static_default_route MUST be a property of the vrf_lite object and adv_default_route SHOULD/MUST be a property of the attachment

[gnakh]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Ansible Version and collection version

2.17.2

DCNM version

• V 12.2.2.238

Affected module(s)

• dcnm_vrf

Ansible Playbook

    - name: Create and attach VRFs to switches in {{ defaults.msd.fabric_name }} fabric
      cisco.dcnm.dcnm_vrf:
        fabric: '{{ defaults.msd.fabric_name }}'
        state: '{{ state | default("merged") }}'
        config: '{{ vrfs_for_module }}'
      tags: vrfs

Debug Output

Not needed

--->

Expected Behavior

Not all VRF-lite hand offs need a default route. Default route needs to be configured for those hand offs where a default route is expected. Static routes would be configured only for the next-hops where it is expected.

An administrator may decide to select a number of leaf switches to announce a default route from.

Actual Behavior

However, static_default_route is a property of the VRF and, therefore, if multiple attachments exist, a static default route will be configured for each one of them.

adv_default_route is a property of the VRF and, if enabled, all leaves with an attachment point will announce the default route (if received) to the rest of the fabric. Thus, adv_default_route should be a property of the attachment themselves (the leaves where it should be announced from)

If static_default_route and adv_default_route are enabled for a VRF and the VRF has multiple attachment points in different leaves toward different destinations (internet, kubernetes cluster, etc.), a traffic destined towards and unknown network (internet) may be sent to the wrong leaf altogether.

Steps to Reproduce

Configure multiple attachment points and vrf lite hand offs on different leaves towards different destinations.

References

[gnakh]

The variable file is:

vrfs_for_module:
  - vrf_name: infra
    vrf_id: 51000
    vrf_template: '{{ defaults.vrf_template }}'
    vrf_extension_template: '{{ defaults.extension_vrf_template }}'
    vlan_id: 3100
    vrf_int_mtu: 9000
    attach: 
    - ip_address: 198.18.154.16 
      vrf_lite:
        # WAN PEER, default path out, default route not received, corporate offices.
        - peer_vrf: corp
          ipv4_addr: 172.16.12.2/30
          neighbor_ipv4: 172.16.12.1
          interface: Ethernet1/24
          dot1q: 100
       # CAMPUS PEER, default route must not be installed
        - peer_vrf: Corp
          ipv4_addr: 172.16.12.18/30
          neighbor_ipv4: 172.16.12.17
          interface: Ethernet1/26
          dot1q: 100
      deploy: true