verify() in conf_mode/vrf.py does not fully check for all possible bindings to a VRF when it is being removed.

There are 2 checks right now against VRF removal:

• Do any interfaces belong to the VRF still?
• Do legacy static routes belong to the VRF?

The legacy route check does not work - it's looking for the old node path under protocols. This isn't a big problem because that was all relocated under the vrf top level node.

Doing a grep over interface-defs for include/constraint/vrf, include/listen-address-vrf and include/vrf-multi returns a good list of VRF binding points, many of which aren't covered. Aside from interfaces, the problems appear to be:

• VRF-aware service bindings
• Policy elements
• Route leaks

Removing a VRF without cleaning up these elements will lead to possible runtime config problems when further changes are made and definite configuration errors on next reboot.