search

ansible / ansible

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
https://www.ansible.com/
GNU General Public License v3.0
62.72k stars 23.87k forks source link

nxos_vxlan_vtep_vni fails when multicast_group and/or suppress_arp are specified #36499

Closed victorock closed 6 years ago

victorock commented 6 years ago
ISSUE TYPE
COMPONENT NAME

nxos_vxlan_vtep_vni

ANSIBLE VERSION
ansible --version
ansible 2.6.0
  config file = /Users/jdacosta/Devel/ansible-netops/cisco/nxos/applications/fabric/europe-central-fr1/ansible.cfg
  configured module search path = [u'/Users/jdacosta/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Library/Python/2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.10 (default, Feb  7 2017, 00:08:15) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)]
CONFIGURATION
OS / ENVIRONMENT

NXOS: version 7.0(3)I7(1)

SUMMARY

nxos_vxlan_vtep_vni fails when multicast_group and/or suppress_arp are specified

STEPS TO REPRODUCE

- name: "Ensure state of mapping between VLAN x VNI"
  nxos_vlan:
    vlan_id: "150"
    mapped_vni: "10150"
    name: "l2_150_10150"

- name: "Ensure state of VRF for VNIs"
  nxos_vrf:
    vrf: "tenant01"
    rd:  auto
    vni: "10150"

- name: "Ensure state of VRF AF for VNIs"
  nxos_vrf_af:
    vrf: "tenant01"
    route_target_both_auto_evpn: true
    afi: ipv4

- name: "L2VNI: Ensure state of VNI (SVI)"
  nxos_interface:
    interface: "vlan150"

- name: "Ensure state of VNI (SVI) interface as assigned to vrf"
  nxos_vrf_interface:
    vrf: "tenant01"
    interface: "vlan150"

- name: "L2VNI: Ensure state of svi address in L2VNI (SVI) interface"
  nxos_ip_interface:
    interface: "vlan150"
    version: v4
    addr: 1.1.150.1
    mask: 24

- name: "L2VNI: Ensure state of fabric forwarding in L2VNI (SVI) interface"
  nxos_interface:
    interface: "vlan150"
    fabric_forwarding_anycast_gateway: true

- name: "Ensure state of interface NVE1"
  nxos_interface:
    interface: "nve1"

- name: "Ensure state of vtep NVE1"
  nxos_vxlan_vtep:
    interface: "nve1"
    host_reachability: yes

- name: "multicast_group: L2VNI: Ensure state of mapping between L2VNI x VTEP"
  nxos_vxlan_vtep_vni:
    interface: nve1
    vni: 10150
    multicast_group: 239.0.0.150
    state: present

- name: "multicast_group default: L2VNI: Ensure state of mapping between L2VNI x VTEP"
  nxos_vxlan_vtep_vni:
    interface: nve1
    vni: 10150
    multicast_group: "default"
    state: present

- name: "supress_arp: L2VNI: Ensure state of mapping between L2VNI x VTEP"
  nxos_vxlan_vtep_vni:
    interface: nve1
    vni: 10150
    suppress_arp: yes
    state: present

- name: "both: L2VNI: Ensure state of mapping between L2VNI x VTEP"
  nxos_vxlan_vtep_vni:
    interface: nve1
    vni: 10150
    multicast_group: 239.0.0.150
    suppress_arp: yes
    state: present

- name: "none works: L2VNI: Ensure state of mapping between L2VNI x VTEP"
  nxos_vxlan_vtep_vni:
    interface: nve1
    vni: 10150

- name: "L2VNI: Ensure state of EVPN L2VNI Route Distinguiser/Route Target"
  nxos_evpn_vni:
    vni: "10150"
    route_distinguisher: auto
    route_target_both: auto
EXPECTED RESULTS
ACTUAL RESULTS
TASK [victorock.overlay-nxos-leaf : L2VNI: Ensure state of mapping between L2VNI x VTEP] *************************************
failed: [leaf02] (item=nxos_vxlan_vtep_vni_l2 nve1: 10150,default) => {
    "changed": false, 
    "failed": true, 
    "nxos_vxlan_vtep_vni_l2": {
        "key": "l2_150_10150", 
        "value": {
            "multicast": {
                "group": "default"
            }, 
            "name": "l2_150_10150", 
            "route": {
                "distinguisher": "auto", 
                "target_both": "auto"
            }, 
            "states": {
                "admin": "up", 
                "feature": "enabled", 
                "shutdown": false, 
                "state": "present"
            }, 
            "svi": "10.1.150.1/24", 
            "vlan": 150, 
            "vni": 10150, 
            "vrf": "tenant01"
        }
    }
}
MSG:
suppress-arp
                              ^
% Invalid command at '^' marker.
nxosv(config-if-nve)# 

-----

TASK [victorock.overlay-nxos-leaf : L2VNI: Ensure state of mapping between L2VNI x VTEP] *************************************
failed: [leaf01] (item=nxos_vxlan_vtep_vni_l2 nve1: 10150,{u'group': u'239.0.0.150'}) => {
    "changed": false, 
    "failed": true, 
    "nxos_vxlan_vtep_vni_l2": {
        "key": "l2_150_10150", 
        "value": {
            "multicast": {
                "group": "239.0.0.150"
            }, 
            "name": "l2_150_10150", 
            "route": {
                "distinguisher": "auto", 
                "target_both": "auto"
            }, 
            "states": {
                "admin": "up", 
                "feature": "enabled", 
                "shutdown": false, 
                "state": "present"
            }, 
            "svi": "10.1.150.1/24", 
            "vlan": 150, 
            "vni": 10150, 
            "vrf": "tenant01"
        }
    }
}
MSG:
no mcast-group
                           ^
% Invalid command at '^' marker.
leaf01(config-if-nve)#
ansibot commented 6 years ago

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibot commented 6 years ago

cc @GGabriele @kedarX @mikewiebe @privateip @rahushen @rcarrillocruz @trishnaguha click here for bot help

trishnaguha commented 6 years ago

@victorock 10150 needs to be associated with a vrf. so you will need to have a task to associate vni with a vrf prior to configuring:

  - name: configure vxlan_vtep_vni with vrf
    nxos_vxlan_vtep_vni:
      interface: nve1
      vni: 10150
      assoc_vrf: yes
victorock commented 6 years ago

@trishnaguha, assoc_vrf should only be used for L3 VNIs....

trishnaguha commented 6 years ago

@victorock hmm, can you try an other L2 vni? say 10002? also are you using 9K platform?

victorock commented 6 years ago

@trishnaguha i am trying to reproduce the issue with the latest version of Ansible. When performing some tests directly in the box to dig this issue, i found the following:

  1. TCAM memory must be defined, but as i am using virtual instance it cannot be done:

    • We should catch this message provided by the OS when trying to do suppress-arp and fail. This is also breaking module's idempotency.

  2. When doing hardware access-list ....:

    • The ERROR (Capital) is not being parsed to fail when using nxos_config.

Tests:

  1. suppres-arp leaf01(config-if-nve-vni)# where conf; interface nve1; member vni 101150 admin@leaf01%default leaf01(config-if-nve-vni)# suppress-arp Please configure TCAM region for Ingress ARP-Ether ACL before configuring ARP supression.

  2. TCAM leaf01(config)# hardware access-list tcam region arp-ether 256 double-wide ERROR: Aggregate TCAM region configuration exceeded the available Ingress TCAM slices. Please re-configure. leaf01(config)# hardware access-list tcam region arp-ether 128 double-wide ERROR: TCAM size should be in multiple of 256 entries this error is also not catched when doing nxos_config

trishnaguha commented 6 years ago

@victorock Thanks for the detailed result. +1 to add parser in terminal plugin to catch error. Although we plan to work on this on devel branch, not 2.5 at this point of time as plugin code is shared by other modules also.