vJunos-switch: support for explicit EVPN vlan-aware bundle (ipspace#2576)

Author: ssasso

docs/caveats.md

@@ -387,13 +387,14 @@ See also [](caveats-junos).
 
 _netlab_ can use *default-switch* or MAC VRF EVPN configuration on a vJunos-switch. It uses MAC VRF EVPN configuration unless you set the **evpn.\_junos\_default\_macvrf** variable to *True*.
 
-MAC VRF EVPN configuration (using VLAN-based EVPN service) works well with most other EVPN implementations. However, it uses a separate MAC VRF for every VLAN, and as we're not creating the VLAN subinterfaces, we have to assign physical interfaces to MAC VRFs. It's thus impossible to use an EVPN-enabled VLAN in a VLAN trunk.
+MAC VRF EVPN configuration (using VLAN-based or VLAN-aware EVPN service) works well with most other EVPN implementations. However, it uses a separate MAC VRF for every VLAN, and as we're not creating the VLAN subinterfaces, we have to assign physical interfaces to MAC VRFs. It's thus impossible to use an EVPN-enabled VLAN in a VLAN trunk.
 
-The VLAN-aware EVPN configuration (using the `switch-options` of the default routing instance) has other drawbacks and limitations:
+The *default macvrf* VLAN-aware EVPN configuration (using the `switch-options` of the default routing instance) has other drawbacks and limitations:
 
 * All EVPN routes are announced with the same RD (configured under `switch-options`). A default route target is configured under `switch-options` but is then overwritten for each VNI under the `protocol evpn` configuration.
 * You cannot use multiple import/export RT. The *first* import RT is used on the configuration templates as the VNI RT.
-* VLAN-aware EVPN service might not work with devices from other vendors using VLAN-based EVPN service. For example, the VLAN-aware EVPN service works with FRRouting but not with Arista EOS.
+* VLAN-aware EVPN service might not work with devices from other vendors using VLAN-based EVPN service.
+* Every JunOS *routing-instance* (i.e., L3 VRF and MAC-VRF) must use a unique *Route Distinguisher*. For this reason, when using EVPN with VLAN Bundles, a new RD is allocated for every MAC-VRF.
 
 (caveats-vjunos-router)=
 ## vJunos-Router in Containerlab

netsim/ansible/templates/evpn/vjunos-switch.j2

@@ -93,6 +93,7 @@ vlans {
 {%   endfor %}
 }
 
+{# vlan-based MAC VRF #}
 routing-instances {
 {%   for vname,v in vlans.items() if v.evpn.evi is defined and v.evpn.bundle is not defined %}
   vlan_{{ vname }} {
@@ -134,6 +135,53 @@ routing-instances {
 }
 {% endif %}
 
+{# vlan-aware MAC VRF #}
+{% if vrfs is defined %}
+routing-instances {
+{%   for n,v in vrfs.items() if v.evpn.vlans is defined %}
+  vlan_aware_{{ n }} {
+    instance-type mac-vrf;
+    service-type vlan-aware;
+    vtep-source-interface {{ vxlan.vtep_interface }};
+    route-distinguisher {{ v._junos_l2vrf_rd }};
+{%     for dir in ['import', 'export'] %}
+{%       set tlist_len = v[dir]|default([])|length %}
+{%       if tlist_len == 1 %}
+    vrf-target {{ dir }} target:{{ v[dir][0] }};
+{%       elif tlist_len > 1 %}
+{#  use targets already defined by vrf #}
+    vrf-{{ dir }} vrf-{{ n }}-rt-{{ dir }};
+{%       endif %}
+{%     endfor %}
+{# map vlans and access interfaces #}
+{%     for vname in v.evpn.vlans %}
+{%       for intf in interfaces if intf.vlan.access|default('') == vname %}
+    interface {{ intf.ifname }};
+{%       endfor %}
+    vlans {
+      {{ vname }} {
+        vlan-id {{ vlans[vname].id }};
+{%   if vlans[vname].mode == 'irb' %}
+        l3-interface irb.{{ vlans[vname].id }};
+{%   endif %}
+        vxlan {
+          vni {{ vlans[vname].vni }};
+        }
+      }
+    }
+{%     endfor %}
+    protocols {
+      evpn {
+        encapsulation vxlan;
+        default-gateway no-gateway-community;
+        extended-vni-list all;
+      }
+    }
+  }
+{%   endfor %}
+}
+{% endif %}
+
 {# define L3VNI on vrf routing-instance #}
 {% if vrfs is defined %}
 routing-instances {

netsim/ansible/templates/vxlan/vjunos-switch.j2

@@ -24,7 +24,7 @@ switch-options {
 {# define basic VLAN to VXLAN mapping #}
 {% if vxlan.vlans is defined %}
 vlans {
-{%   for vname in vxlan.vlans if vlans[vname].vni is defined %}
+{%   for vname in vxlan.vlans if vlans[vname].vni is defined and vlans[vname].evpn.bundle is not defined %}
 {%     set vlan = vlans[vname] %}
     {{ vname }} {
         vxlan {

netsim/devices/vjunos-switch.py

@@ -5,6 +5,7 @@
 from .junos import JUNOS as _JUNOS
 from . import report_quirk
 from ..utils import log
+from ..modules import vrf
 
 def check_evpn_vlan_trunks(node: Box, topology: Box) -> None:
   if 'evpn' not in node.get('module',[]):
@@ -30,10 +31,26 @@ def check_evpn_vlan_trunks(node: Box, topology: Box) -> None:
           more_hints=['The node is using VLAN-based EVPN service which cannot be used with enterprise-style VLAN trunks'],
           quirk='evpn_macvrf')
 
+def macvrf_unique_rd_for_vlan_bundle(node: Box, topology: Box) -> None:
+  if 'evpn' not in node.get('module',[]):
+    return
+  if 'vrf' not in node.get('module',[]):
+    return
+  asn = vrf.get_rd_as_number(node, topology)
+  if asn is None:
+    return
+
+  for vname,vdata in node.vrfs.items():
+    if vdata.get('evpn.bundle'):
+      # in that case we need to generate a new RD for the mac-vrf (cannot be the same of L3 VRF)
+      free_vrf_idx = vrf.get_next_vrf_id(asn)
+      vdata._junos_l2vrf_rd = free_vrf_idx[1]
+
 class Junos_switch(_JUNOS):
   @classmethod
   def device_quirks(self, node: Box, topology: Box) -> None:
     if log.debug_active('quirks'):
       print(f"*** DEVICE QUIRKS FOR vJunos-switch {node.name}")
     check_evpn_vlan_trunks(node,topology)
+    macvrf_unique_rd_for_vlan_bundle(node,topology)
     super().device_quirks(node,topology)

netsim/devices/vjunos-switch.yml

@@ -10,6 +10,7 @@ features:
     asymmetrical_irb: true
     irb: true
     multi_rt: true
+    bundle: [ vlan_aware ]
   lag:
     passive: True
   vlan: