Initial eBGP Fabric Support (#460)

* move initial ebgp fabric work to new branch

* remove tmp file

* Update ebgp_vxlan_fabric_base.j2

* swap fabric global name from standup meeting discussion

* update defaults key

* adjustments from testing with module updates

* update after testing module

* add backwards compatability for 3.1.1

* fix security support

* update security

* backout tasks

* updates to setup ebgp development

* fix year

Author: mtarking

plugins/action/common/nac_dc_validate.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Cisco Systems, Inc. and its affiliates
+# Copyright (c) 2025 Cisco Systems, Inc. and its affiliates
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
@@ -92,7 +92,7 @@ def run(self, tmp=None, task_vars=None):
             if 'fabric' in check['keys_found'] and 'fabric' in check['keys_data']:
                 if 'type' in results['data']['vxlan']['fabric']:
                     if results['data']['vxlan']['fabric']['type'] in ('VXLAN_EVPN'):
-                        rules_list.append(f'{rules}vxlan/')
+                        rules_list.append(f'{rules}ibgp_vxlan/')
                     elif results['data']['vxlan']['fabric']['type'] in ('MSD', 'MCF'):
                         rules_list.append(f'{rules}multisite/')
                     elif results['data']['vxlan']['fabric']['type'] in ('ISN'):
@@ -118,7 +118,7 @@ def run(self, tmp=None, task_vars=None):
                         display.deprecated(msg=deprecated_msg, version='1.0.0', collection_name='cisco.nac_dc_vxlan')
 
                         if results['data']['vxlan']['global']['fabric_type'] in ('VXLAN_EVPN'):
-                            rules_list.append(f'{rules}vxlan/')
+                            rules_list.append(f'{rules}ibgp_vxlan/')
                         elif results['data']['vxlan']['global']['fabric_type'] in ('MSD', 'MCF'):
                             rules_list.append(f'{rules}multisite/')
                         elif results['data']['vxlan']['global']['fabric_type'] in ('ISN', 'External'):

roles/dtc/common/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Cisco Systems, Inc. and its affiliates
+# Copyright (c) 2025 Cisco Systems, Inc. and its affiliates
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
@@ -91,6 +91,11 @@
   tags: "{{ nac_tags.common_role }}" # Tags defined in roles/common_global/vars/main.yml
   when: MD_Extended.vxlan.fabric.type == 'VXLAN_EVPN'
 
+- name: Import Role Tasks for eBGP VXLAN Fabric
+  ansible.builtin.import_tasks: sub_main_ebgp_vxlan.yml
+  tags: "{{ nac_tags.common_role }}" # Tags defined in roles/common_global/vars/main.yml
+  when: MD_Extended.vxlan.fabric.type == 'eBGP_VXLAN'
+
 - name: Import Role Tasks for ISN Fabric
   ansible.builtin.import_tasks: sub_main_isn.yml
   tags: "{{ nac_tags.common_role }}" # Tags defined in roles/common_global/vars/main.yml

roles/dtc/common/tasks/sub_main_ebgp_vxlan.yml

@@ -0,0 +1,65 @@
+# Copyright (c) 2025 Cisco Systems, Inc. and its affiliates
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# SPDX-License-Identifier: MIT
+
+---
+
+- ansible.builtin.fail: msg="Service Model Not Defined.  Role cisco.nac_dc_vxlan.validate Must Be Called First"
+  when: MD is undefined
+  delegate_to: localhost
+
+# --------------------------------------------------------------------
+# Remove all files from the previous run if run_map requires it
+# --------------------------------------------------------------------
+- name: Set path_name Var
+  ansible.builtin.set_fact:
+    path_name: "{{ role_path }}/files/ebgp_vxlan/{{ MD_Extended.vxlan.fabric.name }}/"
+  delegate_to: localhost
+
+- name: Cleanup Files from Previous Run if run_map requires it
+  ansible.builtin.import_tasks: cleanup_files.yml
+  when:
+    - not run_map_read_result.diff_run or ((force_run_all is defined) and (force_run_all is true|bool))
+
+# --------------------------------------------------------------------
+# Build Create Fabric parameter List From Template
+# --------------------------------------------------------------------
+
+- name: Build Fabric Create Parameters
+  ansible.builtin.import_tasks: common/ndfc_fabric.yml
+
+# --------------------------------------------------------------------
+# Save Local Variables To NameSpace Dict For Use Elsewhere
+# --------------------------------------------------------------------
+- name: Save Local Variables With Namespace Context
+  ansible.builtin.set_fact:
+    vars_common_ebgp_vxlan:
+        changes_detected_fabric: "{{ changes_detected_fabric }}"
+        fabric_config: "{{ fabric_config }}"
+
+- name: Run Diff Flags
+  ansible.builtin.debug:
+    msg:
+      - "----------------------------------------------------------------"
+      - "+     Fabric Changes Detected -               [ {{ vars_common_ebgp_vxlan.changes_detected_fabric }} ]"
+      - "+     ----- Run Map -----"
+      - "+     Run Map Diff Run -                      [ {{ run_map_read_result.diff_run }} ]"
+      - "+     Force Run Flag  -                       [ {{ force_run_all }} ]"
+      - "----------------------------------------------------------------"

roles/dtc/common/templates/ndfc_fabric.j2

@@ -9,6 +9,11 @@
 {# Include NDFC DC VXLAN EVPN Base Template #}
 {% include '/ndfc_fabric/dc_vxlan_fabric/dc_vxlan_fabric_base.j2' %}
 
+{% elif vxlan.fabric.type == 'eBGP_VXLAN'%}
+
+{# Include NDFC eBGP VXLAN EVPN Base Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/ebgp_vxlan_fabric_base.j2' %}
+
 {% elif vxlan.fabric.type == 'MSD'%}
 
 {# Include NDFC MSD Base Template #}

roles/validate/files/rules/vxlan/.gitkeep renamed to roles/dtc/common/templates/ndfc_fabric/ebgp_vxlan_fabric/.gitkeep

@@ -0,0 +1,30 @@
+{# Auto-generated NDFC eBGP VXLAN EVPN Advanced config data structure for fabric {{ vxlan.fabric.name }} #}
+  OVERLAY_MODE: cli
+  GRFIELD_DEBUG_FLAG: Enable
+  ENABLE_PVLAN: false
+  AAA_REMOTE_IP_ENABLED: False
+  FABRIC_MTU: {{ vxlan.underlay.general.intra_fabric_interface_mtu | default(defaults.vxlan.underlay.general.intra_fabric_interface_mtu) }}
+  L2_HOST_INTF_MTU: {{ vxlan.underlay.general.layer2_host_interface_mtu | default(defaults.vxlan.underlay.general.layer2_host_interface_mtu) }}
+{% if vxlan.global.bootstrap is defined and vxlan.global.bootstrap.enable_cdp_mgmt is defined %}
+  CDP_ENABLE: {{ vxlan.global.bootstrap.enable_cdp_mgmt }}
+{% endif %}
+  ENABLE_NXAPI: {{ vxlan.global.enable_nxapi_https | default(defaults.vxlan.global.enable_nxapi_https) }}
+{% if vxlan.global.enable_nxapi_https | default(defaults.vxlan.global.enable_nxapi_https) | ansible.builtin.bool %}
+  NXAPI_HTTPS_PORT: {{ vxlan.global.nxapi_https_port | default(defaults.vxlan.global.nxapi_https_port) }}
+  ENABLE_NXAPI_HTTP: {{ vxlan.global.enable_nxapi_http | default(defaults.vxlan.global.enable_nxapi_http) }}
+{% if vxlan.global.enable_nxapi_http | default(defaults.vxlan.global.enable_nxapi_http) | ansible.builtin.bool %}
+  NXAPI_HTTP_PORT: {{ vxlan.global.nxapi_http_port | default(defaults.vxlan.global.nxapi_http_port) }}
+{% endif %}
+{% endif %}
+  SNMP_SERVER_HOST_TRAP: {{ vxlan.global.snmp_server_host_trap | default(defaults.vxlan.global.snmp_server_host_trap) }}
+{% if ( (ndfc_version | cisco.nac_dc_vxlan.version_compare('12.2.2', '>=')) and
+        (not (vxlan.underlay.general.enable_ipv6_underlay | default(defaults.vxlan.underlay.general.enable_ipv6_underlay) | ansible.builtin.bool)) ) %}
+  FEATURE_PTP: {{ vxlan.global.ptp.enable | default(defaults.vxlan.global.ptp.enable) }}
+{% if vxlan.global.ptp.enable is defined and vxlan.global.ptp.enable | ansible.builtin.bool %}
+  PTP_DOMAIN_ID: {{ vxlan.global.ptp.domain_id | default(defaults.vxlan.global.ptp.domain_id) }}
+  PTP_LB_ID: {{ vxlan.global.ptp.lb_id | default(defaults.vxlan.global.ptp.lb_id) }}
+{% if vxlan.global.ptp.vlan_id is defined %}
+  PTP_VLAN_ID: {{ vxlan.global.ptp.vlan_id }}
+{% endif %}
+{% endif %}
+{% endif %}

roles/dtc/common/templates/ndfc_fabric/ebgp_vxlan_fabric/advanced/.gitkeep

@@ -0,0 +1,19 @@
+{# Auto-generated NDFC eBGP VXLAN EVPN Bootstrap config data structure for fabric {{ vxlan.fabric.name }} #}
+{% if vxlan.global.bootstrap is defined %}
+  BOOTSTRAP_ENABLE: {{ vxlan.global.bootstrap.enable_bootstrap | default(defaults.vxlan.global.bootstrap.enable_bootstrap) | bool }}
+{% if vxlan.global.bootstrap.enable_bootstrap | default(defaults.vxlan.global.bootstrap.enable_bootstrap) | bool %}
+  DHCP_ENABLE: {{ vxlan.global.bootstrap.enable_local_dhcp_server | default(defaults.vxlan.global.bootstrap.enable_local_dhcp_server) | bool }}
+{% if vxlan.global.bootstrap.enable_local_dhcp_server | default(defaults.vxlan.global.bootstrap.enable_local_dhcp_server) | bool %}
+  DHCP_IPV6_ENABLE: {{ vxlan.global.bootstrap.dhcp_version }}
+{% if vxlan.global.bootstrap.dhcp_version is defined and vxlan.global.bootstrap.dhcp_version == "DHCPv4" %}
+  DHCP_START: {{ vxlan.global.bootstrap.dhcp_v4.scope_start_address }}
+  DHCP_END: {{ vxlan.global.bootstrap.dhcp_v4.scope_end_address }}
+  MGMT_GW: {{ vxlan.global.bootstrap.dhcp_v4.switch_mgmt_default_gw }}
+  MGMT_PREFIX: {{ vxlan.global.bootstrap.dhcp_v4.mgmt_prefix }}
+{% if vxlan.global.bootstrap.dhcp_v4.multi_subnet_scope is defined %}
+  BOOTSTRAP_MULTISUBNET: "{{ vxlan.global.bootstrap.dhcp_v4.multi_subnet_scope }}"
+{% endif %}
+{% endif %}
+{% endif %}
+{% endif %}
+{% endif %}

roles/dtc/common/templates/ndfc_fabric/ebgp_vxlan_fabric/advanced/ebgp_vxlan_fabric_advanced.j2

@@ -0,0 +1,34 @@
+{# Auto-generated NDFC eBGP VXLAN EVPN Base config data structure for fabric {{ vxlan.fabric.name }} #}
+{% from 'macros/convert_ranges.j2' import convert_ranges as convert_ranges %}
+- FABRIC_NAME: {{ vxlan.fabric.name }}
+  FABRIC_TYPE: BGP
+  DEPLOY: False
+
+{# Include NDFC eBGP VXLAN EVPN General Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/general/ebgp_vxlan_fabric_general.j2' %}
+
+{# Include NDFC eBGP VXLAN EVPN Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/evpn/ebgp_vxlan_fabric_evpn.j2' %}
+
+{# Include NDFC eBGP VXLAN EVPN vPC Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/vpc/ebgp_vxlan_fabric_vpc.j2' %}
+
+{# Include NDFC eBGP VXLAN EVPN Protocols Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/protocols/ebgp_vxlan_fabric_protocols.j2' %}
+
+{% if ndfc_version | cisco.nac_dc_vxlan.version_compare('12.2.2', '>=') %}
+{# Include NDFC eBGP VXLAN EVPN Security Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/security/ebgp_vxlan_fabric_security.j2' %}
+{% endif %}
+
+{# Include NDFC eBGP VXLAN EVPN Advanced Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/advanced/ebgp_vxlan_fabric_advanced.j2' %}
+
+{# Include NDFC eBGP VXLAN EVPN Manageability Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/manageability/ebgp_vxlan_fabric_manageability.j2' %}
+
+{# Include NDFC eBGP VXLAN EVPN Bootstrap Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/bootstrap/ebgp_vxlan_fabric_bootstrap.j2' %}
+
+{# Include NDFC eBGP VXLAN EVPN Flow Monitor Template #}
+{% include '/ndfc_fabric/ebgp_vxlan_fabric/flow_monitor/ebgp_vxlan_fabric_flow_monitor.j2' %}