Limit VRFs to certain uplinks

[Olen]

Enhancement summary

It would be nice if we could limit certain VRFs to certain uplinks. Today, I believe you can only say that "I have these VRFs - rt and nrt - and I have these uplinks - Ethernet1/1 and Ethernet2/1" and then AVD will add both vrfs as subinterfaces to both uplinks.

It could be that this is already possible, but I have not been able to figure out how to tweak the config to do it.

Which component of AVD is impacted

eos_designs

Use case example

We want to separate e.g. Real Time traffic from Non Real Time traffic in different VRFs and also on different interfaces. So we would like to be able to stear the traffic so:

• VRF rt -> Interface Ethernet1/1.100
• VRF nrt -> Interface Ethernet2/1.200

Describe the solution you would like

This can be solved in several ways. Some ideas are:

1) If the function p2p_vrfs_uplinks_ip() does not return an IP-address - the subinterface should be ignored I believe this could be as easy as something along the lines of

                if not subinterface["ip_address"]:
                    continue

Around here probably: https://github.com/aristanetworks/avd/blob/4f49d9d59cd8976fa4b7a23ff9947119776e21b7/python-avd/pyavd/_eos_designs/eos_designs_facts/uplinks.py#L335

2) Ensure that the VRF is only added to uplink-interfaces if a l3-interface is configured under tenants.vrfs.l3_interfaces

So we can configure it like

tenants:
- name: TENANT1
  vrfs:
  - name: rt
    l3_interfaces: 
    - interfaces:
      - Ethernet1/1.100
    - name: nrt
      l3_interfaces: 
      - interfaces:
        - Ethernet2/1.200

This could probably be done something like just before this line:

https://github.com/aristanetworks/avd/blob/4f49d9d59cd8976fa4b7a23ff9947119776e21b7/python-avd/pyavd/_eos_designs/eos_designs_facts/uplinks.py#L322

                if f"{uplink_interface}.{vrf_id}" not in sum([i["interfaces"] for i in vrf["l3_interfaces"], []):
                    continue

3) A configuration-option to e.g. the uplinks dict to limit the vrfs (default to "all" if none are set)

uplinks:
- interface: Ethernet1/1
  vrfs:
  - rt
- interface: Ethernet2/1
  vrfs:
  - nrt

Describe alternatives you have considered

We have considered creating all the extra subinterfaces, and assigning unused IP-addresses to them and then use some custom_configuration to either ensure they are shutdown or at least not transporting any data (by e.g. disablig BGP or something).

Additional context

No response

Contributing Guide

• [X] I agree to follow this project's Code of Conduct

[gmuloc]

Hi @Olen - quick suggestion before diving in the proposals - if you don't want the VRF on a certain uplink device you should be able to filter it on the uplink device device using a combination of allow_vrfs / deny_vrfs. This way the VRF won't be considered to be on both devices and should be ignored.

spine:
  nodes:
    filter:
      allow_vrfs:
      deny_vrfs:

https://avd.arista.com/4.10/roles/eos_designs/docs/input-variables.html#node-type-network-services-configuration

[Olen]

Hi, and thanks for a fast response.

Yes, I loooked into that, but we have two physical uplinks between the same devices, and we want one kind of traffic on one of the physical interfaces and the other traffic on the other pair of interfaces

spine-1                    leaf-1
rt   Ethernet1/1.100 <---> Ethernet49/1.100
nrt  Ethernet2/1.200 <---> Ethernet50/1.200

So it is not different VRFs for different nodes, just for different interfaces on the same node.

[Olen]

Another option. maybe more in line with this would be to use an optional list

spine:
  nodes:
  - id: 1
    uplink_interfaces:
    - Ethernet1/1
    - Ethernet2/1
    - Ethernet3/1
    uplink_vrfs:
    - rt
    - nrt
    - all

But this might be ugly if we want to have more than one, but not all, vrfs on certain interfaces

uplink_vrfs:
- rt
- nrt, mgmt, control

[ClausHolbechArista]

I think this could be solved with regular p2p uplink type and then add the subinterfaces as you need them using l3_interfaces under the VRFs.