From 06d576540a1c7a5ce4c9b4c01e8e6fd11c31fd67 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Mon, 1 Sep 2025 14:19:53 +0200 Subject: [PATCH 01/20] Update dc_vxlan_fabric_advanced.j2 --- .../dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 index a14a06d12..e33a61f7e 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 @@ -2,7 +2,7 @@ OVERLAY_MODE: cli GRFIELD_DEBUG_FLAG: Enable ENABLE_PVLAN: false - AAA_REMOTE_IP_ENABLED: False + AAA_REMOTE_IP_ENABLED: {{ vxlan.global.ibgp.enable_aaa_remote_ip | default(defaults.vxlan.global.ibgp.enable_aaa_remote_ip }} TCAM_ALLOCATION: {{ vxlan.global.ibgp.tcam_allocation | default(defaults.vxlan.global.ibgp.tcam_allocation) }} {% if not (vxlan.underlay.general.enable_ipv6_underlay | default(defaults.vxlan.underlay.general.enable_ipv6_underlay) | ansible.builtin.bool) %} FEATURE_PTP: {{ vxlan.global.ptp.enable | default(defaults.vxlan.global.ptp.enable) }} @@ -41,3 +41,10 @@ STP_BRIDGE_PRIORITY: {{ vxlan.global.spanning_tree.bridge_priority | default(defaults.vxlan.global.spanning_tree.bridge_priority) }} {% endif %} {% endif %} + POWER_REDUNDANCY_MODEL: {{ vxlan.global.ibgp.power_redundancy | default(defaults.vxlan.global.ibgp.power_redundancy }} + COPP_POLICY: {{ vxlan.global.ibgp.copp_policy | default(defaults.vxlan.global.ibgp.copp_policy }} + HD_TIME: {{ vxlan.global.ibgp.vtep_holddown_time | default(defaults.vxlan.global.ibgp.vtep_holddown_time }} + ENABLE_NGOAM: {{ vxlan.global.ibgp.enable_ngoam | default(defaults.vxlan.global.ibgp.enable_ngoam }} + ENABLE_TENANT_DHCP: {{ vxlan.global.ibgp.enable_tenant_dhcp | default(defaults.vxlan.global.ibgp.enable_tenant_dhcp }} + STRICT_CC_MODE: {{ vxlan.global.ibgp.strict_config_compliance | default(defaults.vxlan.global.ibgp.strict_config_compliance }} + ENABLE_DEFAULT_QUEUING_POLICY: {{ vxlan.global.ibgp.enable_default_queuing_policy | default(defaults.vxlan.global.ibgp.enable_default_queuing_policy }} From 6d98d01fd08f8475b6a12def5e11630be9970a31 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Mon, 1 Sep 2025 14:22:36 +0200 Subject: [PATCH 02/20] Update dc_vxlan_fabric_resources.j2 --- .../dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 index 2a43e733d..1550d882e 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 @@ -76,3 +76,6 @@ {% set l3_vlan_range = defaults.vxlan.global.layer3_vlan_range.from ~ '-' ~ defaults.vxlan.global.layer3_vlan_range.to %} {% endif %} VRF_VLAN_RANGE: {{ l3_vlan_range }} + AUTO_UNIQUE_VRF_LITE_IP_PREFIX: {{ vxlan.global.ibgp.auto_unique_vrflite_ip_prefix | default(defaults.vxlan.global.ibgp.auto_unique_vrflite_ip_prefix }} + PER_VRF_LOOPBACK_AUTO_PROVISION: {{ vxlan.global.ibgp.per_vrf_loopback_v4_auto_provision | default(defaults.vxlan.global.ibgp.per_vrf_loopback_v4_auto_provision }} + SUBINTERFACE_RANGE: {{ vxlan.global.ibgp.sub_int_range | default(defaults.vxlan.global.ibgp.sub_int_range }} From 6ecca27f9cc675353a0122b92b6053e9decf2915 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Mon, 1 Sep 2025 14:25:08 +0200 Subject: [PATCH 03/20] Update defaults.yml --- roles/validate/files/defaults.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/validate/files/defaults.yml b/roles/validate/files/defaults.yml index 601cc3e0e..b8f0a54fd 100644 --- a/roles/validate/files/defaults.yml +++ b/roles/validate/files/defaults.yml @@ -28,6 +28,17 @@ factory_defaults: leaf_same_bgp_asn: false ibgp: tcam_allocation: true + power_redundancy: ps-redundant + copp_policy: strict + vtep_holddown_time: 180 + enable_ngoam: true + enable_tenant_dhcp: true + strict_config_compliance: false + enable_aaa_remote_ip: false + enable_default_queuing_policy: false + sub_int_range: 2-511 + auto_unique_vrflite_ip_prefix: false + per_vrf_loopback_v4_auto_provision: false route_reflectors: 2 anycast_gateway_mac: 20:20:00:00:00:aa auth_proto: MD5 From e24c54908bb66a5d16209859c7f6c8879c083c33 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Mon, 1 Sep 2025 14:47:10 +0200 Subject: [PATCH 04/20] Update dc_vxlan_fabric_advanced.j2 --- .../advanced/dc_vxlan_fabric_advanced.j2 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 index e33a61f7e..3c086da64 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 @@ -2,7 +2,7 @@ OVERLAY_MODE: cli GRFIELD_DEBUG_FLAG: Enable ENABLE_PVLAN: false - AAA_REMOTE_IP_ENABLED: {{ vxlan.global.ibgp.enable_aaa_remote_ip | default(defaults.vxlan.global.ibgp.enable_aaa_remote_ip }} + AAA_REMOTE_IP_ENABLED: {{ vxlan.global.ibgp.enable_aaa_remote_ip | default(defaults.vxlan.global.ibgp.enable_aaa_remote_ip) }} TCAM_ALLOCATION: {{ vxlan.global.ibgp.tcam_allocation | default(defaults.vxlan.global.ibgp.tcam_allocation) }} {% if not (vxlan.underlay.general.enable_ipv6_underlay | default(defaults.vxlan.underlay.general.enable_ipv6_underlay) | ansible.builtin.bool) %} FEATURE_PTP: {{ vxlan.global.ptp.enable | default(defaults.vxlan.global.ptp.enable) }} @@ -41,10 +41,10 @@ STP_BRIDGE_PRIORITY: {{ vxlan.global.spanning_tree.bridge_priority | default(defaults.vxlan.global.spanning_tree.bridge_priority) }} {% endif %} {% endif %} - POWER_REDUNDANCY_MODEL: {{ vxlan.global.ibgp.power_redundancy | default(defaults.vxlan.global.ibgp.power_redundancy }} - COPP_POLICY: {{ vxlan.global.ibgp.copp_policy | default(defaults.vxlan.global.ibgp.copp_policy }} - HD_TIME: {{ vxlan.global.ibgp.vtep_holddown_time | default(defaults.vxlan.global.ibgp.vtep_holddown_time }} - ENABLE_NGOAM: {{ vxlan.global.ibgp.enable_ngoam | default(defaults.vxlan.global.ibgp.enable_ngoam }} - ENABLE_TENANT_DHCP: {{ vxlan.global.ibgp.enable_tenant_dhcp | default(defaults.vxlan.global.ibgp.enable_tenant_dhcp }} - STRICT_CC_MODE: {{ vxlan.global.ibgp.strict_config_compliance | default(defaults.vxlan.global.ibgp.strict_config_compliance }} - ENABLE_DEFAULT_QUEUING_POLICY: {{ vxlan.global.ibgp.enable_default_queuing_policy | default(defaults.vxlan.global.ibgp.enable_default_queuing_policy }} + POWER_REDUNDANCY_MODEL: {{ vxlan.global.ibgp.power_redundancy | default(defaults.vxlan.global.ibgp.power_redundancy) }} + COPP_POLICY: {{ vxlan.global.ibgp.copp_policy | default(defaults.vxlan.global.ibgp.copp_policy) }} + HD_TIME: {{ vxlan.global.ibgp.vtep_holddown_time | default(defaults.vxlan.global.ibgp.vtep_holddown_time) }} + ENABLE_NGOAM: {{ vxlan.global.ibgp.enable_ngoam | default(defaults.vxlan.global.ibgp.enable_ngoam) }} + ENABLE_TENANT_DHCP: {{ vxlan.global.ibgp.enable_tenant_dhcp | default(defaults.vxlan.global.ibgp.enable_tenant_dhcp) }} + STRICT_CC_MODE: {{ vxlan.global.ibgp.strict_config_compliance | default(defaults.vxlan.global.ibgp.strict_config_compliance) }} + ENABLE_DEFAULT_QUEUING_POLICY: {{ vxlan.global.ibgp.enable_default_queuing_policy | default(defaults.vxlan.global.ibgp.enable_default_queuing_policy) }} From 3168aa4c73014914a7008886369ac9fd90d212f1 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Mon, 1 Sep 2025 14:47:43 +0200 Subject: [PATCH 05/20] Update dc_vxlan_fabric_resources.j2 --- .../dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 index 1550d882e..295466448 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 @@ -76,6 +76,6 @@ {% set l3_vlan_range = defaults.vxlan.global.layer3_vlan_range.from ~ '-' ~ defaults.vxlan.global.layer3_vlan_range.to %} {% endif %} VRF_VLAN_RANGE: {{ l3_vlan_range }} - AUTO_UNIQUE_VRF_LITE_IP_PREFIX: {{ vxlan.global.ibgp.auto_unique_vrflite_ip_prefix | default(defaults.vxlan.global.ibgp.auto_unique_vrflite_ip_prefix }} - PER_VRF_LOOPBACK_AUTO_PROVISION: {{ vxlan.global.ibgp.per_vrf_loopback_v4_auto_provision | default(defaults.vxlan.global.ibgp.per_vrf_loopback_v4_auto_provision }} - SUBINTERFACE_RANGE: {{ vxlan.global.ibgp.sub_int_range | default(defaults.vxlan.global.ibgp.sub_int_range }} + AUTO_UNIQUE_VRF_LITE_IP_PREFIX: {{ vxlan.global.ibgp.auto_unique_vrflite_ip_prefix | default(defaults.vxlan.global.ibgp.auto_unique_vrflite_ip_prefix) }} + PER_VRF_LOOPBACK_AUTO_PROVISION: {{ vxlan.global.ibgp.per_vrf_loopback_v4_auto_provision | default(defaults.vxlan.global.ibgp.per_vrf_loopback_v4_auto_provision) }} + SUBINTERFACE_RANGE: {{ vxlan.global.ibgp.sub_int_range | default(defaults.vxlan.global.ibgp.sub_int_range) }} From 3f72f22074906d2b4e377ed3f956a6c885a37439 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Mon, 1 Sep 2025 15:24:34 +0200 Subject: [PATCH 06/20] Update dc_vxlan_fabric_advanced.j2 --- .../dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 index 3c086da64..9770a2c6d 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 @@ -41,7 +41,7 @@ STP_BRIDGE_PRIORITY: {{ vxlan.global.spanning_tree.bridge_priority | default(defaults.vxlan.global.spanning_tree.bridge_priority) }} {% endif %} {% endif %} - POWER_REDUNDANCY_MODEL: {{ vxlan.global.ibgp.power_redundancy | default(defaults.vxlan.global.ibgp.power_redundancy) }} + POWER_REDUNDANCY_MODE: {{ vxlan.global.ibgp.power_redundancy | default(defaults.vxlan.global.ibgp.power_redundancy) }} COPP_POLICY: {{ vxlan.global.ibgp.copp_policy | default(defaults.vxlan.global.ibgp.copp_policy) }} HD_TIME: {{ vxlan.global.ibgp.vtep_holddown_time | default(defaults.vxlan.global.ibgp.vtep_holddown_time) }} ENABLE_NGOAM: {{ vxlan.global.ibgp.enable_ngoam | default(defaults.vxlan.global.ibgp.enable_ngoam) }} From f2ab93977958a540e60ef42eefe5cda5c579c8a0 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Tue, 9 Sep 2025 18:36:52 +0200 Subject: [PATCH 07/20] Update dc_vxlan_fabric_resources.j2 --- .../dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 index 63b1cbf2c..59015f492 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 @@ -76,6 +76,4 @@ {% set l3_vlan_range = defaults.vxlan.global.ibgp.layer3_vlan_range.from ~ '-' ~ defaults.vxlan.global.ibgp.layer3_vlan_range.to %} {% endif %} VRF_VLAN_RANGE: {{ l3_vlan_range }} - AUTO_UNIQUE_VRF_LITE_IP_PREFIX: {{ vxlan.global.ibgp.auto_unique_vrflite_ip_prefix | default(defaults.vxlan.global.ibgp.auto_unique_vrflite_ip_prefix) }} - PER_VRF_LOOPBACK_AUTO_PROVISION: {{ vxlan.global.ibgp.per_vrf_loopback_v4_auto_provision | default(defaults.vxlan.global.ibgp.per_vrf_loopback_v4_auto_provision) }} SUBINTERFACE_RANGE: {{ vxlan.global.ibgp.sub_int_range | default(defaults.vxlan.global.ibgp.sub_int_range) }} From 1ad7619e939eaffc0ba65c5b7a868e9907f77ab1 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 12:57:57 +0200 Subject: [PATCH 08/20] Update dc_vxlan_fabric_advanced.j2 --- .../dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 index 8252f7213..bdd49f315 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 @@ -52,6 +52,3 @@ COPP_POLICY: {{ vxlan.global.ibgp.copp_policy | default(defaults.vxlan.global.ibgp.copp_policy) }} HD_TIME: {{ vxlan.global.ibgp.vtep_holddown_time | default(defaults.vxlan.global.ibgp.vtep_holddown_time) }} ENABLE_NGOAM: {{ vxlan.global.ibgp.enable_ngoam | default(defaults.vxlan.global.ibgp.enable_ngoam) }} - ENABLE_TENANT_DHCP: {{ vxlan.global.ibgp.enable_tenant_dhcp | default(defaults.vxlan.global.ibgp.enable_tenant_dhcp) }} - STRICT_CC_MODE: {{ vxlan.global.ibgp.strict_config_compliance | default(defaults.vxlan.global.ibgp.strict_config_compliance) }} - ENABLE_DEFAULT_QUEUING_POLICY: {{ vxlan.global.ibgp.enable_default_queuing_policy | default(defaults.vxlan.global.ibgp.enable_default_queuing_policy) }} From d68cce059d934110f1e376bf237093b97c67d3d1 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 12:58:40 +0200 Subject: [PATCH 09/20] Update dc_vxlan_fabric_advanced.j2 --- .../dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 index bdd49f315..39d245423 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 @@ -2,8 +2,7 @@ OVERLAY_MODE: {{ vxlan.global.ibgp.overlay_mode | default(defaults.vxlan.global.ibgp.overlay_mode) }} GRFIELD_DEBUG_FLAG: Enable ENABLE_PVLAN: false - AAA_REMOTE_IP_ENABLED: {{ vxlan.global.ibgp.enable_aaa_remote_ip | default(defaults.vxlan.global.ibgp.enable_aaa_remote_ip) }} -{% if ndfc_version | cisco.nac_dc_vxlan.version_compare('12.2.2', '>=') and ndfc_version | cisco.nac_dc_vxlan.version_compare('12.4.1', '<') %} + if ndfc_version | cisco.nac_dc_vxlan.version_compare('12.2.2', '>=') and ndfc_version | cisco.nac_dc_vxlan.version_compare('12.4.1', '<') %} ALLOW_L3VNI_NO_VLAN: {{ vxlan.global.ibgp.enable_mvpn_vri_id_range | default(defaults.vxlan.global.ibgp.enable_mvpn_vri_id_range) }} {% endif %} ENABLE_L3VNI_NO_VLAN: {{ vxlan.global.ibgp.enable_l3_vni_no_vlan | default(defaults.vxlan.global.ibgp.enable_l3_vni_no_vlan) }} From bf5ea3a4199afff01a8211134420efbad7efbb86 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 12:59:01 +0200 Subject: [PATCH 10/20] Update defaults.yml --- roles/validate/files/defaults.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/roles/validate/files/defaults.yml b/roles/validate/files/defaults.yml index 8d25b3375..e585fb6d2 100644 --- a/roles/validate/files/defaults.yml +++ b/roles/validate/files/defaults.yml @@ -129,10 +129,6 @@ factory_defaults: copp_policy: strict vtep_holddown_time: 180 enable_ngoam: true - enable_tenant_dhcp: true - strict_config_compliance: false - enable_aaa_remote_ip: false - enable_default_queuing_policy: false sub_int_range: 2-511 external: auth_proto: MD5 @@ -487,4 +483,4 @@ factory_defaults: snmp_server_host_trap: true bootstrap: enable_bootstrap: false - enable_local_dhcp_server: false \ No newline at end of file + enable_local_dhcp_server: false From 31834a1bd2b72aab2390343769ec97b6d21e157e Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 18:48:58 +0200 Subject: [PATCH 11/20] Update main.yml Get Features list with status for additional parameters in fabric --- roles/dtc/connectivity_check/tasks/main.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/dtc/connectivity_check/tasks/main.yml b/roles/dtc/connectivity_check/tasks/main.yml index 5cc1c0399..ed28a2cc3 100644 --- a/roles/dtc/connectivity_check/tasks/main.yml +++ b/roles/dtc/connectivity_check/tasks/main.yml @@ -62,3 +62,17 @@ ansible.builtin.set_fact: ndfc_version: "{{ ndfc_version.response.DATA.version }}" tags: "{{ nac_tags.connectivity_check }}" # Tags defined in roles/common_global/vars/main.yml + +- name: Get Cisco Nexus Dashboard Fabric Controller Features + cisco.dcnm.dcnm_rest: + method: GET + path: /appcenter/cisco/ndfc/api/v1/fm/features + register: ndfc_features + tags: "{{ nac_tags.connectivity_check }}" # Tags defined in roles/common_global/vars/main.yml + +- name: Set Cisco Nexus Dashboard Fabric Controller Features Var + ansible.builtin.set_fact: + ndfc_features: "{{ features_dict | dict2items | json_query('[*].value.{name: name, admin_state: admin_state}') }}" + vars: + features_dict: "{{ ndfc_features.response.DATA.data.features }}" + tags: "{{ nac_tags.connectivity_check }}" # Tags defined in roles/common_global/vars/main.yml From 153cb4adf6898a78740d2fb3f33102bc5c999138 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 19:01:29 +0200 Subject: [PATCH 12/20] Update dc_vxlan_fabric_general.j2 add Performance monitoring only if feature enable. Feature is checked in connectivity_check as ndfc_version --- .../dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 index a805b1a0e..62dd7ac0c 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 @@ -14,4 +14,9 @@ LINK_STATE_ROUTING: {{ vxlan.underlay.general.routing_protocol | default(defaults.vxlan.underlay.general.routing_protocol) }} RR_COUNT: {{ vxlan.global.ibgp.route_reflectors | default(defaults.vxlan.global.ibgp.route_reflectors) }} ANYCAST_GW_MAC: {{ vxlan.global.ibgp.anycast_gateway_mac | default(defaults.vxlan.global.ibgp.anycast_gateway_mac) }} +{% if (ndfc_features | selectattr('name', 'equalto', 'Performance Monitoring') | selectattr('admin_state', 'equalto', 'enabled') | list | length > 0) %} + PM_ENABLE: {{ vxlan.global.ibgp.performance_monitoring | default(defaults.vxlan.global.ibgp.performance_monitoring) | ansible.builtin.bool }} +{% else %} + PM_ENABLE: false +{% endif %} {# #} From 1e86aaae53bde4cc628caffe567c6a21e59e9d50 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 19:02:37 +0200 Subject: [PATCH 13/20] Update defaults.yml --- roles/validate/files/defaults.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/validate/files/defaults.yml b/roles/validate/files/defaults.yml index e585fb6d2..c80a9fe6a 100644 --- a/roles/validate/files/defaults.yml +++ b/roles/validate/files/defaults.yml @@ -125,6 +125,7 @@ factory_defaults: enable_local_dhcp_server: false enable_cdp_mgmt: false tcam_allocation: true + performance_monitoring: false power_redundancy: ps-redundant copp_policy: strict vtep_holddown_time: 180 From 5d44875fafd6d3018bbf5e5d66ce427dff2e6952 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 19:13:25 +0200 Subject: [PATCH 14/20] Update dc_vxlan_fabric_general.j2 --- .../dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 index 62dd7ac0c..bed1896b0 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/general/dc_vxlan_fabric_general.j2 @@ -16,7 +16,5 @@ ANYCAST_GW_MAC: {{ vxlan.global.ibgp.anycast_gateway_mac | default(defaults.vxlan.global.ibgp.anycast_gateway_mac) }} {% if (ndfc_features | selectattr('name', 'equalto', 'Performance Monitoring') | selectattr('admin_state', 'equalto', 'enabled') | list | length > 0) %} PM_ENABLE: {{ vxlan.global.ibgp.performance_monitoring | default(defaults.vxlan.global.ibgp.performance_monitoring) | ansible.builtin.bool }} -{% else %} - PM_ENABLE: false {% endif %} {# #} From 67240e0d5ed7637f0b5afb2d26d4b2e588760b91 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 19:53:22 +0200 Subject: [PATCH 15/20] Update dc_vxlan_fabric_resources.j2 --- .../dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 index 59015f492..d7760b63c 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 @@ -77,3 +77,5 @@ {% endif %} VRF_VLAN_RANGE: {{ l3_vlan_range }} SUBINTERFACE_RANGE: {{ vxlan.global.ibgp.sub_int_range | default(defaults.vxlan.global.ibgp.sub_int_range) }} + DCI_SUBNET_RANGE: {{ vxlan.underlay.ipv4.underlay_vrf_lite_ip_range | default(defaults.vxlan.underlay.ipv4.underlay_vrf_lite_ip_range) }} + DCI_SUBNET_TARGET_MASK: {{ vxlan.underlay.ipv4.underlay_vrf_lite_subnet_mask | default(defaults.vxlan.underlay.ipv4.underlay_vrf_lite_subnet_mask) }} From df367e95824021ee63e7785803fd1811400fe915 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 19:54:33 +0200 Subject: [PATCH 16/20] Update defaults.yml --- roles/validate/files/defaults.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/validate/files/defaults.yml b/roles/validate/files/defaults.yml index c80a9fe6a..b2a2f64b8 100644 --- a/roles/validate/files/defaults.yml +++ b/roles/validate/files/defaults.yml @@ -268,6 +268,8 @@ factory_defaults: underlay_vtep_loopback_ip_range: 10.3.0.0/22 underlay_rp_loopback_ip_range: 10.254.254.0/24 underlay_subnet_ip_range: 10.4.0.0/16 + underlay_vrf_lite_ip_range: 10.33.0.0/16 + underlay_vrf_lite_subnet_mask: 30 ipv6: enable_ipv6_link_local_address: true underlay_subnet_mask: 126 From 760e97a51721ca3ceb951553cdc66e5ed09ff315 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Fri, 26 Sep 2025 20:05:53 +0200 Subject: [PATCH 17/20] Update dc_vxlan_fabric_advanced.j2 --- .../dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 index 39d245423..21ce6aef8 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 @@ -2,6 +2,7 @@ OVERLAY_MODE: {{ vxlan.global.ibgp.overlay_mode | default(defaults.vxlan.global.ibgp.overlay_mode) }} GRFIELD_DEBUG_FLAG: Enable ENABLE_PVLAN: false + AAA_REMOTE_IP_ENABLED: False if ndfc_version | cisco.nac_dc_vxlan.version_compare('12.2.2', '>=') and ndfc_version | cisco.nac_dc_vxlan.version_compare('12.4.1', '<') %} ALLOW_L3VNI_NO_VLAN: {{ vxlan.global.ibgp.enable_mvpn_vri_id_range | default(defaults.vxlan.global.ibgp.enable_mvpn_vri_id_range) }} {% endif %} From 7e4faad4175b3dcd47151e438c9381ecad6419c7 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Mon, 13 Oct 2025 18:00:12 +0200 Subject: [PATCH 18/20] Update dc_vxlan_fabric_advanced.j2 --- .../dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 index 21ce6aef8..3013aeae2 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/advanced/dc_vxlan_fabric_advanced.j2 @@ -3,7 +3,7 @@ GRFIELD_DEBUG_FLAG: Enable ENABLE_PVLAN: false AAA_REMOTE_IP_ENABLED: False - if ndfc_version | cisco.nac_dc_vxlan.version_compare('12.2.2', '>=') and ndfc_version | cisco.nac_dc_vxlan.version_compare('12.4.1', '<') %} +{% if ndfc_version | cisco.nac_dc_vxlan.version_compare('12.2.2', '>=') and ndfc_version | cisco.nac_dc_vxlan.version_compare('12.4.1', '<') %} ALLOW_L3VNI_NO_VLAN: {{ vxlan.global.ibgp.enable_mvpn_vri_id_range | default(defaults.vxlan.global.ibgp.enable_mvpn_vri_id_range) }} {% endif %} ENABLE_L3VNI_NO_VLAN: {{ vxlan.global.ibgp.enable_l3_vni_no_vlan | default(defaults.vxlan.global.ibgp.enable_l3_vni_no_vlan) }} From 6475cf006d8059dcffce61712e87bbab49aab81d Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Tue, 21 Oct 2025 19:19:53 +0200 Subject: [PATCH 19/20] Update dc_vxlan_fabric_resources.j2 --- .../dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 index d7760b63c..59015f492 100644 --- a/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 +++ b/roles/dtc/common/templates/ndfc_fabric/dc_vxlan_fabric/resources/dc_vxlan_fabric_resources.j2 @@ -77,5 +77,3 @@ {% endif %} VRF_VLAN_RANGE: {{ l3_vlan_range }} SUBINTERFACE_RANGE: {{ vxlan.global.ibgp.sub_int_range | default(defaults.vxlan.global.ibgp.sub_int_range) }} - DCI_SUBNET_RANGE: {{ vxlan.underlay.ipv4.underlay_vrf_lite_ip_range | default(defaults.vxlan.underlay.ipv4.underlay_vrf_lite_ip_range) }} - DCI_SUBNET_TARGET_MASK: {{ vxlan.underlay.ipv4.underlay_vrf_lite_subnet_mask | default(defaults.vxlan.underlay.ipv4.underlay_vrf_lite_subnet_mask) }} From e27f2f61883611a562541c47b05d4168edcb8bb5 Mon Sep 17 00:00:00 2001 From: Charly Coueffe <75327499+ccoueffe@users.noreply.github.com> Date: Tue, 21 Oct 2025 19:20:47 +0200 Subject: [PATCH 20/20] Update defaults.yml --- roles/validate/files/defaults.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/validate/files/defaults.yml b/roles/validate/files/defaults.yml index b2a2f64b8..c80a9fe6a 100644 --- a/roles/validate/files/defaults.yml +++ b/roles/validate/files/defaults.yml @@ -268,8 +268,6 @@ factory_defaults: underlay_vtep_loopback_ip_range: 10.3.0.0/22 underlay_rp_loopback_ip_range: 10.254.254.0/24 underlay_subnet_ip_range: 10.4.0.0/16 - underlay_vrf_lite_ip_range: 10.33.0.0/16 - underlay_vrf_lite_subnet_mask: 30 ipv6: enable_ipv6_link_local_address: true underlay_subnet_mask: 126