Open forcecity opened 3 days ago
ClausHolbechArista
commented
2 days ago We have improved a lot in AVD 5.0 (pending release hopefully this Friday) for services in VRF default. This means you can define your SVIs, BGP peers etc under network services for the default VRF. If you don't want it to be EVPN enabled, you can set address_families: [] under the VRF (this trick should work already in 4.x).
Please give it a try and let me know what you are missing.
forcecity
commented
2 days ago Hello Claus,
Thank you for you reply.
Yes, i just tried your workaround to set address_families: []. The SVIs were created succesfully as what we want and no evpn stuff or ip-prefix stuffs now.
but I didn't find a way to configure the bgp peers (peer groups) for the neighbors in the underlay.. The bgp_peers: or bgp.structured_config: are not rendered when they are located in VRF default. Would you mind to also give me a hint how I can configure this part in network_services or it is not possible now?
Now I still put this part into Node type settings:
node_groups:
- group: leaf-pair
filter:
tags:
- < omit.. >
bgp_as: xxxxxx
structured_config:
router_bgp:
neighbors:
- ip_address: xx.xxx.xxx.10
peer_group: FWs-PEER-GP # it is defined in Network_services
description: fw_bgp_underlayThis will work much better in AVD 5.0, but for 4.x we have a temporary "nerd-knob" you an try: new_network_services_bgp_vrf_config: true.
forcecity
commented
2 days ago Hi Claus, I think when i change this knob, the vrf default will be generated in bgp configs, but not as we expected, it treated default as a new vrf instead of putting neighbor configs directly globally (like IPv4-Underlay-peers).
router bgp xxxxxxxxxx
vrf default
update wait-install
neighbor xx.xxx.xxx.10 peer group FWs-PEER-GP
neighbor xx.xxx.xxx.10 description fw_bgp_underlay
!
address-family ipv4
neighbor xx.xxx.xxx.10 activateSo I think I will leave this point here and when 5.0 is released, i will test it again. Thank you for your answer.
Enhancement summary
It would be great that we could configure the IPv4/v6 services in SVIs, but at underlay network (vrf default, but not through evpn vxlan tunnel). VLANs/SVIs at underlay network (vrf default but without rd/rt, evpn related stuffs) BGP neighbors at underlay. Could establish the peers with other network nodes.
Which component of AVD is impacted
eos_designs
Use case example
Some of our switches are managed or accessed from underlay networks (via loopback 0) and the mgmt system could be in different VRFs, the FW will control the access acrossing the different VRFs, so an underlay SVIs for the FWs are needed to dump the traffic of the switches' management at the underlay. For now, I use the "structured_config" in nodes settings:
Describe the solution you would like
At the network service section, would it be possible to create a "Network services SVIs configuration without VRF", similar to other SVIs in VRFs but located the global instance.
Describe alternatives you have considered
Or probably a new section dedicated to the underlay services configs (like, the services for l3_edge) which could include the services of SVIs or l3_interfaces or subinterfaces, etc... These services are all related to the network which will go through the vxlan fabric, and will provide the network services at underlay (or so to say pure l3 networks).
Additional context
No response
Contributing Guide