Fix for Ingress replication is not allowed for border_gateway_spine #406
Conversation
- border_gateway_spine role present,
- IPv6 underlay enabled,
- replication_mode set to 'ingress'
is present in the inventory.
If so, appends a descriptive error message to the results list
| switches = topology.get("switches") | ||
| if not switches: | ||
| return False | ||
| return any(switch.get("role") == "border_gateway_spine" for switch in switches) |
There was a problem hiding this comment.
Can you update the role list. The issue is also present with border_gateway.
The rule works as expected:
ERROR - Semantic error, rule 207: Verify fabric replication and spine roles. (['For vxlan.underlay.general.replication_mode to be set to ingress, vxlan.topology.switches.role must not be set to border_gateway_spine and vxlan.underlay.general.enable_ipv6_underlay must not be set to true.'])
There was a problem hiding this comment.
Hi @ccoueffe ,
I updated the check_role method to validate if a switch in the fabric is one of 'border_gateway_spine' or 'border_gateway' role.
Tested, works as expeted:
`
TASK [cisco.nac_dc_vxlan.validate : Perform Required Syntax and Semantic Model Validation] **************************************************************************************************************************************************************************************************************
Semantic error, rule 207: Verify fabric replication and spine roles. (['For vxlan.underlay.general.replication_mode to be set to ingress, vxlan.topology.switches.role must not be set to border_gateway_spine or border_gateway and vxlan.underlay.general.enable_ipv6_underlay must not be set to true.'])
fatal: [skaszlik-nac-fabric1 -> localhost]: FAILED! => {"changed": false, "data": {"vxlan": {"fabric": {"name": "skaszlik-nac-fabric1", "type": "VXLAN_EVPN"}, "global": {"anycast_gateway_mac": "12:34:56:78:91:00", "bgp_asn": "65013", "dns_servers": [{"ip_address": "10.0.0.2", "vrf": "management"}], "ntp_servers": [{"ip_address": "10.55.0.2", "vrf": "management"}], "route_reflectors": 4}, "topology": {"switches": [{"management": {"default_gateway_v4": "198.18.133.1", "management_ipv4_address": "198.18.133.21"}, "name": "netascode-spine1", "role": "border_gateway", "routing_loopback_id": 0, "serial_number": "99FYP2OV1NS", "vtep_loopback_id": 1}]}, "underlay": {"general": {"enable_ipv6_underlay": true, "replication_mode": "ingress", "routing_protocol": "ospf"}, "ipv6": {"enable_ipv6_link_local_address": false, "underlay_routing_loopback_ip_range": "fd00::2110:0/112", "underlay_rp_loopback_ip_range": "fd00::2254:0/112", "underlay_subnet_ip_range": "fd00::2000:0/112", "underlay_subnet_mask": 126, "underlay_vtep_loopback_ip_range": "fd00::2111:0/112"}}}}, "msg": "Semantic error, rule 207: Verify fabric replication and spine roles. (['For vxlan.underlay.general.replication_mode to be set to ingress, vxlan.topology.switches.role must not be set to border_gateway_spine or border_gateway and vxlan.underlay.general.enable_ipv6_underlay must not be set to true.'])\n"}`
|
@mikewiebe another commit was done by @skaszlik and I approved the checks to run, and all checks passed. |
Checks if the combination of:
- border_gateway_spine role present,
- IPv6 underlay enabled,
- replication_mode set to 'ingress'
is present in the settings. If so, appends a descriptive error message to the results list
Related Issue(s)
Fixed #405
#405
Related Collection Role
Related Data Model Element
Proposed Changes
The new rule '207_global_replication.py' verifies whether the following combination is present in the settings:
If this combination is found, it appends an error message to the results list.
Test Notes
Cisco NDFC Version
12.2.2.241
Checklist