[NetFlow] Add VXLAN-Aware Match Fields Support in Terraform Module

[camschaecisco]

Add Terraform mapping logic to translate schema's flow record VXLAN match field configurations into the Terraform provider's iosxe_flow_record resource attributes.

Schema Mappings

flow.records[].match.datalink_vlan → match_datalink_vlan
flow.records[].match.routing_vrf_input → match_routing_vrf_input
flow.records[].match.vxlan_vnid → match_vxlan_vnid
flow.records[].match.vxlan_vtep_input → match_vxlan_vtep_input
flow.records[].match.vxlan_vtep_output → match_vxlan_vtep_output

Changes

• Add 5 VXLAN match field attribute mappings to iosxe_flow.tf:
  • match_datalink_vlan (lines 99, 147) - VLAN input/output matching for switch platforms
  • match_routing_vrf_input (lines 112, 160) - VRF input routing for multi-tenancy
  • match_vxlan_vnid (lines 115, 163) - VXLAN Network Identifier matching
  • match_vxlan_vtep_input (lines 116, 164) - VTEP input endpoint matching
  • match_vxlan_vtep_output (lines 117, 165) - VTEP output endpoint matching
• Support for device-specific, default, and null configuration values
• Three-tier fallback hierarchy: device config → global defaults → null
• Pre-commit hooks passed: terraform fmt, tflint, terraform-docs

This Enables Declarative Configuration of:

• VXLAN overlay network monitoring with detailed visibility into VXLAN traffic flows
• Per-device VXLAN match configurations with global default fallback
• VLAN-aware flow monitoring on switch platforms (input/output VLAN matching)
• Multi-tenancy monitoring through VRF input matching
• VXLAN Network Identifier (VNID) tracking for overlay segmentation analysis
• VXLAN Tunnel Endpoint (VTEP) visibility for both ingress and egress traffic
• Platform-specific field support with automatic handling of switch vs. router differences

Version Requirements

IOS-XE 17.12.1 and later:

• ✅ datalink_vlan (switch platforms only)
• ✅ routing_vrf_input
• ✅ vxlan_vnid

IOS-XE 17.15.1 and later:

• ⚠️ vxlan_vtep_input Requires IOS-XE 17.15.1+
• ⚠️ vxlan_vtep_output Requires IOS-XE 17.15.1+

Example Configuration

iosxe:
  devices:
    - name: Cat9k-Switch
      configuration:
        flow:
          records:
            - name: VXLAN_RECORD
              description: VXLAN-Aware Flow Record
              match:
                ipv4_source_address: true
                ipv4_destination_address: true
                ipv4_protocol: true
                # VXLAN-aware match fields
                datalink_vlan: input           # Switch platforms only
                routing_vrf_input: true        # All platforms
                vxlan_vnid: true               # All platforms
                vxlan_vtep_input: true         # IOS-XE 17.15.1+
                vxlan_vtep_output: true        # IOS-XE 17.15.1+
              collect:
                counter_bytes_long: true
                counter_packets_long: true
                timestamp_absolute_first: true
                timestamp_absolute_last: true

Testing

Multi-Platform Validation

- Catalyst 9000V (Switch, IOS-XE 17.15): ✅ All 5 fields deployed successfully
- Catalyst 8000V (Router, IOS-XE 17.15): ✅ 4 universal fields deployed successfully

Terraform Operations Verified

- ✅ terraform plan - Shows all 5 VXLAN match fields
- ✅ terraform apply - Successfully creates flow records with VXLAN fields
- ✅ terraform destroy - Cleanly removes configuration
- ✅ Device verification - All fields present in running-config

Pre-commit Quality Checks

Terraform fmt............................................................Passed
Terraform validate with tflint...........................................Passed
terraform-docs...........................................................Passed
terraform-docs...........................................................Passed
terraform-docs...........................................................Passed
terraform-docs...........................................................Passed