L3 ZTP inband - Leaves MLAG peer link configuration

[dgonzalez85]

Issue Summary

As discussed with @jrecchia1029, when we enable L3 ZTP inband as follows:

  inband_ztp: true
  inband_mgmt_interface: "Loopback0"

When fabric is an L3LS, with L3 P2P links between leaves and spines, we configure the following the L3 leaves with LACP fallback on the MLAG peer link:

interface Port-Channel3
   description MLAG_DC1-CL2_Port-Channel3
   no shutdown
   switchport mode trunk
   switchport trunk group MLAG
   switchport
   port-channel lacp fallback individual
   port-channel lacp fallback timeout 30
   no sflow enable
interface Ethernet3
   description MLAG_DC1-CL2_Ethernet3
   no shutdown
   speed 100g
   switchport access vlan 4092
   switchport mode access
   switchport
   channel-group 3 mode active

This is valid for L2 ZTP inband, where in some scenarios we may need to ZTP over the MLAG peer link. However in L3 ZTP inband, this should not be necessary. Also inband mgmt vlan 4092 does not exist in the leaves for this type of fabric.

We probably need a check in AVD to not configure the MLAG peer link to allow for in-band ZTP of an MLAG neighbor if a device's connection to its uplink neighbor is a p2p link.

Which component(s) of AVD impacted

eos_designs

How do you run AVD ?

Ansible CLI (with virtual-env or native python)

Steps to reproduce

Enable L3 ZTP inband in the leaves as follows with an L3LS fabric:


l3leaf:
  defaults:
    # virtual router mac for VNIs assigned to Leaf switches
    virtual_router_mac_address: 00:1c:73:00:dc:01
    platform: vEOS
    bgp_as: "65000.1-65000.10"
    uplink_ipv4_pool: 192.168.1.0/24
    loopback_ipv4_pool: 192.168.100.0/24
    vtep_loopback_ipv4_pool: 192.168.200.0/24
    uplink_interfaces: [Ethernet1, Ethernet2]
    uplink_switches: [DC1-SP1, DC1-SP2]
    uplink_interface_speed: forced 100g
    mlag: true
    mlag_interfaces: [Ethernet3]
    mlag_interfaces_speed: 100g
    mlag_peer_ipv4_pool: 172.16.0.0/24
    mlag_peer_l3_ipv4_pool: 172.16.1.0/24
    mlag_dual_primary_detection: true
    spanning_tree_priority: 4096
    spanning_tree_mode: mstp
    inband_mgmt_interface: "Loopback0"
    inband_ztp: true
    structured_config:
      router_bgp:
        as_notation: "asdot"
    bgp_defaults:
      - timers bgp 5 15
      - neighbor default send-community

Relevant log output

Contributing Guide

• I agree to follow this project's Code of Conduct

[ClausHolbechArista]

An l3leaf could be deployed before the spine, so I still think it would make sense to support ZTP over the peer-link. Or maybe there is no spine in a small network.

[dgonzalez85]

If we need to support ZTP over the peer-link for L3 switches, we would need to create the inband mgmt vlan (4092 in the example) with a relay to the DHCP server, correct? It may complicate the solution. Currently this would not work anyway, since DHCP requests would not hit the Spines (or any other device acting as the DHCP server) over the peer-link.

@jrecchia1029 what do you think?

[ClausHolbechArista]

I am not saying we should use the 4092 vlan solution. We could make the fallback interface config use a static IP (maybe same as port-channel to keep it simple) and run a dhcp server locally on the leaf? We can also make this an option if we don't feel like it makes sense in most cases.