zebra: fix l3vni to l2vni transition

when the vni is moved from l3 to l2vni, the vxlan interface belonging to
the l3 was still holding this vni in its table. when this vxlan interfae
is assigned new vni, it would go ahead remove the old vni from its
table. while removing it asserts beacuse the vxaln interface belonging
to this vni is now pointing to l2vni vxlan interface.

Fix: when the vni is transition from l3 to l2, remove the vni binging
from the vxlan interface belong to the l3.

1. removing the vni info from the hash which is primarly
maintain to have cache of netlink notification for SVD to
vlan-vni mapping.
The hash values should only be removed when vni mapping
is removed for vxlan device or vxlan interface is removed
by Kernel.
The vni info removal lead to an issue where when the same
vni is transition back to L3VNI, all the info is lost hence
L3VNI does not come up properly.

2. while the vni info removed from hash, the vni info
was not freed lead to memory leak.

To have proper vni transition, instead of removing vni info
from hash, simply dereference from vxlan vlan infomration
and when readded as L3VNI restore the referecen for vlan vlan
information.

Related Ticket: #4404076

Ticket: #4667654

Testing:

Before fix:
torm-21(config)# vrf vrf1
torm-21(config-vrf)# no vni 4000

torm-21(config-vrf)# do show evpn vni
4000       L2   vxlan99               10       34       4               vrf1            0       br_l3vni

After fix:
torm-21(config-vrf)# do show evpn vni
4000       L3   vxlan99               0        0        n/a             vrf1            2501       br_l3vni

torm-21(config)# vrf vrf1
torm-21(config-vrf)# no vni 4000

torm-21(config-vrf)# do show evpn vni
4000       L2   vxlan99               10       34       4               vrf1            2501       br_l3vni

torm-21(config-vrf)# vni 4000
torm-21(config-vrf)# do show evpn vni
4000       L3   vxlan99               4        4        n/a             vrf1            2501       br_l3vni

Detail output after vni transition:
torm-21(config-vrf)# do show evpn vni  4000
VNI: 4000
 Type: L2
 Vlan: 2501
 Bridge: br_l3vni
 Tenant VRF: vrf1
 VxLAN interface: vxlan99
 VxLAN ifIndex: 27
 SVI interface: vlan2501_l3
 SVI ifIndex: 29
 Local VTEP IP: 2001:c001:ff:f00d::6
 Mcast group: 0.0.0.0
 Remote VTEPs for this VNI:
  2001:c001:ff:f00d::7 flood: -
  2001:c001:ff:f00d::5 flood: -
  2001:c001:ff:f00d::4 flood: -
  2001:cf11:ff:f00d::3 flood: -
 Number of MACs (local and remote) known for this VNI: 10
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 31
 Advertise-gw-macip: No
 Advertise-svi-macip: No
torm-21(config-vrf)# vni 4000
torm-21(config-vrf)# do show evpn vni  4000
VNI: 4000
  Type: L3
  Tenant VRF: vrf1
  Vlan: 2501
  Bridge: br_l3vni
  Local Vtep Ip: 2001:c001:ff:f00d::6
  Vxlan-Intf: vxlan99
  SVI-If: vlan2501_l3
  State: Up
  VNI Filter: none
  System MAC: 44:38:39:ff:ff:18
  Router MAC: 44:38:39:ff:ff:18
  Number of MACs (local and remote) known for this VNI: 4
  Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 4
  L2 VNIs: 1000 1001 1002 1003

Signed-off-by: Chirag Shah <[email protected]>

Author: chiragshah6

zebra/zebra_vxlan.c

@@ -2434,6 +2434,7 @@ static int zebra_vxlan_handle_vni_transition(struct zebra_vrf *zvrf, vni_t vni,
 {
 	struct zebra_evpn *zevpn = NULL;
 	struct zebra_l3vni *zl3vni = NULL;
+	struct interface *br_if = NULL;
 
 	/* There is a possibility that VNI notification was already received
 	 * from kernel and we programmed it as L2-VNI
@@ -2514,12 +2515,27 @@ static int zebra_vxlan_handle_vni_transition(struct zebra_vrf *zvrf, vni_t vni,
 
 		zevpn = zebra_evpn_add(vni);
 
-		/* Find bridge interface for the VNI */
-		vlan_if = zvni_map_to_svi(vnip->access_vlan,
-					  zif->brslave_info.br_if);
+		/*
+		 * Restore per-VLAN state for the newly created L2-VNI.
+		 * This mirrors the behaviour of zebra_vxlan_if_add_vni() so
+		 * that an L3VNI -> L2VNI transition preserves:
+		 *  - VLAN id used for the VNI (zevpn->vid)
+		 *  - associated SVI (zevpn->svi_if)
+		 *  - bridge membership (zevpn->bridge_if)
+		 *  - tenant VRF and L3VNI<-L2VNI list membership.
+		 */
+		br_if = zif->brslave_info.br_if;
+		zevpn_bridge_if_set(zevpn, br_if, true /* set */);
+
+		zevpn->vid = vnip->access_vlan;
+
+		vlan_if = zvni_map_to_svi(vnip->access_vlan, br_if);
 		if (vlan_if) {
-			zevpn->vrf_id = vlan_if->vrf->vrf_id;
-			zl3vni = zl3vni_from_vrf(vlan_if->vrf->vrf_id);
+			zevpn->svi_if = vlan_if;
+			if (vlan_if->vrf) {
+				zevpn->vrf_id = vlan_if->vrf->vrf_id;
+				zl3vni = zl3vni_from_vrf(vlan_if->vrf->vrf_id);
+			}
 			if (zl3vni)
 				listnode_add_sort_nodup(zl3vni->l2vnis, zevpn);
 		}
@@ -2532,6 +2548,12 @@ static int zebra_vxlan_handle_vni_transition(struct zebra_vrf *zvrf, vni_t vni,
 			zebra_evpn_send_add_to_client(zevpn);
 			zebra_evpn_read_mac_neigh(zevpn, ctx.ret_ifp);
 		}
+
+		if (IS_ZEBRA_DEBUG_VXLAN)
+			zlog_debug("L2-VNI:%d transition from L3-VNI, unlink from %s vni_info table",
+				   vni, ctx.ret_ifp->name);
+
+		zebra_vxlan_if_vni_deref(zif, vni);
 	}
 
 	return 0;
@@ -5330,9 +5352,23 @@ void zebra_vxlan_process_vrf_vni_cmd(struct zebra_vrf *zvrf, vni_t vni,
 			br_if = vxlan_if_zif->brslave_info.br_if;
 		}
 
-		if (vnip)
+		if (vnip) {
 			zl3vni->vid = vnip->access_vlan;
 
+			/*
+			 * Re-establish VLAN<->VxLAN reference for L3-VNI.
+			 * This is needed when transitioning from L2-VNI back to
+			 * L3-VNI (e.g., "no vni X" followed by "vni X"), as the
+			 * reference was dropped during the L3->L2 transition by
+			 * zebra_vxlan_if_vni_remove(). This call increments the
+			 * reference count to maintain proper VLAN association.
+			 * Note: zebra_evpn_vl_vxl_ref() is idempotent and safely
+			 * handles duplicate calls for the same VNI.
+			 */
+			if (vxlan_if_zif)
+				zebra_evpn_vl_vxl_ref(vnip->access_vlan, vnip->vni, vxlan_if_zif);
+		}
+
 		if (br_if)
 			zl3vni_bridge_if_set(zl3vni, br_if, true);
 

zebra/zebra_vxlan_if.c

@@ -90,6 +90,52 @@ static void zebra_vxlan_if_vni_iterate_callback(struct hash_bucket *bucket,
 	ctx->func(ctx->zif, vni, ctx->arg);
 }
 
+/*
+ * This function only removes VLAN<->VxLAN references when transitioning
+ * from L3-VNI to L2-VNI. It does NOT remove the VNI from the vni_table.
+ * For actual deletion of VNI from the vni_table, use zebra_vxlan_if_vni_del()
+ * which is called when kernel VNI configuration is removed.
+ */
+int zebra_vxlan_if_vni_deref(struct zebra_if *zif, vni_t vni)
+{
+	struct zebra_vxlan_vni vni_tmp;
+	struct zebra_vxlan_vni_info *vni_info;
+	struct zebra_vxlan_vni *vnip;
+
+	/* This should be called in SVD context only */
+	if (!IS_ZEBRA_VXLAN_IF_SVD(zif)) {
+		if (IS_ZEBRA_DEBUG_KERNEL || IS_ZEBRA_DEBUG_VXLAN)
+			zlog_debug("%s VNI %u vxlan_if %s should be SVD,  skip processing",
+				   __func__, vni, zif->ifp->name);
+		return 0;
+	}
+
+	vni_info = VNI_INFO_FROM_ZEBRA_IF(zif);
+	memset(&vni_tmp, 0, sizeof(vni_tmp));
+	vni_tmp.vni = vni;
+
+	/*
+	 * Rationale:
+	 * 1. The SVD vni_table represents kernel VNI configuration (from netlink)
+	 *    and should only change when kernel config changes, not during
+	 *    zebra's internal L2<->L3 VNI transitions.
+	 * 2. Keeping vnip is REQUIRED for L3-VNI re-add scenarios because:
+	 *    - zl3vni_map_to_svi_if() calls zebra_vxlan_if_vni_find()
+	 *    - Without vnip, SVI mapping fails -> L3-VNI stays non-operational
+	 *    - access_vlan information is needed for proper state restoration
+	 * 3. This does NOT cause memory leaks because vnip remains referenced
+	 *    in the hash table and will be properly freed when:
+	 *    - Kernel removes the VNI (via zebra_vxlan_if_vni_del())
+	 *    - Interface is deleted (via zebra_vxlan_if_del())
+	 */
+	vnip = (struct zebra_vxlan_vni *)hash_lookup(vni_info->vni_table, &vni_tmp);
+	/* Decrement VLAN<->VxLAN reference count for L3-VNI removal */
+	if (vnip)
+		zebra_evpn_vl_vxl_deref(vnip->access_vlan, vnip->vni, zif);
+
+	return 0;
+}
+
 static int zebra_vxlan_if_del_vni(struct interface *ifp,
 				  struct zebra_vxlan_vni *vnip)
 {

zebra/zebra_vxlan_if.h

@@ -60,6 +60,7 @@ extern int zebra_vxlan_if_down(struct interface *ifp);
 extern int zebra_vxlan_if_vni_up(struct interface *ifp,
 				 struct zebra_vxlan_vni *vni);
 extern int zebra_vxlan_if_up(struct interface *ifp);
+extern int zebra_vxlan_if_vni_deref(struct zebra_if *zif, vni_t vni);
 extern int zebra_vxlan_if_vni_del(struct interface *ifp, vni_t vni);
 extern int zebra_vxlan_if_del(struct interface *ifp);
 extern int zebra_vxlan_if_vni_table_add_update(struct interface *ifp,