It’s possible to commit a config where an interface is both a member of a VRF and a bridge, whitout getting an error message.
Any combination, where adding VRF and bridge memberships are done in seperate commits and where the bridge commit is the last will produce this bug.
I think this might be part of T2241, if not it should be.
To reproduce:
Add interface to VRF
Commit
Add interface to bridge
Commit
Cause:
Since the VRF/bridge exclusivity checking is done on the interface and not the bridge, no checking is done when adding the interface to the bridge, once it’s been added to the VRF in a previous commit.
This is probably true for bond membership as well.
Possible solutions:
Force all bridgable interfaces to be checked on commit (if bridge interface has changed)
Put check for VRF on the bridge as well.
Move the config bridge membership to the interface (like VRF)