cannot be removed until you add advertise-all-vni. @isaacbus I fixed this in #8424. Can you confirm if that fix works for you?

[taspelund]

@polychaeta autoclose in 1 week

[isaacbus]

It works. Thanks for the fix.