Fix(eos_designs): Do not filter AVT on HA device if one path-group is present on peer

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg

@@ -55,6 +55,9 @@ router adaptive-virtual-topology
       match application-profile VIDEO
          avt profile PROD-AVT-POLICY-VIDEO
       !
+      match application-profile MPLS-ONLY
+         avt profile PROD-AVT-POLICY-MPLS-ONLY
+      !
       match application-profile default
          avt profile PROD-AVT-POLICY-DEFAULT
    !
@@ -73,6 +76,9 @@ router adaptive-virtual-topology
    profile PROD-AVT-POLICY-DEFAULT
       path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
    !
+   profile PROD-AVT-POLICY-MPLS-ONLY
+      path-selection load-balance LB-PROD-AVT-POLICY-MPLS-ONLY
+   !
    profile PROD-AVT-POLICY-VIDEO
       path-selection load-balance LB-PROD-AVT-POLICY-VIDEO
    !
@@ -99,6 +105,7 @@ router adaptive-virtual-topology
       avt profile PROD-AVT-POLICY-DEFAULT id 1
       avt profile PROD-AVT-POLICY-VOICE id 2
       avt profile PROD-AVT-POLICY-VIDEO id 4
+      avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
 !
 router path-selection
    tcp mss ceiling ipv4 ingress
@@ -149,6 +156,9 @@ router path-selection
       path-group INET
       path-group LAN_HA
    !
+   load-balance policy LB-PROD-AVT-POLICY-MPLS-ONLY
+      path-group LAN_HA
+   !
    load-balance policy LB-PROD-AVT-POLICY-VIDEO
       loss-rate 42.0
       path-group LAN_HA
@@ -321,6 +331,8 @@ application traffic recognition
    application-profile APP-PROFILE-CONTROL-PLANE
       application APP-CONTROL-PLANE
    !
+   application-profile MPLS-ONLY
+   !
    application-profile VIDEO
       application CUSTOM-APPLICATION-1
       application skype

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg

@@ -48,6 +48,9 @@ router adaptive-virtual-topology
       match application-profile VIDEO
          avt profile PROD-AVT-POLICY-VIDEO
       !
+      match application-profile MPLS-ONLY
+         avt profile PROD-AVT-POLICY-MPLS-ONLY
+      !
       match application-profile default
          avt profile PROD-AVT-POLICY-DEFAULT
    !
@@ -63,6 +66,9 @@ router adaptive-virtual-topology
    profile PROD-AVT-POLICY-DEFAULT
       path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
    !
+   profile PROD-AVT-POLICY-MPLS-ONLY
+      path-selection load-balance LB-PROD-AVT-POLICY-MPLS-ONLY
+   !
    profile PROD-AVT-POLICY-VIDEO
       path-selection load-balance LB-PROD-AVT-POLICY-VIDEO
    !
@@ -85,6 +91,7 @@ router adaptive-virtual-topology
       avt profile PROD-AVT-POLICY-DEFAULT id 1
       avt profile PROD-AVT-POLICY-VOICE id 2
       avt profile PROD-AVT-POLICY-VIDEO id 4
+      avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
 !
 router path-selection
    tcp mss ceiling ipv4 ingress
@@ -128,6 +135,9 @@ router path-selection
       path-group INET
       path-group LAN_HA
    !
+   load-balance policy LB-PROD-AVT-POLICY-MPLS-ONLY
+      path-group LAN_HA
+   !
    load-balance policy LB-PROD-AVT-POLICY-VIDEO
       loss-rate 42.0
       path-group LAN_HA
@@ -242,6 +252,8 @@ application traffic recognition
    application-profile APP-PROFILE-CONTROL-PLANE
       application APP-CONTROL-PLANE
    !
+   application-profile MPLS-ONLY
+   !
    application-profile VIDEO
       application CUSTOM-APPLICATION-1
       application skype

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml

@@ -489,6 +489,8 @@ router_adaptive_virtual_topology:
     load_balance_policy: LB-PROD-AVT-POLICY-VOICE
   - name: PROD-AVT-POLICY-VIDEO
     load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
+  - name: PROD-AVT-POLICY-MPLS-ONLY
+    load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
   - name: PROD-AVT-POLICY-DEFAULT
     load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
   - name: DEFAULT-POLICY-DEFAULT
@@ -510,6 +512,8 @@ router_adaptive_virtual_topology:
       id: 2
     - name: PROD-AVT-POLICY-VIDEO
       id: 4
+    - name: PROD-AVT-POLICY-MPLS-ONLY
+      id: 5
     - name: PROD-AVT-POLICY-DEFAULT
       id: 1
   - name: IT
@@ -539,6 +543,8 @@ router_adaptive_virtual_topology:
       avt_profile: PROD-AVT-POLICY-VOICE
     - application_profile: VIDEO
       avt_profile: PROD-AVT-POLICY-VIDEO
+    - application_profile: MPLS-ONLY
+      avt_profile: PROD-AVT-POLICY-MPLS-ONLY
     - application_profile: default
       avt_profile: PROD-AVT-POLICY-DEFAULT
   - name: DEFAULT-AVT-POLICY
@@ -616,6 +622,9 @@ router_path_selection:
       priority: 2
     - name: LAN_HA
     loss_rate: '42.0'
+  - name: LB-PROD-AVT-POLICY-MPLS-ONLY
+    path_groups:
+    - name: LAN_HA
   - name: LB-PROD-AVT-POLICY-DEFAULT
     path_groups:
     - name: INET
@@ -648,6 +657,7 @@ application_traffic_recognition:
   - name: VOICE
     applications:
     - name: CUSTOM-VOICE-APPLICATION
+  - name: MPLS-ONLY
   - name: APP-PROFILE-CONTROL-PLANE
     applications:
     - name: APP-CONTROL-PLANE

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml

@@ -325,6 +325,8 @@ router_adaptive_virtual_topology:
     load_balance_policy: LB-PROD-AVT-POLICY-VOICE
   - name: PROD-AVT-POLICY-VIDEO
     load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
+  - name: PROD-AVT-POLICY-MPLS-ONLY
+    load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
   - name: PROD-AVT-POLICY-DEFAULT
     load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
   vrfs:
@@ -344,6 +346,8 @@ router_adaptive_virtual_topology:
       id: 2
     - name: PROD-AVT-POLICY-VIDEO
       id: 4
+    - name: PROD-AVT-POLICY-MPLS-ONLY
+      id: 5
     - name: PROD-AVT-POLICY-DEFAULT
       id: 1
   - name: IT
@@ -368,6 +372,8 @@ router_adaptive_virtual_topology:
       avt_profile: PROD-AVT-POLICY-VOICE
     - application_profile: VIDEO
       avt_profile: PROD-AVT-POLICY-VIDEO
+    - application_profile: MPLS-ONLY
+      avt_profile: PROD-AVT-POLICY-MPLS-ONLY
     - application_profile: default
       avt_profile: PROD-AVT-POLICY-DEFAULT
   - name: DEFAULT-AVT-POLICY
@@ -439,6 +445,9 @@ router_path_selection:
       priority: 2
     - name: LAN_HA
     loss_rate: '42.0'
+  - name: LB-PROD-AVT-POLICY-MPLS-ONLY
+    path_groups:
+    - name: LAN_HA
   - name: LB-PROD-AVT-POLICY-DEFAULT
     path_groups:
     - name: INET
@@ -467,6 +476,7 @@ application_traffic_recognition:
   - name: VOICE
     applications:
     - name: CUSTOM-VOICE-APPLICATION
+  - name: MPLS-ONLY
   - name: APP-PROFILE-CONTROL-PLANE
     applications:
     - name: APP-CONTROL-PLANE

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml

@@ -94,6 +94,8 @@ wan_router:
   # Testing HA and disabling HA
   node_groups:
     # SITE_HA_DISABLED
+    # Because HA is disabled, this allow to test that MPLS-ONLY, present on
+    # cv-pathfinder-edge is not configured on cv-pathfinder-edge1
     - group: Site511
       uplink_type: p2p-vrfs
       uplink_switches: [ site-ha-disabled-leaf ]
@@ -204,6 +206,9 @@ wan_router:
                 peer_as: 64520
                 ipv4_prefix_list_out: PL2
     # SITE_HA_ENABLED
+    # Because HA is enabled, this allow to test that MPLS-ONLY, present on
+    # cv-pathfinder-edge2B (because of Colt) is being configured on cv-pathfinder-edge2A
+    # with only LAN_HA path-group.
     - group: Site423
       cv_pathfinder_region: AVD_Land_West
       cv_pathfinder_site: Site423
@@ -547,7 +552,8 @@ wan_virtual_topologies:
           internet_exit:
             policy: ZSCALER-EXIT-POLICY-2
           id: 4
-        # This will not be rendered on devices without MPLS
+        # This will not be rendered on devices without MPLS except if their HA
+        # peer have MPLS.
         - application_profile: MPLS-ONLY
           path_groups:
             - names: [MPLS]

python-avd/pyavd/_eos_designs/eos_designs_facts/wan.py

@@ -26,9 +26,9 @@ def wan_path_groups(self: EosDesignsFacts) -> list | None:
         Each with a list of dictionaries containing the (interface, ip_address) in the path_group.
 
         TODO: Also add the path_groups importing any of our connected path groups.
-                Need to find out if we need to resolve recursive imports.
+              Need to find out if we need to resolve recursive imports.
         """
-        if not self.shared_utils.is_wan_server:
+        if not self.shared_utils.is_wan_router:
             return None
 
         return self.shared_utils.wan_local_path_groups

python-avd/pyavd/_eos_designs/shared_utils/wan.py

@@ -149,9 +149,9 @@ def wan_path_groups(self: SharedUtils) -> list:
     @cached_property
     def wan_local_path_groups(self: SharedUtils) -> list:
         """
-        List of path_groups present on this router based on the local carriers.
+        List of path-groups present on this router based on the local carriers.
 
-        Also add for each path_groups the local interfaces in a data structure
+        Also add for each path-groups the local interfaces in a data structure
             interfaces:
               - name: ...
                 public_ip: ...
@@ -181,9 +181,22 @@ def wan_local_path_groups(self: SharedUtils) -> list:
 
     @cached_property
     def wan_local_path_group_names(self: SharedUtils) -> list:
-        """Return a list of wan_local_path_group names to be used by HA peer and in various places."""
+        """Return a list of wan_local_path_group names."""
         return [path_group["name"] for path_group in self.wan_local_path_groups]
 
+    @cached_property
+    def wan_ha_peer_path_groups(self: SharedUtils) -> list:
+        """List of WAN HA peer path-groups coming from facts."""
+        if not self.is_wan_router or not self.wan_ha:
+            return []
+        peer_facts = self.get_peer_facts(self.wan_ha_peer, required=True)
+        return get(peer_facts, "wan_path_groups", required=True)
+
+    @cached_property
+    def wan_ha_peer_path_group_names(self: SharedUtils) -> list:
+        """Return a list of wan_ha_peer_path_group names."""
+        return [path_group["name"] for path_group in self.wan_ha_peer_path_groups]
+
     @cached_property
     def this_wan_route_server(self: SharedUtils) -> dict:
         """

python-avd/pyavd/_eos_designs/structured_config/network_services/utils.py

@@ -199,6 +199,10 @@ def _configure_bgp_mlag_peer_group(self: AvdStructuredConfigNetworkServices) ->
 
         return False
 
+    ################
+    ## WAN utils  ##
+    ################
+
     @cached_property
     def _filtered_wan_vrfs(self: AvdStructuredConfigNetworkServices) -> list:
         """Loop through all the VRFs defined under `wan_virtual_topologies.vrfs` and returns a list of mode."""
@@ -255,7 +259,7 @@ def _filtered_wan_policies(self: AvdStructuredConfigNetworkServices) -> list:
         Inside each match and default_match statetement, the fully resolved load_balancing policy is present (it guarantees that the load-balance policy
         is not empty).
 
-        The default VRF is marked as non default.
+        The default VRF is marked as default.
         """
         # to track the names already injected
         filtered_policy_names = []
@@ -430,7 +434,9 @@ def _generate_wan_load_balance_policy(self: AvdStructuredConfigNetworkServices,
         """
         Generate and return a router path-selection load-balance policy.
 
-        If HA is enabled, inject the HA path-group with priority 1.
+        If HA is enabled:
+        * the remote peer path-groups are considered.
+        * inject the HA path-group with priority 1.
 
         Attrs:
         ------
@@ -450,12 +456,16 @@ def _generate_wan_load_balance_policy(self: AvdStructuredConfigNetworkServices,
         # An entry is composed of a list of path-groups in `names` and a `priority`
         policy_entries = get(input_dict, "path_groups", [])
 
+        # Using this flag while looping through all entries to keep track of any path group present on the remote host
+        any_path_group_on_wan_ha_peer = self.shared_utils.wan_ha
+
         for policy_entry in policy_entries:
             policy_entry_priority = None
             if preference := get(policy_entry, "preference"):
                 policy_entry_priority = self._path_group_preference_to_eos_priority(preference, f"{context_path}[{policy_entry.get('names')}]")
 
-            for path_group_name in policy_entry.get("names"):
+            entry_path_groups = policy_entry.get("names")
+            for path_group_name in entry_path_groups:
                 if (priority := policy_entry_priority) is None:
                     # No preference defined at the policy level, need to retrieve the default preference
                     wan_path_group = get_item(
@@ -481,14 +491,15 @@ def _generate_wan_load_balance_policy(self: AvdStructuredConfigNetworkServices,
 
                 wan_load_balance_policy["path_groups"].append(path_group)
 
-        if len(wan_load_balance_policy["path_groups"]) == 0:
-            # The policy is empty
+            # Updating peer path-groups tracking
+            any_path_group_on_wan_ha_peer = any_path_group_on_wan_ha_peer and set(self.shared_utils.wan_ha_peer_path_group_names).union(set(entry_path_groups))
+
+        if len(wan_load_balance_policy["path_groups"]) == 0 and not any_path_group_on_wan_ha_peer:
+            # The policy is empty, and either the site is not using HA or no path-group in the policy is present on the HA peer
             return None
 
-        # TODO: for now adding LAN_HA only if the path-groups list is not empty
-        # then need to add the logic to check HA peer path-group and maybe return a policy with LAN_HA only.
         if self.shared_utils.wan_ha or self.shared_utils.is_cv_pathfinder_server:
-            # Adding HA path-group with priority 1 - it does not count as an entry with priority 1
+            # Adding HA path-group with priority 1
             wan_load_balance_policy["path_groups"].append({"name": self.shared_utils.wan_ha_path_group_name})
 
         return wan_load_balance_policy