Fix(eos_designs): Do not filter AVT on HA device if one path-group is present on peer #4463
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
state: CI Updated
|
Review docs on Read the Docs To test this pull request: # Create virtual environment for this testing below the current directory
python -m venv test-avd-pr-4463
# Activate the virtual environment
source test-avd-pr-4463/bin/activate
# Install all requirements including PyAVD
pip install "pyavd[ansible] @ git+https://github.com/gmuloc/avd.git@fix-path-groups-ha-peers#subdirectory=python-avd" --force
# Point Ansible collections path to the Python virtual environment
export ANSIBLE_COLLECTIONS_PATH=$VIRTUAL_ENV/ansible_collections
# Install Ansible collection
ansible-galaxy collection install git+https://github.com/gmuloc/avd.git#/ansible_collections/arista/avd/,fix-path-groups-ha-peers --force
# Optional: Install AVD examples
cd test-avd-pr-4463
ansible-playbook arista.avd.install_examples |
for more information, see https://pre-commit.ci
python-avd/pyavd/_eos_designs/structured_config/network_services/utils.py
Outdated
Show resolved
Hide resolved
|
gmuloc
added
the
one approval
gmuloc
added
EPIC - AVD AutoVPN/WAN
cherry-pick-for-4.10.x
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change Summary
Until now, AVD is filtering completely a VT if none of the path-group listed is present locally,
This works as expected but there is one use case where this breaks potential connectivity:
Consider an HA site with two routers,
router1connected to INET only androuter2connected to MPLS only.If some matched traffic is configured to be sent only on MPLS (let's say voice), then AVD would not generate the profile on
router1for this MPLS only traffic.When traffic for voice reaches
router1, it will not be matched correctly and may be matched in one of the next application profile, default, or if no default is present, could be dropped.The correct behavior is to configure the profile targeting a load-balance policy containing only the LAN_HA path-group so that the traffic can be sent to the peer and forwarded out of MPLS.
Related Issue(s)
Reported during testing by AVD maintainers
Component(s) name
arista.avd.eos_designsProposed changes
This PR adds a check where if for a given VT, no path-group is present locally but any path-group is present on the HA peer, then AVD will now generate a load-balancing policy with only the
LAN_HApath group and will generate the profile.How to test
Molecule - some molecule tests were already demonstrating this.
Checklist
Repository Checklist