Page MenuHomeVyOS Platform

BGP: L2VPN/EVPN and individual RD and RT settings for each VNI
Closed, ResolvedPublicBUG

Description

Reported via https://forum.vyos.io/t/bgp-l2vpn-evpn-and-individual-rd-and-rt-settings-for-each-vni/8158

Why does the system not allow setting individual rd and rt settings for each vni? FRR lets you do it.
After applying this patch I can create the required configuration:

--- /usr/libexec/vyos/conf_mode/protocols_bgp.py.orig	2021-12-03 15:33:10.137135615 +0000
+++ /usr/libexec/vyos/conf_mode/protocols_bgp.py	2021-12-03 15:33:24.355102005 +0000
@@ -255,15 +255,6 @@
                     tmp = dict_search(f'route_map.vpn.{export_import}', afi_config)
                     if tmp: verify_route_map(tmp, bgp)
 
-            if afi in ['l2vpn_evpn'] and 'vrf' not in bgp:
-                # Some L2VPN EVPN AFI options are only supported under VRF
-                if 'vni' in afi_config:
-                    for vni, vni_config in afi_config['vni'].items():
-                        if 'rd' in vni_config:
-                            raise ConfigError('VNI route-distinguisher is only supported under EVPN VRF')
-                        if 'route_target' in vni_config:
-                            raise ConfigError('VNI route-target is only supported under EVPN VRF')
-
     return None
show protocols 
 bgp {
     address-family {
         l2vpn-evpn {
             advertise-all-vni
             vni 100 {
                 advertise-svi-ip
                 rd 64524:100
                 route-target {
                     export 64512:1
                     import 64590:100
                 }
             }

Test

After removing above check (maybe from old FRR 7.5?) the following config:

set protocols bgp address-family l2vpn-evpn advertise-all-vni
set protocols bgp address-family l2vpn-evpn rd '65412:100000'
set protocols bgp address-family l2vpn-evpn vni 100 advertise-svi-ip
set protocols bgp address-family l2vpn-evpn vni 100 rd '11:11'
set protocols bgp address-family l2vpn-evpn vni 100 route-target export '64512:1'
set protocols bgp address-family l2vpn-evpn vni 100 route-target import '64512:100'
set protocols bgp address-family l2vpn-evpn vni 200 advertise-default-gw
set protocols bgp address-family l2vpn-evpn vni 200 rd '1.1.1.1:200'
set protocols bgp address-family l2vpn-evpn vni 200 route-target export '64512:201'
set protocols bgp address-family l2vpn-evpn vni 200 route-target import '64512:200'
set protocols bgp local-as '100'

renders:

!
router bgp 100
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 !
 address-family ipv4 unicast
  distance 110 169.254.0.0/32
 exit-address-family
 !
 address-family ipv4 multicast
  distance 110 169.254.0.0/32
 exit-address-family
 !
 address-family ipv6 unicast
  distance 110 2001::/128
 exit-address-family
 !
 address-family ipv6 multicast
  distance 110 2001::/128
 exit-address-family
 !
 address-family l2vpn evpn
  advertise-all-vni
  vni 200
   rd 1.1.1.1:200
   route-target import 64512:200
   route-target export 64512:201
   advertise-default-gw
  exit-vni
  vni 100
   rd 11:11
   route-target import 64512:100
   route-target export 64512:1
   advertise-svi-ip
  exit-vni
  rd 65412:100000
 exit-address-family
exit
!

Details

Difficulty level
Easy (less than an hour)
Version
1.4-rolling-202111281249
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation
Issue type
Feature (new functionality)

Event Timeline

c-po claimed this task.
c-po triaged this task as Normal priority.
c-po created this task.