search

ansible-collections / cisco.nxos

Ansible Network Collection for Cisco NXOS
GNU General Public License v3.0
116 stars 109 forks source link

nxos_l3_interfaces: Support for ipv6 redirects and unreachables #341

Open allenrobel opened 3 years ago

allenrobel commented 3 years ago
SUMMARY

The current YAML structure for nxos_l3_interfaces doesn't seem to provide the ability to configure ipv6 redirects or unreachables. Since both redirects and unreachables parameters reside directly under name and seem only to configure ipv4 (i.e. [no] ip redirects and [no] ip unreachables)

ISSUE TYPE
COMPONENT NAME

nxos_l3_interfaces

ADDITIONAL INFORMATION

The obvious fix would be to move redirects and unreachables into the ipv4 dictionary along with address. But this would break existing playbooks.

Perhaps existing ipv4 redirects and unreachables (when appearing directly under name) could be deprecated, while simultaneous support is added for these same parameters within the respective ipv4 and ipv6 dictionaries? Legacy usage could be maintained for some time, parallel with new support being added for these parameters under the ipv4/ipv6 dictionaries? And any future protocol-specific parameters could then be added within these existing dictionaries.

A less desireable option would be to add separate ipv6_redirects and ipv6_unreachables parameters (though, future users will likely scratch their heads wondering why these weren't added to the ipv6 dictionary from the start...)

Below is current usage:


- name: Current usage (does not allow for [no] ipv6 redirects)
  cisco.nxos.nxos_l3_interfaces:
    config:
    - name: Ethernet1/6
      ipv4:
      - address: 192.168.1.1/24
      ipv6:
      - address: fd5d:12c9:2201:2::1/64
      redirects: false    # Applies only to ipv4
      unreachables: true   # Applies only to ipv4

Below is the proposed change (showing support for legacy (deprecated) ipv4 usage on Ethernet1/4 while simultaneously adding support for ipv6 redirects and unreachables within the ipv6 dictionary. Ethernet1/6 shows proposed new usage for both ipv4 and ipv6).


- name: Proposed
  cisco.nxos.nxos_l3_interfaces:
    config:
    - name: Ethernet1/4
      ipv4:
      - address: 192.168.1.1/24
      ipv6:
      - address: fd5d:12c9:2201:2::1/64
        redirects: true
        unreachables: false
      redirects: false   # legacy use applies to ipv4 only
      unreachables: true # legacy use applies to ipv4 only
    - name: Ethernet1/6
      ipv4:
      - address: 192.168.1.1/24
        redirects: false
        unreachables: true
      ipv6:
      - address: fd5d:12c9:2201:2::1/64
        redirects: true
        unreachables: false
allenrobel commented 3 years ago

One followup on this. For the use-case I was working with (a fabric based on RFC5549 and using BFD) the DUTs are configured with only IPv6 BGP sessions (IPv4 address-family runs over the IPv6 session and interfaces are configured with ip forward + IPv6 address). I was initially thinking that no ipv6 redirects was required for the BGP sessions to stabilize due to BFD being used for the IPv6 BGP sessions. And, no ipv6 redirects DOES work to stabilize these BGP sessions.

But I just tested removing no ipv6 redirects and adding only no ip redirects and this also stabilizes the IPv6 BGP sessions.

So, for this specific use-case, NX-OS Ansible support for ipv6-specific handling of redirects is not actually needed. Though, it would probably still be good to have.