cisco.nxos icon indicating copy to clipboard operation
cisco.nxos copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

unable to configure multicast group under interface nve1 with cisco.nxos.nxos_vxlan_vtep_vni when global ingress replication bgp configured

Open vkhavroniuk opened this issue 3 years ago • 2 comments

SUMMARY

cisco.nxos.nxos_vxlan_vtep_vni module does not allow to configure multicast_group in case if "global ingress-replication protocol bgp" configured under NVE interface

global ingress-replication under nve1 allows to specify BUM replication by default. then every single VNI can have own config. empty group: inherit global multicast specified: multicast replication bgp ingress replication specifed: bgp ingress replication for BUM Please see: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/vxlan/configuration/guide/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x_chapter_0101.html

ISSUE TYPE
  • Bug Report
COMPONENT NAME

cisco.nxos.nxos_vxlan_vtep_vni

ANSIBLE VERSION

ansible 2.9.6 config file = /etc/ansible/ansible.cfg ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]

COLLECTION VERSION

cisco.nxos 4.0.0

CONFIGURATION

HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False PERSISTENT_CONNECT_TIMEOUT(/etc/ansible/ansible.cfg) = 25

OS / ENVIRONMENT

Linux 5.4.0-121-generic #137-Ubuntu SMP Wed Jun 15 13:33:07 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux NXOS: version 9.3(9)

STEPS TO REPRODUCE

nexus switch configuration:

interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 global ingress-replication protocol bgp source-interface hold-down-time 60

task:

  • name: Configure VNI under NVE cisco.nxos.nxos_vxlan_vtep_vni: interface: nve1 vni: "{{ item.vni_id }}" multicast_group: "{{ item.mcast_grp }}" with_items: "{{ vlans_compute }}"

vars file: vlans_compute:

  • { vlan_id: 99, vni_id: 90099, mcast_grp: 239.1.1.11}
EXPECTED RESULTS

expected result: interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 global ingress-replication protocol bgp source-interface hold-down-time 60 member vni 90099 mcast-group 239.1.1.11

ACTUAL RESULTS

when multicast group configured manually validation passed for 10.X.X.1 : interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 global ingress-replication protocol bgp source-interface hold-down-time 60 member vni 90099 mcast-group 239.1.1.11

if none config fails (10.x.x.2):

PLAY RECAP ******************************************************************************************************************************10.X.X.1 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.X.X.2 : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

The full traceback is: File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_oqd13p9o/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible_collections/cisco/nxos/plugins/module_utils/network/nxos/nxos.py", line 321, in load_config resp = self.edit_config(commands, replace=replace) File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_oqd13p9o/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible_collections/cisco/nxos/plugins/module_utils/network/nxos/nxos.py", line 352, in edit_config responses = self._connection.send_request(candidate, output="config") File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_oqd13p9o/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible/module_utils/connection.py", line 185, in rpc raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code) failed: [10.X.X.2] (item={'vlan_id': 99, 'vni_id': 90099, 'mcast_grp': '239.1.1.11'}) => { "ansible_loop_var": "item", "changed": false, "invocation": { "module_args": { "assoc_vrf": null, "ingress_replication": null, "interface": "nve1", "multicast_group": "239.1.1.11", "multisite_ingress_replication": null, "peer_list": null, "state": "present", "suppress_arp": null, "suppress_arp_disable": null, "vni": "90099" } }, "item": { "mcast_grp": "239.1.1.11", "vlan_id": 99, "vni_id": 90099 }, "msg": ": CLI execution error: ERROR: Validation failed for VNI 90099. Please remove Ingress-Replication before configuring multicast group.\n\n" }

vkhavroniuk avatar Nov 29 '22 04:11 vkhavroniuk

I did fallback to ssh and performed some debug. Ansible module pushes incorrect set of commands to the switch:

task:

- name: Configure VNI under NVE
  cisco.nxos.nxos_vxlan_vtep_vni:
    interface: nve1
    vni: "90099"
    multicast_group: "239.0.0.1"

ansible debug:

The full traceback is:
  File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_fpu_f_j_/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible_collections/cisco/nxos/plugins/module_utils/network/nxos/nxos.py", line 152, in load_config
    resp = connection.edit_config(config, replace=replace)
  File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_fpu_f_j_/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [10.x.x.2]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "assoc_vrf": null,
            "ingress_replication": null,
            "interface": "nve1",
            "multicast_group": "239.0.0.1",
            "multisite_ingress_replication": null,
            "peer_list": null,
            "state": "present",
            "suppress_arp": null,
            "suppress_arp_disable": null,
            "vni": "90099"
        }
    },
    "msg": "no mcast-group\r\r\nERROR: Validation failed for VNI 90099. Please remove Ingress-Replication before configuring multicast group.\r\n\r\n\rleaf-sw1(config-if-nve-vni)# "
}

switch aaa debug:

Thu Dec  1 00:18:31 2022:type=update:id=x.x.x.x@pts/6:user=ansible:cmd=terminal length 0 (SUCCESS)
Thu Dec  1 00:18:32 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=terminal width 511 (SUCCESS)
Thu Dec  1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 (REDIRECT)
Thu Dec  1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 (SUCCESS)
Thu Dec  1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 ; member vni 90099 (REDIRECT)
Thu Dec  1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 ; member vni 90099 (SUCCESS)
Thu Dec  1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 ; member vni 90099 ; no mcast-group (REDIRECT)
Thu Dec  1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 ; member vni 90099 ; no mcast-group (FAILURE)

config should be:

interface nve1
  member vni 90099
    mcast-group 239.0.0.1

vkhavroniuk avatar Nov 30 '22 23:11 vkhavroniuk

cc @praveenramoorthy @mikewiebe for assistance.

NilashishC avatar Feb 08 '23 14:02 NilashishC