Allow to use a IRB Interface as redundant distributed anycast gateway

Author: felix-kaestner

api/core/v1alpha1/interface_types.go

@@ -18,6 +18,7 @@ import (
 // +kubebuilder:validation:XValidation:rule="self.type == 'RoutedVLAN' || !has(self.vlanRef)", message="vlanRef must only be specified on interfaces of type RoutedVLAN"
 // +kubebuilder:validation:XValidation:rule="self.type != 'RoutedVLAN' || !has(self.switchport)", message="switchport must not be specified for interfaces of type RoutedVLAN"
 // +kubebuilder:validation:XValidation:rule="self.type != 'RoutedVLAN' || !has(self.aggregation)", message="aggregation must not be specified for interfaces of type RoutedVLAN"
+// +kubebuilder:validation:XValidation:rule="self.type == 'RoutedVLAN' || !has(self.ipv4) || !self.ipv4.anycastGateway", message="anycastGateway can only be enabled for interfaces of type RoutedVLAN"
 // +kubebuilder:validation:XValidation:rule="self.type != 'Aggregate' || !has(self.vrfRef)", message="vrfRef must not be specified for interfaces of type Aggregate"
 // +kubebuilder:validation:XValidation:rule="self.type != 'Physical' || !has(self.switchport) || !has(self.vrfRef)", message="vrfRef must not be specified for Physical interfaces with switchport configuration"
 type InterfaceSpec struct {
@@ -158,6 +159,7 @@ const (
 
 // InterfaceIPv4 defines the IPv4 configuration for an interface.
 // +kubebuilder:validation:XValidation:rule="!has(self.addresses) || !has(self.unnumbered)", message="addresses and unnumbered are mutually exclusive"
+// +kubebuilder:validation:XValidation:rule="!has(self.unnumbered) || !self.anycastGateway", message="anycastGateway and unnumbered are mutually exclusive"
 type InterfaceIPv4 struct {
 	// Addresses defines the list of IPv4 addresses assigned to the interface.
 	// The first address in the list is considered the primary address,
@@ -171,6 +173,14 @@ type InterfaceIPv4 struct {
 	// When specified, the interface borrows the IP address from another interface.
 	// +optional
 	Unnumbered *InterfaceIPv4Unnumbered `json:"unnumbered,omitempty"`
+
+	// AnycastGateway enables distributed anycast gateway functionality.
+	// When enabled, this interface uses the virtual MAC configured in the
+	// device's NVE resource for active-active default gateway redundancy.
+	// Only applicable for RoutedVLAN interfaces in EVPN/VXLAN fabrics.
+	// +optional
+	// +kubebuilder:default=false
+	AnycastGateway bool `json:"anycastGateway,omitempty"`
 }
 
 // InterfaceIPv4Unnumbered defines the unnumbered interface configuration.

charts/network-operator/templates/crd/networking.metal.ironcore.dev_interfaces.yaml

@@ -191,6 +191,14 @@ spec:
                     minItems: 1
                     type: array
                     x-kubernetes-list-type: atomic
+                  anycastGateway:
+                    default: false
+                    description: |-
+                      AnycastGateway enables distributed anycast gateway functionality.
+                      When enabled, this interface uses the virtual MAC configured in the
+                      device's NVE resource for active-active default gateway redundancy.
+                      Only applicable for RoutedVLAN interfaces in EVPN/VXLAN fabrics.
+                    type: boolean
                   unnumbered:
                     description: |-
                       Unnumbered defines the unnumbered interface configuration.
@@ -219,6 +227,8 @@ spec:
                 x-kubernetes-validations:
                 - message: addresses and unnumbered are mutually exclusive
                   rule: '!has(self.addresses) || !has(self.unnumbered)'
+                - message: anycastGateway and unnumbered are mutually exclusive
+                  rule: '!has(self.unnumbered) || !self.anycastGateway'
               mtu:
                 description: MTU (Maximum Transmission Unit) specifies the size of
                   the largest packet that can be sent over the interface.
@@ -391,6 +401,8 @@ spec:
               rule: self.type != 'RoutedVLAN' || !has(self.switchport)
             - message: aggregation must not be specified for interfaces of type RoutedVLAN
               rule: self.type != 'RoutedVLAN' || !has(self.aggregation)
+            - message: anycastGateway can only be enabled for interfaces of type RoutedVLAN
+              rule: self.type == 'RoutedVLAN' || !has(self.ipv4) || !self.ipv4.anycastGateway
             - message: vrfRef must not be specified for interfaces of type Aggregate
               rule: self.type != 'Aggregate' || !has(self.vrfRef)
             - message: vrfRef must not be specified for Physical interfaces with switchport

config/crd/bases/networking.metal.ironcore.dev_interfaces.yaml

@@ -185,6 +185,14 @@ spec:
                     minItems: 1
                     type: array
                     x-kubernetes-list-type: atomic
+                  anycastGateway:
+                    default: false
+                    description: |-
+                      AnycastGateway enables distributed anycast gateway functionality.
+                      When enabled, this interface uses the virtual MAC configured in the
+                      device's NVE resource for active-active default gateway redundancy.
+                      Only applicable for RoutedVLAN interfaces in EVPN/VXLAN fabrics.
+                    type: boolean
                   unnumbered:
                     description: |-
                       Unnumbered defines the unnumbered interface configuration.
@@ -213,6 +221,8 @@ spec:
                 x-kubernetes-validations:
                 - message: addresses and unnumbered are mutually exclusive
                   rule: '!has(self.addresses) || !has(self.unnumbered)'
+                - message: anycastGateway and unnumbered are mutually exclusive
+                  rule: '!has(self.unnumbered) || !self.anycastGateway'
               mtu:
                 description: MTU (Maximum Transmission Unit) specifies the size of
                   the largest packet that can be sent over the interface.
@@ -385,6 +395,8 @@ spec:
               rule: self.type != 'RoutedVLAN' || !has(self.switchport)
             - message: aggregation must not be specified for interfaces of type RoutedVLAN
               rule: self.type != 'RoutedVLAN' || !has(self.aggregation)
+            - message: anycastGateway can only be enabled for interfaces of type RoutedVLAN
+              rule: self.type == 'RoutedVLAN' || !has(self.ipv4) || !self.ipv4.anycastGateway
             - message: vrfRef must not be specified for interfaces of type Aggregate
               rule: self.type != 'Aggregate' || !has(self.vrfRef)
             - message: vrfRef must not be specified for Physical interfaces with switchport

config/samples/v1alpha1_interface.yaml

@@ -155,6 +155,7 @@ spec:
   ipv4:
     addresses:
       - 192.168.10.254/24
+    anycastGateway: true
 ---
 apiVersion: networking.metal.ironcore.dev/v1alpha1
 kind: Interface

internal/provider/cisco/nxos/intf.go

@@ -28,6 +28,7 @@ var (
 	_ gnmiext.Configurable = (*SwitchVirtualInterface)(nil)
 	_ gnmiext.Configurable = (*SwitchVirtualInterfaceOperItems)(nil)
 	_ gnmiext.Configurable = (*AddrItem)(nil)
+	_ gnmiext.Configurable = (*FabricFwdIf)(nil)
 )
 
 // Loopback represents a loopback interface on a NX-OS device.
@@ -305,6 +306,25 @@ const (
 	IntfAddrTypeSecondary IntfAddrType = "secondary"
 )
 
+// FabricFwdIf that represents an Interface configured as part of the HMM Fabric Forwarding Instance.
+type FabricFwdIf struct {
+	AdminSt AdminSt `json:"adminSt"`
+	ID      string  `json:"id"`
+	Mode    FwdMode `json:"mode"`
+}
+
+func (f *FabricFwdIf) XPath() string {
+	return "System/hmm-items/fwdinst-items/if-items/FwdIf-list[id=" + f.ID + "]"
+}
+
+type FwdMode string
+
+const (
+	FwdModeStandard       FwdMode = "standard"
+	FwdModeAnycastGateway FwdMode = "anycastGW"
+	FwdModeProxyGateway   FwdMode = "proxyGW"
+)
+
 // Range provides a string representation of identifiers (typically VLAN IDs) that formats the range in a human-readable way.
 // Consecutive IDs are represented as a range (e.g., "10-12"), while single IDs are shown individually (e.g., "15").
 // All values are joined in a comma-separated list of ranges and individual IDs, e.g. "10-12,15,20-22".

internal/provider/cisco/nxos/intf_test.go

@@ -71,4 +71,11 @@ func init() {
 		VlanID:  10,
 	}
 	Register("svi", svi)
+
+	fwif := &FabricFwdIf{
+		AdminSt: AdminStEnabled,
+		ID:      "vlan10",
+		Mode:    FwdModeAnycastGateway,
+	}
+	Register("fwif", fwif)
 }

internal/provider/cisco/nxos/provider.go

@@ -746,6 +746,20 @@ func (p *Provider) EnsureInterface(ctx context.Context, req *provider.EnsureInte
 		svi.VlanID = req.VLAN.Spec.ID
 		svi.RtvrfMbrItems = NewVrfMember(name, vrf)
 
+		fwif := new(FabricFwdIf)
+		fwif.ID = name
+
+		switch {
+		case req.Interface.Spec.IPv4 != nil && req.Interface.Spec.IPv4.AnycastGateway:
+			fwif.AdminSt = AdminStEnabled
+			fwif.Mode = FwdModeAnycastGateway
+			conf = append(conf, fwif)
+		default:
+			if err := p.client.Delete(ctx, fwif); err != nil {
+				return err
+			}
+		}
+
 		conf = append(conf, svi)
 
 	default:

internal/provider/cisco/nxos/testdata/fwif.json

@@ -0,0 +1,15 @@
+{
+  "hmm-items": {
+    "fwdinst-items": {
+      "if-items": {
+        "FwdIf-list": [
+          {
+            "adminSt": "enabled",
+            "id": "vlan10",
+            "mode": "anycastGW"
+          }
+        ]
+      }
+    }
+  }
+}

internal/provider/cisco/nxos/testdata/fwif.json.txt

@@ -0,0 +1,2 @@
+interface Vlan10
+ fabric forwarding mode anycast-gateway