diff --git a/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md b/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md
index 07d240402c4..60c81f4d95a 100644
--- a/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md
+++ b/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md
@@ -832,6 +832,25 @@ To retain the vxlan encapsulation on WAN EVPN iBGP peerings use `wan_encapsulati
+ wan_encapsulation: vxlan
```
+### PREVIEW WAN HA Direct Link now uses Port-Channel by default
+
+For WAN direct HA, AVD will now configure a port-channel by default. This feature was introduced in EOS 4.33.0F.
+
+To retain the previous configuration use custom_platform_settings use `use_port_channel_for_direct_ha: false` under `wan_ha`.
+
+```diff
+ wan_router:
+ node_groups:
+ - group: Site42
+ cv_pathfinder_region: AVD_Land_West
+ cv_pathfinder_site: Site42
+ wan_ha:
+ enabled: true
++ use_port_channel_for_direct_ha: false
+ ha_interfaces: [Ethernet52]
+ ha_ipv4_pool: 10.10.10.0/24
+```
+
## Changes to role `arista.avd.eos_cli_config_gen`
TODO: Level 3 sections for each change with details on how to migrate
diff --git a/ansible_collections/arista/avd/docs/release-notes/5.x.x.md b/ansible_collections/arista/avd/docs/release-notes/5.x.x.md
index cdccd5f837e..de899454566 100644
--- a/ansible_collections/arista/avd/docs/release-notes/5.x.x.md
+++ b/ansible_collections/arista/avd/docs/release-notes/5.x.x.md
@@ -237,6 +237,15 @@ With AVD version 5.0.0 the default encapsulation used for EVPN iBGP peering betw
See the [porting guide](../porting-guides/5.x.x.md#default-encapsulation-for-wan-evpn-ibgp-peerings-changed-to-path-selection) for details.
+#### PREVIEW WAN HA Direct Link now uses Port-Channel by default
+
+TODO: Keep PREVIEW changes at the end as we warn users that PREVIEW mean changes
+
+For WAN direct HA, AVD will now configure a port-channel by default.
+This feature was introduced recently in EOS and may not be supported on your version.
+
+See the [porting guide](../porting-guides/5.x.x.md#preview-wan-ha-direct-link-now-uses-port-channel-by-default) for details.
+
### Other breaking or behavioral changes
Breaking changes may require modifications to the inventory or playbook. See the [Porting guide for AVD 5.x.x](../porting-guides/5.x.x.md)
diff --git a/ansible_collections/arista/avd/media/wan_direct_ha_no_lan.png b/ansible_collections/arista/avd/media/wan_direct_ha_no_lan.png
index a432ff94970..4cb249fbee0 100644
Binary files a/ansible_collections/arista/avd/media/wan_direct_ha_no_lan.png and b/ansible_collections/arista/avd/media/wan_direct_ha_no_lan.png differ
diff --git a/ansible_collections/arista/avd/media/wan_ebgp_lan_ha.png b/ansible_collections/arista/avd/media/wan_ebgp_lan_ha.png
index 064ca774ffb..fc5cf666919 100644
Binary files a/ansible_collections/arista/avd/media/wan_ebgp_lan_ha.png and b/ansible_collections/arista/avd/media/wan_ebgp_lan_ha.png differ
diff --git a/ansible_collections/arista/avd/media/wan_ebgp_lan_ha_direct.png b/ansible_collections/arista/avd/media/wan_ebgp_lan_ha_direct.png
index 6607b8ae323..561855696f2 100644
Binary files a/ansible_collections/arista/avd/media/wan_ebgp_lan_ha_direct.png and b/ansible_collections/arista/avd/media/wan_ebgp_lan_ha_direct.png differ
diff --git a/ansible_collections/arista/avd/media/wan_ebgp_lan_single_router.png b/ansible_collections/arista/avd/media/wan_ebgp_lan_single_router.png
index b77bd592644..3c19b65a12c 100644
Binary files a/ansible_collections/arista/avd/media/wan_ebgp_lan_single_router.png and b/ansible_collections/arista/avd/media/wan_ebgp_lan_single_router.png differ
diff --git a/ansible_collections/arista/avd/media/wan_lan_common.png b/ansible_collections/arista/avd/media/wan_lan_common.png
index dc580ee4ef5..6bfa177b2d8 100644
Binary files a/ansible_collections/arista/avd/media/wan_lan_common.png and b/ansible_collections/arista/avd/media/wan_lan_common.png differ
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg
index 7c1fcfc730b..23fc3ec5752 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg
@@ -222,10 +222,11 @@ interface Ethernet1
dhcp client accept default-route
!
interface Ethernet52
- description DIRECT LAN HA LINK
+ description WAN_HA_cv-pathfinder-edge3B_Ethernet52
no shutdown
mtu 9100
no switchport
+ flow tracker hardware FLOW-TRACKER
ip address 10.10.10.1/24
!
interface Loopback0
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg
index f7b3f0f5f69..d41fcd8b64b 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg
@@ -222,10 +222,11 @@ interface Ethernet2
ip address 172.15.6.6/31
!
interface Ethernet52
- description DIRECT LAN HA LINK
+ description WAN_HA_cv-pathfinder-edge3A_Ethernet52
no shutdown
mtu 9100
no switchport
+ flow tracker hardware FLOW-TRACKER
ip address 10.10.10.2/24
!
interface Loopback0
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg
new file mode 100644
index 00000000000..0cfb90d6f40
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg
@@ -0,0 +1,445 @@
+!
+no enable password
+no aaa root
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP=1
+!
+management api http-commands
+ protocol https
+ no shutdown
+ !
+ vrf MGMT
+ no shutdown
+!
+flow tracking hardware
+ tracker FLOW-TRACKER
+ record export on inactive timeout 70000
+ record export on interval 300000
+ exporter CV-TELEMETRY
+ collector 127.0.0.1
+ local interface Loopback0
+ template interval 3600000
+ no shutdown
+!
+service routing protocols model multi-agent
+!
+hostname cv-pathfinder-edge4A
+!
+router adaptive-virtual-topology
+ topology role transit region
+ region AVD_Land_West id 42
+ zone AVD_Land_West-ZONE id 1
+ site Site405 id 405
+ !
+ policy DEFAULT-AVT-POLICY
+ !
+ match application-profile VIDEO
+ avt profile DEFAULT-AVT-POLICY-VIDEO
+ !
+ match application-profile default
+ avt profile DEFAULT-AVT-POLICY-DEFAULT
+ !
+ policy DEFAULT-AVT-POLICY-WITH-CP
+ !
+ match application-profile APP-PROFILE-CONTROL-PLANE
+ avt profile DEFAULT-AVT-POLICY-CONTROL-PLANE
+ !
+ match application-profile VIDEO
+ avt profile DEFAULT-AVT-POLICY-VIDEO
+ !
+ match application-profile default
+ avt profile DEFAULT-AVT-POLICY-DEFAULT
+ !
+ policy PROD-AVT-POLICY
+ !
+ match application-profile VOICE
+ avt profile PROD-AVT-POLICY-VOICE
+ !
+ match application-profile VIDEO
+ avt profile PROD-AVT-POLICY-VIDEO
+ !
+ match application-profile MPLS-ONLY
+ avt profile PROD-AVT-POLICY-MPLS-ONLY
+ !
+ match application-profile default
+ avt profile PROD-AVT-POLICY-DEFAULT
+ !
+ profile DEFAULT-AVT-POLICY-CONTROL-PLANE
+ path-selection load-balance LB-DEFAULT-AVT-POLICY-CONTROL-PLANE
+ !
+ profile DEFAULT-AVT-POLICY-DEFAULT
+ path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT
+ !
+ profile DEFAULT-AVT-POLICY-VIDEO
+ path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO
+ !
+ profile PROD-AVT-POLICY-DEFAULT
+ path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
+ !
+ profile PROD-AVT-POLICY-MPLS-ONLY
+ path-selection load-balance LB-PROD-AVT-POLICY-MPLS-ONLY
+ !
+ profile PROD-AVT-POLICY-VIDEO
+ path-selection load-balance LB-PROD-AVT-POLICY-VIDEO
+ !
+ profile PROD-AVT-POLICY-VOICE
+ path-selection load-balance LB-PROD-AVT-POLICY-VOICE
+ !
+ vrf default
+ avt policy DEFAULT-AVT-POLICY-WITH-CP
+ avt profile DEFAULT-AVT-POLICY-DEFAULT id 1
+ avt profile DEFAULT-AVT-POLICY-VIDEO id 3
+ avt profile DEFAULT-AVT-POLICY-CONTROL-PLANE id 254
+ !
+ vrf IT
+ avt policy DEFAULT-AVT-POLICY
+ avt profile DEFAULT-AVT-POLICY-DEFAULT id 1
+ avt profile DEFAULT-AVT-POLICY-VIDEO id 3
+ !
+ vrf PROD
+ avt policy PROD-AVT-POLICY
+ avt profile PROD-AVT-POLICY-DEFAULT id 1
+ avt profile PROD-AVT-POLICY-VOICE id 2
+ avt profile PROD-AVT-POLICY-VIDEO id 4
+ avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+!
+router path-selection
+ tcp mss ceiling ipv4 ingress
+ !
+ path-group INET id 101
+ ipsec profile CP-PROFILE
+ !
+ local interface Ethernet1.42
+ stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3
+ !
+ peer dynamic
+ !
+ peer static router-ip 192.168.144.1
+ name cv-pathfinder-pathfinder
+ ipv4 address 172.17.7.7
+ ipv4 address 10.9.9.9
+ !
+ path-group LAN_HA id 65535
+ flow assignment lan
+ !
+ local interface Port-Channel666
+ !
+ peer static router-ip 192.168.142.9
+ name cv-pathfinder-edge4B
+ ipv4 address 10.10.10.2
+ !
+ load-balance policy LB-DEFAULT-AVT-POLICY-CONTROL-PLANE
+ path-group INET
+ path-group LAN_HA
+ !
+ load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT
+ path-group INET
+ path-group LAN_HA
+ !
+ load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO
+ path-group INET
+ path-group LAN_HA
+ !
+ load-balance policy LB-PROD-AVT-POLICY-DEFAULT
+ path-group INET
+ path-group LAN_HA
+ !
+ load-balance policy LB-PROD-AVT-POLICY-MPLS-ONLY
+ path-group LAN_HA
+ !
+ load-balance policy LB-PROD-AVT-POLICY-VIDEO
+ loss-rate 42.0
+ path-group LAN_HA
+ path-group INET priority 2
+ !
+ load-balance policy LB-PROD-AVT-POLICY-VOICE
+ jitter 42
+ hop count lowest
+ path-group LAN_HA
+ path-group INET priority 2
+!
+spanning-tree mode none
+!
+vrf instance IT
+!
+vrf instance MGMT
+!
+vrf instance PROD
+!
+management security
+ !
+ ssl profile profileA
+ tls versions 1.2
+ trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+ certificate profileA.crt key profileA.key
+!
+ip security
+ ike policy CP-IKE-POLICY
+ local-id 192.168.142.8
+ !
+ sa policy CP-SA-POLICY
+ esp encryption aes256gcm128
+ pfs dh-group 14
+ !
+ sa policy DP-SA-POLICY
+ esp encryption aes256gcm128
+ pfs dh-group 14
+ !
+ profile CP-PROFILE
+ ike-policy CP-IKE-POLICY
+ sa-policy CP-SA-POLICY
+ connection start
+ shared-key 7 ABCDEF1234567890
+ dpd 10 50 clear
+ mode transport
+ !
+ profile DP-PROFILE
+ sa-policy DP-SA-POLICY
+ connection start
+ shared-key 7 ABCDEF1234567890666
+ dpd 10 50 clear
+ mode transport
+ !
+ key controller
+ profile DP-PROFILE
+!
+interface Port-Channel666
+ description WAN_HA_cv-pathfinder-edge4B_Port-Channel666
+ no shutdown
+ mtu 9194
+ no switchport
+ flow tracker hardware FLOW-TRACKER
+ ip address 10.10.10.1/24
+!
+interface Dps1
+ description DPS Interface
+ mtu 9194
+ flow tracker hardware FLOW-TRACKER
+ ip address 192.168.142.8/32
+!
+interface Ethernet1
+ no shutdown
+ no switchport
+!
+interface Ethernet1.42
+ description Comcast
+ no shutdown
+ encapsulation dot1q vlan 42
+ ip address dhcp
+ dhcp client accept default-route
+!
+interface Ethernet42
+ description WAN_HA_cv-pathfinder-edge4B_Ethernet42
+ no shutdown
+ mtu 9194
+ channel-group 666 mode active
+!
+interface Ethernet43
+ description WAN_HA_cv-pathfinder-edge4B_Ethernet43
+ no shutdown
+ mtu 9194
+ channel-group 666 mode active
+!
+interface Loopback0
+ description ROUTER_ID
+ no shutdown
+ ip address 192.168.42.8/32
+!
+interface Vxlan1
+ description cv-pathfinder-edge4A_VTEP
+ vxlan source-interface Dps1
+ vxlan udp-port 4789
+ vxlan vrf default vni 1
+ vxlan vrf IT vni 100
+ vxlan vrf PROD vni 42
+!
+application traffic recognition
+ !
+ application ipv4 APP-CONTROL-PLANE
+ destination prefix field-set PFX-PATHFINDERS
+ !
+ application ipv4 CUSTOM-APPLICATION-1
+ source prefix field-set CUSTOM-SRC-PREFIX-1
+ destination prefix field-set CUSTOM-DEST-PREFIX-1
+ protocol tcp
+ !
+ application ipv4 CUSTOM-APPLICATION-2
+ protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
+ !
+ application ipv4 CUSTOM-DSCP-APPLICATION
+ dscp ef 12-14 cs6 42
+ !
+ category VIDEO1
+ application CUSTOM-APPLICATION-2
+ application CUSTOM-DSCP-APPLICATION
+ application microsoft-teams
+ !
+ application-profile APP-PROFILE-CONTROL-PLANE
+ application APP-CONTROL-PLANE
+ !
+ application-profile MPLS-ONLY
+ !
+ application-profile VIDEO
+ application CUSTOM-APPLICATION-1
+ application skype
+ application rtp transport
+ category VIDEO1
+ !
+ application-profile VOICE
+ application CUSTOM-VOICE-APPLICATION
+ !
+ field-set ipv4 prefix CUSTOM-DEST-PREFIX-1
+ 6.6.6.0/24
+ !
+ field-set ipv4 prefix CUSTOM-SRC-PREFIX-1
+ 42.42.42.0/24
+ !
+ field-set ipv4 prefix PFX-PATHFINDERS
+ 192.168.144.1/32
+ !
+ field-set l4-port TCP-DEST-2
+ 666, 777
+ !
+ field-set l4-port TCP-SRC-2
+ 42
+!
+ip routing
+ip routing vrf IT
+no ip routing vrf MGMT
+ip routing vrf PROD
+!
+ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.8:405
+!
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ seq 10 permit 192.168.42.0/24 eq 32
+!
+route-map RM-BGP-UNDERLAY-PEERS-IN permit 40
+ description Mark prefixes originated from the LAN
+ set extcommunity soo 192.168.42.8:405 additive
+!
+route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10
+ description Make routes learned from WAN HA peer less preferred on LAN routers
+ match route-type internal
+ match tag 50
+ set metric 50
+!
+route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20
+!
+route-map RM-CONN-2-BGP permit 10
+ match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ set extcommunity soo 192.168.42.8:405 additive
+!
+route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10
+ match extcommunity ECL-EVPN-SOO
+!
+route-map RM-EVPN-SOO-IN deny 10
+ match extcommunity ECL-EVPN-SOO
+!
+route-map RM-EVPN-SOO-IN permit 20
+!
+route-map RM-EVPN-SOO-OUT permit 10
+ set extcommunity soo 192.168.42.8:405 additive
+!
+route-map RM-WAN-HA-PEER-IN permit 10
+ description Set tag 50 on routes received from HA peer over EVPN
+ set tag 50
+!
+route-map RM-WAN-HA-PEER-OUT permit 10
+ description Make EVPN routes learned from WAN less preferred on HA peer
+ match route-type internal
+ set local-preference 50
+!
+route-map RM-WAN-HA-PEER-OUT permit 20
+ description Make locally injected routes less preferred on HA peer
+ set local-preference 75
+!
+router bfd
+ multihop interval 300 min-rx 300 multiplier 3
+!
+router bgp 65000
+ router-id 192.168.42.8
+ maximum-paths 16
+ update wait-install
+ no bgp default ipv4-unicast
+ neighbor IPv4-UNDERLAY-PEERS peer group
+ neighbor IPv4-UNDERLAY-PEERS send-community
+ neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
+ neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in
+ neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out
+ neighbor WAN-OVERLAY-PEERS peer group
+ neighbor WAN-OVERLAY-PEERS remote-as 65000
+ neighbor WAN-OVERLAY-PEERS update-source Dps1
+ neighbor WAN-OVERLAY-PEERS bfd
+ neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10
+ neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1
+ neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ==
+ neighbor WAN-OVERLAY-PEERS send-community
+ neighbor WAN-OVERLAY-PEERS maximum-routes 0
+ neighbor 192.168.142.9 remote-as 65000
+ neighbor 192.168.142.9 description cv-pathfinder-edge4B
+ neighbor 192.168.142.9 route-reflector-client
+ neighbor 192.168.142.9 update-source Dps1
+ neighbor 192.168.142.9 route-map RM-WAN-HA-PEER-IN in
+ neighbor 192.168.142.9 route-map RM-WAN-HA-PEER-OUT out
+ neighbor 192.168.142.9 send-community
+ neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS
+ neighbor 192.168.144.1 description cv-pathfinder-pathfinder_Dps1
+ redistribute connected route-map RM-CONN-2-BGP
+ !
+ address-family evpn
+ neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in
+ neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out
+ neighbor WAN-OVERLAY-PEERS activate
+ neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+ neighbor 192.168.142.9 activate
+ neighbor 192.168.142.9 encapsulation path-selection
+ neighbor default next-hop-self received-evpn-routes route-type ip-prefix
+ !
+ address-family ipv4
+ neighbor IPv4-UNDERLAY-PEERS activate
+ no neighbor WAN-OVERLAY-PEERS activate
+ !
+ address-family ipv4 sr-te
+ neighbor WAN-OVERLAY-PEERS activate
+ !
+ address-family link-state
+ neighbor WAN-OVERLAY-PEERS activate
+ path-selection
+ !
+ address-family path-selection
+ bgp additional-paths receive
+ bgp additional-paths send any
+ neighbor WAN-OVERLAY-PEERS activate
+ !
+ vrf default
+ rd 192.168.42.8:1
+ route-target import evpn 1:1
+ route-target export evpn 1:1
+ route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
+ !
+ vrf IT
+ rd 192.168.42.8:1000
+ route-target import evpn 1000:1000
+ route-target export evpn 1000:1000
+ router-id 192.168.42.8
+ redistribute connected
+ !
+ vrf PROD
+ rd 192.168.42.8:142
+ route-target import evpn 142:142
+ route-target export evpn 142:142
+ router-id 192.168.42.8
+ redistribute connected
+!
+router traffic-engineering
+!
+stun
+ client
+ server-profile INET-cv-pathfinder-pathfinder-Ethernet1
+ ip address 172.17.7.7
+ ssl profile profileA
+ server-profile INET-cv-pathfinder-pathfinder-Ethernet3
+ ip address 10.9.9.9
+ ssl profile profileA
+!
+end
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg
new file mode 100644
index 00000000000..9c916ea5e4d
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg
@@ -0,0 +1,445 @@
+!
+no enable password
+no aaa root
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP=1
+!
+management api http-commands
+ protocol https
+ no shutdown
+ !
+ vrf MGMT
+ no shutdown
+!
+flow tracking hardware
+ tracker FLOW-TRACKER
+ record export on inactive timeout 70000
+ record export on interval 300000
+ exporter CV-TELEMETRY
+ collector 127.0.0.1
+ local interface Loopback0
+ template interval 3600000
+ no shutdown
+!
+service routing protocols model multi-agent
+!
+hostname cv-pathfinder-edge4B
+!
+router adaptive-virtual-topology
+ topology role transit region
+ region AVD_Land_West id 42
+ zone AVD_Land_West-ZONE id 1
+ site Site405 id 405
+ !
+ policy DEFAULT-AVT-POLICY
+ !
+ match application-profile VIDEO
+ avt profile DEFAULT-AVT-POLICY-VIDEO
+ !
+ match application-profile default
+ avt profile DEFAULT-AVT-POLICY-DEFAULT
+ !
+ policy DEFAULT-AVT-POLICY-WITH-CP
+ !
+ match application-profile APP-PROFILE-CONTROL-PLANE
+ avt profile DEFAULT-AVT-POLICY-CONTROL-PLANE
+ !
+ match application-profile VIDEO
+ avt profile DEFAULT-AVT-POLICY-VIDEO
+ !
+ match application-profile default
+ avt profile DEFAULT-AVT-POLICY-DEFAULT
+ !
+ policy PROD-AVT-POLICY
+ !
+ match application-profile VOICE
+ avt profile PROD-AVT-POLICY-VOICE
+ !
+ match application-profile VIDEO
+ avt profile PROD-AVT-POLICY-VIDEO
+ !
+ match application-profile MPLS-ONLY
+ avt profile PROD-AVT-POLICY-MPLS-ONLY
+ !
+ match application-profile default
+ avt profile PROD-AVT-POLICY-DEFAULT
+ !
+ profile DEFAULT-AVT-POLICY-CONTROL-PLANE
+ path-selection load-balance LB-DEFAULT-AVT-POLICY-CONTROL-PLANE
+ !
+ profile DEFAULT-AVT-POLICY-DEFAULT
+ path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT
+ !
+ profile DEFAULT-AVT-POLICY-VIDEO
+ path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO
+ !
+ profile PROD-AVT-POLICY-DEFAULT
+ path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
+ !
+ profile PROD-AVT-POLICY-MPLS-ONLY
+ path-selection load-balance LB-PROD-AVT-POLICY-MPLS-ONLY
+ !
+ profile PROD-AVT-POLICY-VIDEO
+ path-selection load-balance LB-PROD-AVT-POLICY-VIDEO
+ !
+ profile PROD-AVT-POLICY-VOICE
+ path-selection load-balance LB-PROD-AVT-POLICY-VOICE
+ !
+ vrf default
+ avt policy DEFAULT-AVT-POLICY-WITH-CP
+ avt profile DEFAULT-AVT-POLICY-DEFAULT id 1
+ avt profile DEFAULT-AVT-POLICY-VIDEO id 3
+ avt profile DEFAULT-AVT-POLICY-CONTROL-PLANE id 254
+ !
+ vrf IT
+ avt policy DEFAULT-AVT-POLICY
+ avt profile DEFAULT-AVT-POLICY-DEFAULT id 1
+ avt profile DEFAULT-AVT-POLICY-VIDEO id 3
+ !
+ vrf PROD
+ avt policy PROD-AVT-POLICY
+ avt profile PROD-AVT-POLICY-DEFAULT id 1
+ avt profile PROD-AVT-POLICY-VOICE id 2
+ avt profile PROD-AVT-POLICY-VIDEO id 4
+ avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+!
+router path-selection
+ tcp mss ceiling ipv4 ingress
+ !
+ path-group INET id 101
+ ipsec profile CP-PROFILE
+ !
+ local interface Ethernet1.42
+ stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3
+ !
+ peer dynamic
+ !
+ peer static router-ip 192.168.144.1
+ name cv-pathfinder-pathfinder
+ ipv4 address 172.17.7.7
+ ipv4 address 10.9.9.9
+ !
+ path-group LAN_HA id 65535
+ flow assignment lan
+ !
+ local interface Port-Channel666
+ !
+ peer static router-ip 192.168.142.8
+ name cv-pathfinder-edge4A
+ ipv4 address 10.10.10.1
+ !
+ load-balance policy LB-DEFAULT-AVT-POLICY-CONTROL-PLANE
+ path-group INET
+ path-group LAN_HA
+ !
+ load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT
+ path-group INET
+ path-group LAN_HA
+ !
+ load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO
+ path-group INET
+ path-group LAN_HA
+ !
+ load-balance policy LB-PROD-AVT-POLICY-DEFAULT
+ path-group INET
+ path-group LAN_HA
+ !
+ load-balance policy LB-PROD-AVT-POLICY-MPLS-ONLY
+ path-group LAN_HA
+ !
+ load-balance policy LB-PROD-AVT-POLICY-VIDEO
+ loss-rate 42.0
+ path-group LAN_HA
+ path-group INET priority 2
+ !
+ load-balance policy LB-PROD-AVT-POLICY-VOICE
+ jitter 42
+ hop count lowest
+ path-group LAN_HA
+ path-group INET priority 2
+!
+spanning-tree mode none
+!
+vrf instance IT
+!
+vrf instance MGMT
+!
+vrf instance PROD
+!
+management security
+ !
+ ssl profile profileA
+ tls versions 1.2
+ trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+ certificate profileA.crt key profileA.key
+!
+ip security
+ ike policy CP-IKE-POLICY
+ local-id 192.168.142.9
+ !
+ sa policy CP-SA-POLICY
+ esp encryption aes256gcm128
+ pfs dh-group 14
+ !
+ sa policy DP-SA-POLICY
+ esp encryption aes256gcm128
+ pfs dh-group 14
+ !
+ profile CP-PROFILE
+ ike-policy CP-IKE-POLICY
+ sa-policy CP-SA-POLICY
+ connection start
+ shared-key 7 ABCDEF1234567890
+ dpd 10 50 clear
+ mode transport
+ !
+ profile DP-PROFILE
+ sa-policy DP-SA-POLICY
+ connection start
+ shared-key 7 ABCDEF1234567890666
+ dpd 10 50 clear
+ mode transport
+ !
+ key controller
+ profile DP-PROFILE
+!
+interface Port-Channel666
+ description WAN_HA_cv-pathfinder-edge4A_Port-Channel666
+ no shutdown
+ mtu 9194
+ no switchport
+ flow tracker hardware FLOW-TRACKER
+ ip address 10.10.10.2/24
+!
+interface Dps1
+ description DPS Interface
+ mtu 9194
+ flow tracker hardware FLOW-TRACKER
+ ip address 192.168.142.9/32
+!
+interface Ethernet1
+ no shutdown
+ no switchport
+!
+interface Ethernet1.42
+ description Comcast
+ no shutdown
+ encapsulation dot1q vlan 42
+ ip address dhcp
+ dhcp client accept default-route
+!
+interface Ethernet42
+ description WAN_HA_cv-pathfinder-edge4A_Ethernet42
+ no shutdown
+ mtu 9194
+ channel-group 666 mode active
+!
+interface Ethernet43
+ description WAN_HA_cv-pathfinder-edge4A_Ethernet43
+ no shutdown
+ mtu 9194
+ channel-group 666 mode active
+!
+interface Loopback0
+ description ROUTER_ID
+ no shutdown
+ ip address 192.168.42.9/32
+!
+interface Vxlan1
+ description cv-pathfinder-edge4B_VTEP
+ vxlan source-interface Dps1
+ vxlan udp-port 4789
+ vxlan vrf default vni 1
+ vxlan vrf IT vni 100
+ vxlan vrf PROD vni 42
+!
+application traffic recognition
+ !
+ application ipv4 APP-CONTROL-PLANE
+ destination prefix field-set PFX-PATHFINDERS
+ !
+ application ipv4 CUSTOM-APPLICATION-1
+ source prefix field-set CUSTOM-SRC-PREFIX-1
+ destination prefix field-set CUSTOM-DEST-PREFIX-1
+ protocol tcp
+ !
+ application ipv4 CUSTOM-APPLICATION-2
+ protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
+ !
+ application ipv4 CUSTOM-DSCP-APPLICATION
+ dscp ef 12-14 cs6 42
+ !
+ category VIDEO1
+ application CUSTOM-APPLICATION-2
+ application CUSTOM-DSCP-APPLICATION
+ application microsoft-teams
+ !
+ application-profile APP-PROFILE-CONTROL-PLANE
+ application APP-CONTROL-PLANE
+ !
+ application-profile MPLS-ONLY
+ !
+ application-profile VIDEO
+ application CUSTOM-APPLICATION-1
+ application skype
+ application rtp transport
+ category VIDEO1
+ !
+ application-profile VOICE
+ application CUSTOM-VOICE-APPLICATION
+ !
+ field-set ipv4 prefix CUSTOM-DEST-PREFIX-1
+ 6.6.6.0/24
+ !
+ field-set ipv4 prefix CUSTOM-SRC-PREFIX-1
+ 42.42.42.0/24
+ !
+ field-set ipv4 prefix PFX-PATHFINDERS
+ 192.168.144.1/32
+ !
+ field-set l4-port TCP-DEST-2
+ 666, 777
+ !
+ field-set l4-port TCP-SRC-2
+ 42
+!
+ip routing
+ip routing vrf IT
+no ip routing vrf MGMT
+ip routing vrf PROD
+!
+ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.8:405
+!
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ seq 10 permit 192.168.42.0/24 eq 32
+!
+route-map RM-BGP-UNDERLAY-PEERS-IN permit 40
+ description Mark prefixes originated from the LAN
+ set extcommunity soo 192.168.42.8:405 additive
+!
+route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10
+ description Make routes learned from WAN HA peer less preferred on LAN routers
+ match route-type internal
+ match tag 50
+ set metric 50
+!
+route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20
+!
+route-map RM-CONN-2-BGP permit 10
+ match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ set extcommunity soo 192.168.42.8:405 additive
+!
+route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10
+ match extcommunity ECL-EVPN-SOO
+!
+route-map RM-EVPN-SOO-IN deny 10
+ match extcommunity ECL-EVPN-SOO
+!
+route-map RM-EVPN-SOO-IN permit 20
+!
+route-map RM-EVPN-SOO-OUT permit 10
+ set extcommunity soo 192.168.42.8:405 additive
+!
+route-map RM-WAN-HA-PEER-IN permit 10
+ description Set tag 50 on routes received from HA peer over EVPN
+ set tag 50
+!
+route-map RM-WAN-HA-PEER-OUT permit 10
+ description Make EVPN routes learned from WAN less preferred on HA peer
+ match route-type internal
+ set local-preference 50
+!
+route-map RM-WAN-HA-PEER-OUT permit 20
+ description Make locally injected routes less preferred on HA peer
+ set local-preference 75
+!
+router bfd
+ multihop interval 300 min-rx 300 multiplier 3
+!
+router bgp 65000
+ router-id 192.168.42.9
+ maximum-paths 16
+ update wait-install
+ no bgp default ipv4-unicast
+ neighbor IPv4-UNDERLAY-PEERS peer group
+ neighbor IPv4-UNDERLAY-PEERS send-community
+ neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
+ neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in
+ neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out
+ neighbor WAN-OVERLAY-PEERS peer group
+ neighbor WAN-OVERLAY-PEERS remote-as 65000
+ neighbor WAN-OVERLAY-PEERS update-source Dps1
+ neighbor WAN-OVERLAY-PEERS bfd
+ neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10
+ neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1
+ neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ==
+ neighbor WAN-OVERLAY-PEERS send-community
+ neighbor WAN-OVERLAY-PEERS maximum-routes 0
+ neighbor 192.168.142.8 remote-as 65000
+ neighbor 192.168.142.8 description cv-pathfinder-edge4A
+ neighbor 192.168.142.8 route-reflector-client
+ neighbor 192.168.142.8 update-source Dps1
+ neighbor 192.168.142.8 route-map RM-WAN-HA-PEER-IN in
+ neighbor 192.168.142.8 route-map RM-WAN-HA-PEER-OUT out
+ neighbor 192.168.142.8 send-community
+ neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS
+ neighbor 192.168.144.1 description cv-pathfinder-pathfinder_Dps1
+ redistribute connected route-map RM-CONN-2-BGP
+ !
+ address-family evpn
+ neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in
+ neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out
+ neighbor WAN-OVERLAY-PEERS activate
+ neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+ neighbor 192.168.142.8 activate
+ neighbor 192.168.142.8 encapsulation path-selection
+ neighbor default next-hop-self received-evpn-routes route-type ip-prefix
+ !
+ address-family ipv4
+ neighbor IPv4-UNDERLAY-PEERS activate
+ no neighbor WAN-OVERLAY-PEERS activate
+ !
+ address-family ipv4 sr-te
+ neighbor WAN-OVERLAY-PEERS activate
+ !
+ address-family link-state
+ neighbor WAN-OVERLAY-PEERS activate
+ path-selection
+ !
+ address-family path-selection
+ bgp additional-paths receive
+ bgp additional-paths send any
+ neighbor WAN-OVERLAY-PEERS activate
+ !
+ vrf default
+ rd 192.168.42.9:1
+ route-target import evpn 1:1
+ route-target export evpn 1:1
+ route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
+ !
+ vrf IT
+ rd 192.168.42.9:1000
+ route-target import evpn 1000:1000
+ route-target export evpn 1000:1000
+ router-id 192.168.42.9
+ redistribute connected
+ !
+ vrf PROD
+ rd 192.168.42.9:142
+ route-target import evpn 142:142
+ route-target export evpn 142:142
+ router-id 192.168.42.9
+ redistribute connected
+!
+router traffic-engineering
+!
+stun
+ client
+ server-profile INET-cv-pathfinder-pathfinder-Ethernet1
+ ip address 172.17.7.7
+ ssl profile profileA
+ server-profile INET-cv-pathfinder-pathfinder-Ethernet3
+ ip address 10.9.9.9
+ ssl profile profileA
+!
+end
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml
index 667c41dcb7a..e4d91367d88 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml
@@ -506,7 +506,11 @@ metadata:
- name: Site404
id: 404
location:
- address: Not Found
+ address: Atlantis
+ - name: Site405
+ id: 405
+ location:
+ address: El Dorado
- name: Site422
id: 422
location:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml
index 4eb37631807..a3e1f4889d0 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml
@@ -166,9 +166,10 @@ ethernet_interfaces:
peer_type: l3_interface
peer: cv-pathfinder-edge3B
shutdown: false
- description: DIRECT LAN HA LINK
+ description: WAN_HA_cv-pathfinder-edge3B_Ethernet52
ip_address: 10.10.10.1/24
- flow_tracker: null
+ flow_tracker:
+ hardware: FLOW-TRACKER
mtu: 9100
loopback_interfaces:
- name: Loopback0
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml
index d7e2f7b34fc..9fe0511421d 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml
@@ -165,9 +165,10 @@ ethernet_interfaces:
peer_type: l3_interface
peer: cv-pathfinder-edge3A
shutdown: false
- description: DIRECT LAN HA LINK
+ description: WAN_HA_cv-pathfinder-edge3A_Ethernet52
ip_address: 10.10.10.2/24
- flow_tracker: null
+ flow_tracker:
+ hardware: FLOW-TRACKER
mtu: 9100
loopback_interfaces:
- name: Loopback0
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml
new file mode 100644
index 00000000000..75d63d4996f
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml
@@ -0,0 +1,632 @@
+hostname: cv-pathfinder-edge4A
+is_deployed: true
+router_bgp:
+ as: '65000'
+ router_id: 192.168.42.8
+ bgp:
+ default:
+ ipv4_unicast: false
+ maximum_paths:
+ paths: 16
+ updates:
+ wait_install: true
+ peer_groups:
+ - name: IPv4-UNDERLAY-PEERS
+ type: ipv4
+ maximum_routes: 12000
+ send_community: all
+ route_map_in: RM-BGP-UNDERLAY-PEERS-IN
+ route_map_out: RM-BGP-UNDERLAY-PEERS-OUT
+ - name: WAN-OVERLAY-PEERS
+ type: wan
+ update_source: Dps1
+ bfd: true
+ password: htm4AZe9mIQOO1uiMuGgYQ==
+ send_community: all
+ maximum_routes: 0
+ remote_as: '65000'
+ ttl_maximum_hops: 1
+ bfd_timers:
+ interval: 1000
+ min_rx: 1000
+ multiplier: 10
+ address_family_ipv4:
+ peer_groups:
+ - name: IPv4-UNDERLAY-PEERS
+ activate: true
+ - name: WAN-OVERLAY-PEERS
+ activate: false
+ redistribute_routes:
+ - source_protocol: connected
+ route_map: RM-CONN-2-BGP
+ address_family_evpn:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ encapsulation: path-selection
+ route_map_in: RM-EVPN-SOO-IN
+ route_map_out: RM-EVPN-SOO-OUT
+ neighbor_default:
+ next_hop_self_received_evpn_routes:
+ enable: true
+ neighbors:
+ - ip_address: 192.168.142.9
+ activate: true
+ encapsulation: path-selection
+ address_family_ipv4_sr_te:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ address_family_link_state:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ path_selection:
+ roles:
+ producer: true
+ address_family_path_selection:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ bgp:
+ additional_paths:
+ receive: true
+ send:
+ any: true
+ neighbors:
+ - ip_address: 192.168.144.1
+ peer_group: WAN-OVERLAY-PEERS
+ peer: cv-pathfinder-pathfinder
+ description: cv-pathfinder-pathfinder_Dps1
+ - ip_address: 192.168.142.9
+ peer: cv-pathfinder-edge4B
+ description: cv-pathfinder-edge4B
+ remote_as: '65000'
+ update_source: Dps1
+ route_reflector_client: true
+ send_community: all
+ route_map_in: RM-WAN-HA-PEER-IN
+ route_map_out: RM-WAN-HA-PEER-OUT
+ vrfs:
+ - name: default
+ rd: 192.168.42.8:1
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - '1:1'
+ export:
+ - address_family: evpn
+ route_targets:
+ - '1:1'
+ - route-map RM-EVPN-EXPORT-VRF-DEFAULT
+ - name: IT
+ rd: 192.168.42.8:1000
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 1000:1000
+ export:
+ - address_family: evpn
+ route_targets:
+ - 1000:1000
+ router_id: 192.168.42.8
+ redistribute_routes:
+ - source_protocol: connected
+ - name: PROD
+ rd: 192.168.42.8:142
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 142:142
+ export:
+ - address_family: evpn
+ route_targets:
+ - 142:142
+ router_id: 192.168.42.8
+ redistribute_routes:
+ - source_protocol: connected
+service_routing_protocols_model: multi-agent
+ip_routing: true
+aaa_root:
+ disabled: true
+config_end: true
+enable_password:
+ disabled: true
+transceiver_qsfp_default_mode_4x10: false
+spanning_tree:
+ mode: none
+vrfs:
+- name: MGMT
+ ip_routing: false
+- name: IT
+ tenant: TenantA
+ ip_routing: true
+- name: PROD
+ tenant: TenantA
+ ip_routing: true
+management_api_http:
+ enable_vrfs:
+ - name: MGMT
+ enable_https: true
+ethernet_interfaces:
+- name: Ethernet1.42
+ peer_type: l3_interface
+ ip_address: dhcp
+ shutdown: false
+ description: Comcast
+ encapsulation_dot1q:
+ vlan: 42
+ dhcp_client_accept_default_route: true
+- name: Ethernet1
+ switchport:
+ enabled: false
+ peer_type: l3_interface
+ shutdown: false
+- name: Ethernet42
+ peer_type: wan_ha_peer
+ peer_interface: Ethernet42
+ peer: cv-pathfinder-edge4B
+ description: WAN_HA_cv-pathfinder-edge4B_Ethernet42
+ shutdown: false
+ channel_group:
+ id: 666
+ mode: active
+ mtu: 9194
+- name: Ethernet43
+ peer_type: wan_ha_peer
+ peer_interface: Ethernet43
+ peer: cv-pathfinder-edge4B
+ description: WAN_HA_cv-pathfinder-edge4B_Ethernet43
+ shutdown: false
+ channel_group:
+ id: 666
+ mode: active
+ mtu: 9194
+port_channel_interfaces:
+- name: Port-Channel666
+ switchport:
+ enabled: false
+ peer_type: l3_interface
+ peer_interface: Port-Channel666
+ peer: cv-pathfinder-edge4B
+ shutdown: false
+ description: WAN_HA_cv-pathfinder-edge4B_Port-Channel666
+ ip_address: 10.10.10.1/24
+ flow_tracker:
+ hardware: FLOW-TRACKER
+ mtu: 9194
+loopback_interfaces:
+- name: Loopback0
+ description: ROUTER_ID
+ shutdown: false
+ ip_address: 192.168.42.8/32
+prefix_lists:
+- name: PL-LOOPBACKS-EVPN-OVERLAY
+ sequence_numbers:
+ - sequence: 10
+ action: permit 192.168.42.0/24 eq 32
+route_maps:
+- name: RM-CONN-2-BGP
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ set:
+ - extcommunity soo 192.168.42.8:405 additive
+- name: RM-BGP-UNDERLAY-PEERS-IN
+ sequence_numbers:
+ - sequence: 40
+ type: permit
+ description: Mark prefixes originated from the LAN
+ set:
+ - extcommunity soo 192.168.42.8:405 additive
+- name: RM-BGP-UNDERLAY-PEERS-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ description: Make routes learned from WAN HA peer less preferred on LAN routers
+ match:
+ - tag 50
+ - route-type internal
+ set:
+ - metric 50
+ - sequence: 20
+ type: permit
+- name: RM-EVPN-SOO-IN
+ sequence_numbers:
+ - sequence: 10
+ type: deny
+ match:
+ - extcommunity ECL-EVPN-SOO
+ - sequence: 20
+ type: permit
+- name: RM-EVPN-SOO-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ set:
+ - extcommunity soo 192.168.42.8:405 additive
+- name: RM-WAN-HA-PEER-IN
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ description: Set tag 50 on routes received from HA peer over EVPN
+ set:
+ - tag 50
+- name: RM-WAN-HA-PEER-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ description: Make EVPN routes learned from WAN less preferred on HA peer
+ match:
+ - route-type internal
+ set:
+ - local-preference 50
+ - sequence: 20
+ type: permit
+ description: Make locally injected routes less preferred on HA peer
+ set:
+ - local-preference 75
+- name: RM-EVPN-EXPORT-VRF-DEFAULT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - extcommunity ECL-EVPN-SOO
+agents:
+- name: KernelFib
+ environment_variables:
+ - name: KERNELFIB_PROGRAM_ALL_ECMP
+ value: '1'
+ip_extcommunity_lists:
+- name: ECL-EVPN-SOO
+ entries:
+ - type: permit
+ extcommunities: soo 192.168.42.8:405
+ip_security:
+ ike_policies:
+ - name: CP-IKE-POLICY
+ local_id: 192.168.142.8
+ sa_policies:
+ - name: DP-SA-POLICY
+ esp:
+ encryption: aes256gcm128
+ pfs_dh_group: 14
+ - name: CP-SA-POLICY
+ esp:
+ encryption: aes256gcm128
+ pfs_dh_group: 14
+ profiles:
+ - name: DP-PROFILE
+ sa_policy: DP-SA-POLICY
+ connection: start
+ shared_key: ABCDEF1234567890666
+ dpd:
+ interval: 10
+ time: 50
+ action: clear
+ mode: transport
+ - name: CP-PROFILE
+ ike_policy: CP-IKE-POLICY
+ sa_policy: CP-SA-POLICY
+ connection: start
+ shared_key: ABCDEF1234567890
+ dpd:
+ interval: 10
+ time: 50
+ action: clear
+ mode: transport
+ key_controller:
+ profile: DP-PROFILE
+management_security:
+ ssl_profiles:
+ - name: profileA
+ certificate:
+ file: profileA.crt
+ key: profileA.key
+ trust_certificate:
+ certificates:
+ - aristaDeviceCertProvisionerDefaultRootCA.crt
+ tls_versions: '1.2'
+router_adaptive_virtual_topology:
+ topology_role: transit region
+ region:
+ name: AVD_Land_West
+ id: 42
+ zone:
+ name: AVD_Land_West-ZONE
+ id: 1
+ site:
+ name: Site405
+ id: 405
+ profiles:
+ - name: DEFAULT-AVT-POLICY-CONTROL-PLANE
+ load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE
+ - name: DEFAULT-AVT-POLICY-VIDEO
+ load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO
+ - name: DEFAULT-AVT-POLICY-DEFAULT
+ load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT
+ - name: PROD-AVT-POLICY-VOICE
+ load_balance_policy: LB-PROD-AVT-POLICY-VOICE
+ - name: PROD-AVT-POLICY-VIDEO
+ load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
+ - name: PROD-AVT-POLICY-MPLS-ONLY
+ load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-DEFAULT
+ load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
+ vrfs:
+ - name: default
+ policy: DEFAULT-AVT-POLICY-WITH-CP
+ profiles:
+ - name: DEFAULT-AVT-POLICY-CONTROL-PLANE
+ id: 254
+ - name: DEFAULT-AVT-POLICY-VIDEO
+ id: 3
+ - name: DEFAULT-AVT-POLICY-DEFAULT
+ id: 1
+ - name: PROD
+ policy: PROD-AVT-POLICY
+ profiles:
+ - name: PROD-AVT-POLICY-VOICE
+ id: 2
+ - name: PROD-AVT-POLICY-VIDEO
+ id: 4
+ - name: PROD-AVT-POLICY-MPLS-ONLY
+ id: 5
+ - name: PROD-AVT-POLICY-DEFAULT
+ id: 1
+ - name: IT
+ policy: DEFAULT-AVT-POLICY
+ profiles:
+ - name: DEFAULT-AVT-POLICY-VIDEO
+ id: 3
+ - name: DEFAULT-AVT-POLICY-DEFAULT
+ id: 1
+ policies:
+ - name: DEFAULT-AVT-POLICY-WITH-CP
+ matches:
+ - application_profile: APP-PROFILE-CONTROL-PLANE
+ avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE
+ - application_profile: VIDEO
+ avt_profile: DEFAULT-AVT-POLICY-VIDEO
+ - application_profile: default
+ avt_profile: DEFAULT-AVT-POLICY-DEFAULT
+ - name: PROD-AVT-POLICY
+ matches:
+ - application_profile: VOICE
+ avt_profile: PROD-AVT-POLICY-VOICE
+ - application_profile: VIDEO
+ avt_profile: PROD-AVT-POLICY-VIDEO
+ - application_profile: MPLS-ONLY
+ avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: default
+ avt_profile: PROD-AVT-POLICY-DEFAULT
+ - name: DEFAULT-AVT-POLICY
+ matches:
+ - application_profile: VIDEO
+ avt_profile: DEFAULT-AVT-POLICY-VIDEO
+ - application_profile: default
+ avt_profile: DEFAULT-AVT-POLICY-DEFAULT
+router_bfd:
+ multihop:
+ interval: 300
+ min_rx: 300
+ multiplier: 3
+router_path_selection:
+ tcp_mss_ceiling:
+ ipv4_segment_size: auto
+ path_groups:
+ - name: INET
+ id: 101
+ local_interfaces:
+ - name: Ethernet1.42
+ stun:
+ server_profiles:
+ - INET-cv-pathfinder-pathfinder-Ethernet1
+ - INET-cv-pathfinder-pathfinder-Ethernet3
+ dynamic_peers:
+ enabled: true
+ static_peers:
+ - router_ip: 192.168.144.1
+ name: cv-pathfinder-pathfinder
+ ipv4_addresses:
+ - 172.17.7.7
+ - 10.9.9.9
+ ipsec_profile: CP-PROFILE
+ - name: LAN_HA
+ id: 65535
+ flow_assignment: lan
+ local_interfaces:
+ - name: Port-Channel666
+ static_peers:
+ - router_ip: 192.168.142.9
+ name: cv-pathfinder-edge4B
+ ipv4_addresses:
+ - 10.10.10.2
+ load_balance_policies:
+ - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ - name: LB-DEFAULT-AVT-POLICY-VIDEO
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ - name: LB-DEFAULT-AVT-POLICY-DEFAULT
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-VOICE
+ path_groups:
+ - name: INET
+ priority: 2
+ - name: LAN_HA
+ jitter: 42
+ lowest_hop_count: true
+ - name: LB-PROD-AVT-POLICY-VIDEO
+ path_groups:
+ - name: INET
+ priority: 2
+ - name: LAN_HA
+ loss_rate: '42.0'
+ - name: LB-PROD-AVT-POLICY-MPLS-ONLY
+ path_groups:
+ - name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-DEFAULT
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+router_traffic_engineering:
+ enabled: true
+stun:
+ client:
+ server_profiles:
+ - name: INET-cv-pathfinder-pathfinder-Ethernet1
+ ip_address: 172.17.7.7
+ ssl_profile: profileA
+ - name: INET-cv-pathfinder-pathfinder-Ethernet3
+ ip_address: 10.9.9.9
+ ssl_profile: profileA
+application_traffic_recognition:
+ application_profiles:
+ - name: VIDEO
+ categories:
+ - name: VIDEO1
+ applications:
+ - name: CUSTOM-APPLICATION-1
+ - name: skype
+ application_transports:
+ - rtp
+ - name: VOICE
+ applications:
+ - name: CUSTOM-VOICE-APPLICATION
+ - name: MPLS-ONLY
+ - name: APP-PROFILE-CONTROL-PLANE
+ applications:
+ - name: APP-CONTROL-PLANE
+ categories:
+ - name: VIDEO1
+ applications:
+ - name: CUSTOM-APPLICATION-2
+ - name: CUSTOM-DSCP-APPLICATION
+ - name: microsoft-teams
+ applications:
+ ipv4_applications:
+ - name: CUSTOM-APPLICATION-1
+ protocols:
+ - tcp
+ src_prefix_set_name: CUSTOM-SRC-PREFIX-1
+ dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
+ - name: CUSTOM-APPLICATION-2
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-2
+ tcp_dest_port_set_name: TCP-DEST-2
+ - name: CUSTOM-DSCP-APPLICATION
+ dscp_ranges:
+ - ef
+ - 12-14
+ - cs6
+ - '42'
+ - name: APP-CONTROL-PLANE
+ dest_prefix_set_name: PFX-PATHFINDERS
+ field_sets:
+ l4_ports:
+ - name: TCP-SRC-2
+ port_values:
+ - '42'
+ - name: TCP-DEST-2
+ port_values:
+ - '666'
+ - '777'
+ ipv4_prefixes:
+ - name: CUSTOM-SRC-PREFIX-1
+ prefix_values:
+ - 42.42.42.0/24
+ - name: CUSTOM-DEST-PREFIX-1
+ prefix_values:
+ - 6.6.6.0/24
+ - name: PFX-PATHFINDERS
+ prefix_values:
+ - 192.168.144.1/32
+dps_interfaces:
+- name: Dps1
+ description: DPS Interface
+ mtu: 9194
+ ip_address: 192.168.142.8/32
+ flow_tracker:
+ hardware: FLOW-TRACKER
+vxlan_interface:
+ vxlan1:
+ description: cv-pathfinder-edge4A_VTEP
+ vxlan:
+ udp_port: 4789
+ source_interface: Dps1
+ vrfs:
+ - name: default
+ vni: 1
+ - name: IT
+ vni: 100
+ - name: PROD
+ vni: 42
+flow_tracking:
+ hardware:
+ trackers:
+ - name: FLOW-TRACKER
+ record_export:
+ on_inactive_timeout: 70000
+ on_interval: 300000
+ exporters:
+ - name: CV-TELEMETRY
+ collector:
+ host: 127.0.0.1
+ local_interface: Loopback0
+ template_interval: 3600000
+ shutdown: false
+metadata:
+ cv_tags:
+ device_tags:
+ - name: Role
+ value: transit region
+ - name: Region
+ value: AVD_Land_West
+ - name: Zone
+ value: AVD_Land_West-ZONE
+ - name: Site
+ value: Site405
+ interface_tags:
+ - interface: Ethernet1.42
+ tags:
+ - name: Type
+ value: wan
+ - name: Carrier
+ value: Comcast
+ - interface: Ethernet1
+ tags:
+ - name: Type
+ value: lan
+ - interface: Ethernet42
+ tags:
+ - name: Type
+ value: lan
+ - interface: Ethernet43
+ tags:
+ - name: Type
+ value: lan
+ cv_pathfinder:
+ role: transit region
+ ssl_profile: profileA
+ vtep_ip: 192.168.142.8
+ region: AVD_Land_West
+ zone: AVD_Land_West-ZONE
+ site: Site405
+ interfaces:
+ - name: Ethernet1.42
+ carrier: Comcast
+ pathgroup: INET
+ pathfinders:
+ - vtep_ip: 192.168.144.1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml
new file mode 100644
index 00000000000..4cd19e54f94
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml
@@ -0,0 +1,632 @@
+hostname: cv-pathfinder-edge4B
+is_deployed: true
+router_bgp:
+ as: '65000'
+ router_id: 192.168.42.9
+ bgp:
+ default:
+ ipv4_unicast: false
+ maximum_paths:
+ paths: 16
+ updates:
+ wait_install: true
+ peer_groups:
+ - name: IPv4-UNDERLAY-PEERS
+ type: ipv4
+ maximum_routes: 12000
+ send_community: all
+ route_map_in: RM-BGP-UNDERLAY-PEERS-IN
+ route_map_out: RM-BGP-UNDERLAY-PEERS-OUT
+ - name: WAN-OVERLAY-PEERS
+ type: wan
+ update_source: Dps1
+ bfd: true
+ password: htm4AZe9mIQOO1uiMuGgYQ==
+ send_community: all
+ maximum_routes: 0
+ remote_as: '65000'
+ ttl_maximum_hops: 1
+ bfd_timers:
+ interval: 1000
+ min_rx: 1000
+ multiplier: 10
+ address_family_ipv4:
+ peer_groups:
+ - name: IPv4-UNDERLAY-PEERS
+ activate: true
+ - name: WAN-OVERLAY-PEERS
+ activate: false
+ redistribute_routes:
+ - source_protocol: connected
+ route_map: RM-CONN-2-BGP
+ address_family_evpn:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ encapsulation: path-selection
+ route_map_in: RM-EVPN-SOO-IN
+ route_map_out: RM-EVPN-SOO-OUT
+ neighbor_default:
+ next_hop_self_received_evpn_routes:
+ enable: true
+ neighbors:
+ - ip_address: 192.168.142.8
+ activate: true
+ encapsulation: path-selection
+ address_family_ipv4_sr_te:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ address_family_link_state:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ path_selection:
+ roles:
+ producer: true
+ address_family_path_selection:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ bgp:
+ additional_paths:
+ receive: true
+ send:
+ any: true
+ neighbors:
+ - ip_address: 192.168.144.1
+ peer_group: WAN-OVERLAY-PEERS
+ peer: cv-pathfinder-pathfinder
+ description: cv-pathfinder-pathfinder_Dps1
+ - ip_address: 192.168.142.8
+ peer: cv-pathfinder-edge4A
+ description: cv-pathfinder-edge4A
+ remote_as: '65000'
+ update_source: Dps1
+ route_reflector_client: true
+ send_community: all
+ route_map_in: RM-WAN-HA-PEER-IN
+ route_map_out: RM-WAN-HA-PEER-OUT
+ vrfs:
+ - name: default
+ rd: 192.168.42.9:1
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - '1:1'
+ export:
+ - address_family: evpn
+ route_targets:
+ - '1:1'
+ - route-map RM-EVPN-EXPORT-VRF-DEFAULT
+ - name: IT
+ rd: 192.168.42.9:1000
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 1000:1000
+ export:
+ - address_family: evpn
+ route_targets:
+ - 1000:1000
+ router_id: 192.168.42.9
+ redistribute_routes:
+ - source_protocol: connected
+ - name: PROD
+ rd: 192.168.42.9:142
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - 142:142
+ export:
+ - address_family: evpn
+ route_targets:
+ - 142:142
+ router_id: 192.168.42.9
+ redistribute_routes:
+ - source_protocol: connected
+service_routing_protocols_model: multi-agent
+ip_routing: true
+aaa_root:
+ disabled: true
+config_end: true
+enable_password:
+ disabled: true
+transceiver_qsfp_default_mode_4x10: false
+spanning_tree:
+ mode: none
+vrfs:
+- name: MGMT
+ ip_routing: false
+- name: IT
+ tenant: TenantA
+ ip_routing: true
+- name: PROD
+ tenant: TenantA
+ ip_routing: true
+management_api_http:
+ enable_vrfs:
+ - name: MGMT
+ enable_https: true
+ethernet_interfaces:
+- name: Ethernet1.42
+ peer_type: l3_interface
+ ip_address: dhcp
+ shutdown: false
+ description: Comcast
+ encapsulation_dot1q:
+ vlan: 42
+ dhcp_client_accept_default_route: true
+- name: Ethernet1
+ switchport:
+ enabled: false
+ peer_type: l3_interface
+ shutdown: false
+- name: Ethernet42
+ peer_type: wan_ha_peer
+ peer_interface: Ethernet42
+ peer: cv-pathfinder-edge4A
+ description: WAN_HA_cv-pathfinder-edge4A_Ethernet42
+ shutdown: false
+ channel_group:
+ id: 666
+ mode: active
+ mtu: 9194
+- name: Ethernet43
+ peer_type: wan_ha_peer
+ peer_interface: Ethernet43
+ peer: cv-pathfinder-edge4A
+ description: WAN_HA_cv-pathfinder-edge4A_Ethernet43
+ shutdown: false
+ channel_group:
+ id: 666
+ mode: active
+ mtu: 9194
+port_channel_interfaces:
+- name: Port-Channel666
+ switchport:
+ enabled: false
+ peer_type: l3_interface
+ peer_interface: Port-Channel666
+ peer: cv-pathfinder-edge4A
+ shutdown: false
+ description: WAN_HA_cv-pathfinder-edge4A_Port-Channel666
+ ip_address: 10.10.10.2/24
+ flow_tracker:
+ hardware: FLOW-TRACKER
+ mtu: 9194
+loopback_interfaces:
+- name: Loopback0
+ description: ROUTER_ID
+ shutdown: false
+ ip_address: 192.168.42.9/32
+prefix_lists:
+- name: PL-LOOPBACKS-EVPN-OVERLAY
+ sequence_numbers:
+ - sequence: 10
+ action: permit 192.168.42.0/24 eq 32
+route_maps:
+- name: RM-CONN-2-BGP
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ set:
+ - extcommunity soo 192.168.42.8:405 additive
+- name: RM-BGP-UNDERLAY-PEERS-IN
+ sequence_numbers:
+ - sequence: 40
+ type: permit
+ description: Mark prefixes originated from the LAN
+ set:
+ - extcommunity soo 192.168.42.8:405 additive
+- name: RM-BGP-UNDERLAY-PEERS-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ description: Make routes learned from WAN HA peer less preferred on LAN routers
+ match:
+ - tag 50
+ - route-type internal
+ set:
+ - metric 50
+ - sequence: 20
+ type: permit
+- name: RM-EVPN-SOO-IN
+ sequence_numbers:
+ - sequence: 10
+ type: deny
+ match:
+ - extcommunity ECL-EVPN-SOO
+ - sequence: 20
+ type: permit
+- name: RM-EVPN-SOO-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ set:
+ - extcommunity soo 192.168.42.8:405 additive
+- name: RM-WAN-HA-PEER-IN
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ description: Set tag 50 on routes received from HA peer over EVPN
+ set:
+ - tag 50
+- name: RM-WAN-HA-PEER-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ description: Make EVPN routes learned from WAN less preferred on HA peer
+ match:
+ - route-type internal
+ set:
+ - local-preference 50
+ - sequence: 20
+ type: permit
+ description: Make locally injected routes less preferred on HA peer
+ set:
+ - local-preference 75
+- name: RM-EVPN-EXPORT-VRF-DEFAULT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - extcommunity ECL-EVPN-SOO
+agents:
+- name: KernelFib
+ environment_variables:
+ - name: KERNELFIB_PROGRAM_ALL_ECMP
+ value: '1'
+ip_extcommunity_lists:
+- name: ECL-EVPN-SOO
+ entries:
+ - type: permit
+ extcommunities: soo 192.168.42.8:405
+ip_security:
+ ike_policies:
+ - name: CP-IKE-POLICY
+ local_id: 192.168.142.9
+ sa_policies:
+ - name: DP-SA-POLICY
+ esp:
+ encryption: aes256gcm128
+ pfs_dh_group: 14
+ - name: CP-SA-POLICY
+ esp:
+ encryption: aes256gcm128
+ pfs_dh_group: 14
+ profiles:
+ - name: DP-PROFILE
+ sa_policy: DP-SA-POLICY
+ connection: start
+ shared_key: ABCDEF1234567890666
+ dpd:
+ interval: 10
+ time: 50
+ action: clear
+ mode: transport
+ - name: CP-PROFILE
+ ike_policy: CP-IKE-POLICY
+ sa_policy: CP-SA-POLICY
+ connection: start
+ shared_key: ABCDEF1234567890
+ dpd:
+ interval: 10
+ time: 50
+ action: clear
+ mode: transport
+ key_controller:
+ profile: DP-PROFILE
+management_security:
+ ssl_profiles:
+ - name: profileA
+ certificate:
+ file: profileA.crt
+ key: profileA.key
+ trust_certificate:
+ certificates:
+ - aristaDeviceCertProvisionerDefaultRootCA.crt
+ tls_versions: '1.2'
+router_adaptive_virtual_topology:
+ topology_role: transit region
+ region:
+ name: AVD_Land_West
+ id: 42
+ zone:
+ name: AVD_Land_West-ZONE
+ id: 1
+ site:
+ name: Site405
+ id: 405
+ profiles:
+ - name: DEFAULT-AVT-POLICY-CONTROL-PLANE
+ load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE
+ - name: DEFAULT-AVT-POLICY-VIDEO
+ load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO
+ - name: DEFAULT-AVT-POLICY-DEFAULT
+ load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT
+ - name: PROD-AVT-POLICY-VOICE
+ load_balance_policy: LB-PROD-AVT-POLICY-VOICE
+ - name: PROD-AVT-POLICY-VIDEO
+ load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
+ - name: PROD-AVT-POLICY-MPLS-ONLY
+ load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-DEFAULT
+ load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
+ vrfs:
+ - name: default
+ policy: DEFAULT-AVT-POLICY-WITH-CP
+ profiles:
+ - name: DEFAULT-AVT-POLICY-CONTROL-PLANE
+ id: 254
+ - name: DEFAULT-AVT-POLICY-VIDEO
+ id: 3
+ - name: DEFAULT-AVT-POLICY-DEFAULT
+ id: 1
+ - name: PROD
+ policy: PROD-AVT-POLICY
+ profiles:
+ - name: PROD-AVT-POLICY-VOICE
+ id: 2
+ - name: PROD-AVT-POLICY-VIDEO
+ id: 4
+ - name: PROD-AVT-POLICY-MPLS-ONLY
+ id: 5
+ - name: PROD-AVT-POLICY-DEFAULT
+ id: 1
+ - name: IT
+ policy: DEFAULT-AVT-POLICY
+ profiles:
+ - name: DEFAULT-AVT-POLICY-VIDEO
+ id: 3
+ - name: DEFAULT-AVT-POLICY-DEFAULT
+ id: 1
+ policies:
+ - name: DEFAULT-AVT-POLICY-WITH-CP
+ matches:
+ - application_profile: APP-PROFILE-CONTROL-PLANE
+ avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE
+ - application_profile: VIDEO
+ avt_profile: DEFAULT-AVT-POLICY-VIDEO
+ - application_profile: default
+ avt_profile: DEFAULT-AVT-POLICY-DEFAULT
+ - name: PROD-AVT-POLICY
+ matches:
+ - application_profile: VOICE
+ avt_profile: PROD-AVT-POLICY-VOICE
+ - application_profile: VIDEO
+ avt_profile: PROD-AVT-POLICY-VIDEO
+ - application_profile: MPLS-ONLY
+ avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: default
+ avt_profile: PROD-AVT-POLICY-DEFAULT
+ - name: DEFAULT-AVT-POLICY
+ matches:
+ - application_profile: VIDEO
+ avt_profile: DEFAULT-AVT-POLICY-VIDEO
+ - application_profile: default
+ avt_profile: DEFAULT-AVT-POLICY-DEFAULT
+router_bfd:
+ multihop:
+ interval: 300
+ min_rx: 300
+ multiplier: 3
+router_path_selection:
+ tcp_mss_ceiling:
+ ipv4_segment_size: auto
+ path_groups:
+ - name: INET
+ id: 101
+ local_interfaces:
+ - name: Ethernet1.42
+ stun:
+ server_profiles:
+ - INET-cv-pathfinder-pathfinder-Ethernet1
+ - INET-cv-pathfinder-pathfinder-Ethernet3
+ dynamic_peers:
+ enabled: true
+ static_peers:
+ - router_ip: 192.168.144.1
+ name: cv-pathfinder-pathfinder
+ ipv4_addresses:
+ - 172.17.7.7
+ - 10.9.9.9
+ ipsec_profile: CP-PROFILE
+ - name: LAN_HA
+ id: 65535
+ flow_assignment: lan
+ local_interfaces:
+ - name: Port-Channel666
+ static_peers:
+ - router_ip: 192.168.142.8
+ name: cv-pathfinder-edge4A
+ ipv4_addresses:
+ - 10.10.10.1
+ load_balance_policies:
+ - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ - name: LB-DEFAULT-AVT-POLICY-VIDEO
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ - name: LB-DEFAULT-AVT-POLICY-DEFAULT
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-VOICE
+ path_groups:
+ - name: INET
+ priority: 2
+ - name: LAN_HA
+ jitter: 42
+ lowest_hop_count: true
+ - name: LB-PROD-AVT-POLICY-VIDEO
+ path_groups:
+ - name: INET
+ priority: 2
+ - name: LAN_HA
+ loss_rate: '42.0'
+ - name: LB-PROD-AVT-POLICY-MPLS-ONLY
+ path_groups:
+ - name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-DEFAULT
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+router_traffic_engineering:
+ enabled: true
+stun:
+ client:
+ server_profiles:
+ - name: INET-cv-pathfinder-pathfinder-Ethernet1
+ ip_address: 172.17.7.7
+ ssl_profile: profileA
+ - name: INET-cv-pathfinder-pathfinder-Ethernet3
+ ip_address: 10.9.9.9
+ ssl_profile: profileA
+application_traffic_recognition:
+ application_profiles:
+ - name: VIDEO
+ categories:
+ - name: VIDEO1
+ applications:
+ - name: CUSTOM-APPLICATION-1
+ - name: skype
+ application_transports:
+ - rtp
+ - name: VOICE
+ applications:
+ - name: CUSTOM-VOICE-APPLICATION
+ - name: MPLS-ONLY
+ - name: APP-PROFILE-CONTROL-PLANE
+ applications:
+ - name: APP-CONTROL-PLANE
+ categories:
+ - name: VIDEO1
+ applications:
+ - name: CUSTOM-APPLICATION-2
+ - name: CUSTOM-DSCP-APPLICATION
+ - name: microsoft-teams
+ applications:
+ ipv4_applications:
+ - name: CUSTOM-APPLICATION-1
+ protocols:
+ - tcp
+ src_prefix_set_name: CUSTOM-SRC-PREFIX-1
+ dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
+ - name: CUSTOM-APPLICATION-2
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-2
+ tcp_dest_port_set_name: TCP-DEST-2
+ - name: CUSTOM-DSCP-APPLICATION
+ dscp_ranges:
+ - ef
+ - 12-14
+ - cs6
+ - '42'
+ - name: APP-CONTROL-PLANE
+ dest_prefix_set_name: PFX-PATHFINDERS
+ field_sets:
+ l4_ports:
+ - name: TCP-SRC-2
+ port_values:
+ - '42'
+ - name: TCP-DEST-2
+ port_values:
+ - '666'
+ - '777'
+ ipv4_prefixes:
+ - name: CUSTOM-SRC-PREFIX-1
+ prefix_values:
+ - 42.42.42.0/24
+ - name: CUSTOM-DEST-PREFIX-1
+ prefix_values:
+ - 6.6.6.0/24
+ - name: PFX-PATHFINDERS
+ prefix_values:
+ - 192.168.144.1/32
+dps_interfaces:
+- name: Dps1
+ description: DPS Interface
+ mtu: 9194
+ ip_address: 192.168.142.9/32
+ flow_tracker:
+ hardware: FLOW-TRACKER
+vxlan_interface:
+ vxlan1:
+ description: cv-pathfinder-edge4B_VTEP
+ vxlan:
+ udp_port: 4789
+ source_interface: Dps1
+ vrfs:
+ - name: default
+ vni: 1
+ - name: IT
+ vni: 100
+ - name: PROD
+ vni: 42
+flow_tracking:
+ hardware:
+ trackers:
+ - name: FLOW-TRACKER
+ record_export:
+ on_inactive_timeout: 70000
+ on_interval: 300000
+ exporters:
+ - name: CV-TELEMETRY
+ collector:
+ host: 127.0.0.1
+ local_interface: Loopback0
+ template_interval: 3600000
+ shutdown: false
+metadata:
+ cv_tags:
+ device_tags:
+ - name: Role
+ value: transit region
+ - name: Region
+ value: AVD_Land_West
+ - name: Zone
+ value: AVD_Land_West-ZONE
+ - name: Site
+ value: Site405
+ interface_tags:
+ - interface: Ethernet1.42
+ tags:
+ - name: Type
+ value: wan
+ - name: Carrier
+ value: Comcast
+ - interface: Ethernet1
+ tags:
+ - name: Type
+ value: lan
+ - interface: Ethernet42
+ tags:
+ - name: Type
+ value: lan
+ - interface: Ethernet43
+ tags:
+ - name: Type
+ value: lan
+ cv_pathfinder:
+ role: transit region
+ ssl_profile: profileA
+ vtep_ip: 192.168.142.9
+ region: AVD_Land_West
+ zone: AVD_Land_West-ZONE
+ site: Site405
+ interfaces:
+ - name: Ethernet1.42
+ carrier: Comcast
+ pathgroup: INET
+ pathfinders:
+ - vtep_ip: 192.168.144.1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
index 06c589e4129..b901cf77a1a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
@@ -583,7 +583,11 @@ metadata:
- name: Site404
id: 404
location:
- address: Not Found
+ address: Atlantis
+ - name: Site405
+ id: 405
+ location:
+ address: El Dorado
- name: Site422
id: 422
location:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
index 6b51ead9bba..e1a7ea9fbd9 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
@@ -591,7 +591,11 @@ metadata:
- name: Site404
id: 404
location:
- address: Not Found
+ address: Atlantis
+ - name: Site405
+ id: 405
+ location:
+ address: El Dorado
- name: Site422
id: 422
location:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
index 21e8b906ff3..ccec3bd5e3a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
@@ -612,7 +612,11 @@ metadata:
- name: Site404
id: 404
location:
- address: Not Found
+ address: Atlantis
+ - name: Site405
+ id: 405
+ location:
+ address: El Dorado
- name: Site422
id: 422
location:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
index b02008dfd6a..69a762c9b73 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
@@ -24,7 +24,10 @@ cv_pathfinder_regions:
sites:
- name: Site404
id: 404
- location: Not Found
+ location: Atlantis
+ - name: Site405
+ id: 405
+ location: El Dorado
- name: Site422
id: 422
location: Somewhere
@@ -292,6 +295,8 @@ wan_router:
ip_address: 172.16.6.6/31
# SITE_HA_ENABLED_DIRECT_HA
+ # One interface disable usage of port-channel
+ # test flow-tracking on ethernet interface for direct HA
- group: Site404
cv_pathfinder_region: AVD_Land_West
cv_pathfinder_site: Site404
@@ -301,6 +306,10 @@ wan_router:
# Test wan_ha mtu
mtu: 9100
ha_ipv4_pool: 10.10.10.0/24
+ # Check flow tracking on ethernet interface
+ flow_tracking:
+ enabled: true
+ use_port_channel_for_direct_ha: false
nodes:
- name: cv-pathfinder-edge3A
id: 6
@@ -318,6 +327,41 @@ wan_router:
wan_circuit_id: 10423
ip_address: 172.15.6.6/31
+ # SITE_HA_ENABLED_DIRECT_HA
+ # Multiple interfaces in port-channel for direct HA
+ # test changing port-channel ID
+ - group: SITE_DIRECT_HA_PORT_CHANNEL
+ cv_pathfinder_transit_mode: region
+ cv_pathfinder_region: AVD_Land_West
+ cv_pathfinder_site: Site405
+ # Disable HA IPsec
+ wan_ha:
+ enabled: true # TODO AVD4.8.0: Remove once WAN HA is GA.
+ ipsec: false
+ ha_interfaces: [Ethernet42, Ethernet43]
+ ha_ipv4_pool: 10.10.10.0/24
+ # Check flow tracking on port-channel
+ flow_tracking:
+ enabled: true
+ # Testing overwriting port-channel ID
+ port_channel_id: 666
+ nodes:
+ - name: cv-pathfinder-edge4A
+ id: 8
+ l3_interfaces:
+ - name: Ethernet1.42
+ wan_carrier: Comcast
+ dhcp_accept_default_route: true
+ ip_address: dhcp
+ - name: cv-pathfinder-edge4B
+ cv_pathfinder_region: AVD_Land_West
+ id: 9
+ l3_interfaces:
+ - name: Ethernet1.42
+ wan_carrier: Comcast
+ dhcp_accept_default_route: true
+ ip_address: dhcp
+
# Fake DC1
l3leaf:
defaults:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml
index 730a3641a60..f06a89ef7f6 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml
@@ -373,6 +373,10 @@ all:
hosts:
cv-pathfinder-edge3A:
cv-pathfinder-edge3B:
+ SITE_DIRECT_HA_PORT_CHANNEL:
+ hosts:
+ cv-pathfinder-edge4A:
+ cv-pathfinder-edge4B:
SITE_HA_DISABLED:
hosts:
cv-pathfinder-edge:
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/how-to/wan.md b/ansible_collections/arista/avd/roles/eos_designs/docs/how-to/wan.md
index eb38bf1f6c6..d5e6ee50fc2 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/how-to/wan.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/how-to/wan.md
@@ -709,13 +709,32 @@ reused when adding LAN protocols to help understand the changes.
#### LAN HA common configuration
-EOS (and hence AVD) supports maximum 2 routers for HA. To establish LAN HA the requirements are the following:
+EOS (and hence AVD) supports maximum 2 routers for HA. To be considered as HA nodes, they need to belong to the same node_group as below:
+
+```yaml
+wan_router:
+ node_groups:
+ - group: Site42
+ cv_pathfinder_region: AVD_Land_West
+ cv_pathfinder_site: Site42
+ wan_ha:
+ enabled: true
+ nodes:
+ - name: node1
+ id: 1
+ [...]
+ - name: node2
+ id: 1
+ [...]
+```
+
+To establish LAN HA the requirements are the following:
- The HA tunnels can be established only in the default VRF (EOS limitation)
- The HA interfaces must be able to establish IPSec tunnels between each other. This implies that if the interfaces are on different subnet, the LAN must be able to route traffic between each interface.
- EVPN Gateway is used to exchange the routes between the HA peers configured as follow - the advantage is that it caters for all VRFs and the default VRF export route-map is still valid.
-By default, AVD uses the uplinks as the HA links. It is possible to override this by setting a single interface to be used as the *Direct HA link*:
+By default, AVD uses the uplinks as the HA links. It is possible to override this by setting a list of interfaces to be used as the *Direct HA links*:
```yaml
wan_router:
@@ -729,12 +748,17 @@ wan_router:
ha_ipv4_pool: 10.10.10.0/24 # (2)!
```
-1. Select the interface for HA, it can either be a way to select ONE interface for Direct HA, or to filter some of the uplink HA interfaces.
+1. Select the interface for HA, it can either be a way to select one or more interface(s) for Direct HA, or to filter some of the uplink HA interfaces.
2. Prefix to use to allocate the IP address for the direct HA link.
!!! warning
- Only one interface can be used for Direct HA today in AVD.
+ For direct HA, AVD will configure a port-channel by default.
+ This feature was introduced recently in EOS and may not be supported on your version.
+
+ If it is the case, only one interface can be used for Direct HA, and the port-channel creation can be disabled using `wan_ha.use_port_channel_for_direct_ha: false`.
+
+ It is *not* possible to use multiple direct HA links while disabling the port-channel.
From a configuration standpoint:
@@ -809,6 +833,15 @@ In the situation where the LAN is EBGP but HA is configured over a direct link,
+!!! warning
+
+ For direct HA, AVD will configure a port-channel by default.
+ This feature was introduced recently in EOS and may not be supported on your version.
+
+ If it is the case, only one interface can be used for Direct HA, and the port-channel creation can be disabled using `wan_ha.use_port_channel_for_direct_ha: false`.
+
+ It is *not* possible to use multiple direct HA links while disabling the port-channel.
+
#### OSPF LAN (NOT SUPPORTED)
!!! danger "NOT SUPPORTED"
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md
index b396664d70a..1a1a0a5d0ea 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md
@@ -21,6 +21,8 @@
| [ - <str>](## ".defaults.wan_ha.ha_interfaces.[]") | String | | | Pattern: `Ethernet[\d/]+` | |
| [ ha_ipv4_pool](## ".defaults.wan_ha.ha_ipv4_pool") | String | | | Format: ipv4_cidr | IP address pool used for WAN HA connectivity.
IP is derived from the node ID.
Not used for uplink interfaces. |
| [ max_ha_interfaces](## ".defaults.wan_ha.max_ha_interfaces") | Integer | | | | Number of parallel links towards HA switches.
Can be used to reserve IP addresses for future parallel HA links. |
+ | [ port_channel_id](## ".defaults.wan_ha.port_channel_id") | Integer | | | | Port-channel ID to use for direct HA. |
+ | [ use_port_channel_for_direct_ha](## ".defaults.wan_ha.use_port_channel_for_direct_ha") | Boolean | | `True` | | Enable or disable using a port-channel interface for direct HA when there is only one interface.
This feature was introduced in EOS 4.33.0F. |
| [ flow_tracking](## ".defaults.wan_ha.flow_tracking") | Dictionary | | | | Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` setting. |
| [ enabled](## ".defaults.wan_ha.flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".defaults.wan_ha.flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
@@ -41,6 +43,8 @@
| [ - <str>](## ".node_groups.[].nodes.[].wan_ha.ha_interfaces.[]") | String | | | Pattern: `Ethernet[\d/]+` | |
| [ ha_ipv4_pool](## ".node_groups.[].nodes.[].wan_ha.ha_ipv4_pool") | String | | | Format: ipv4_cidr | IP address pool used for WAN HA connectivity.
IP is derived from the node ID.
Not used for uplink interfaces. |
| [ max_ha_interfaces](## ".node_groups.[].nodes.[].wan_ha.max_ha_interfaces") | Integer | | | | Number of parallel links towards HA switches.
Can be used to reserve IP addresses for future parallel HA links. |
+ | [ port_channel_id](## ".node_groups.[].nodes.[].wan_ha.port_channel_id") | Integer | | | | Port-channel ID to use for direct HA. |
+ | [ use_port_channel_for_direct_ha](## ".node_groups.[].nodes.[].wan_ha.use_port_channel_for_direct_ha") | Boolean | | `True` | | Enable or disable using a port-channel interface for direct HA when there is only one interface.
This feature was introduced in EOS 4.33.0F. |
| [ flow_tracking](## ".node_groups.[].nodes.[].wan_ha.flow_tracking") | Dictionary | | | | Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` setting. |
| [ enabled](## ".node_groups.[].nodes.[].wan_ha.flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".node_groups.[].nodes.[].wan_ha.flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
@@ -57,6 +61,8 @@
| [ - <str>](## ".node_groups.[].wan_ha.ha_interfaces.[]") | String | | | Pattern: `Ethernet[\d/]+` | |
| [ ha_ipv4_pool](## ".node_groups.[].wan_ha.ha_ipv4_pool") | String | | | Format: ipv4_cidr | IP address pool used for WAN HA connectivity.
IP is derived from the node ID.
Not used for uplink interfaces. |
| [ max_ha_interfaces](## ".node_groups.[].wan_ha.max_ha_interfaces") | Integer | | | | Number of parallel links towards HA switches.
Can be used to reserve IP addresses for future parallel HA links. |
+ | [ port_channel_id](## ".node_groups.[].wan_ha.port_channel_id") | Integer | | | | Port-channel ID to use for direct HA. |
+ | [ use_port_channel_for_direct_ha](## ".node_groups.[].wan_ha.use_port_channel_for_direct_ha") | Boolean | | `True` | | Enable or disable using a port-channel interface for direct HA when there is only one interface.
This feature was introduced in EOS 4.33.0F. |
| [ flow_tracking](## ".node_groups.[].wan_ha.flow_tracking") | Dictionary | | | | Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` setting. |
| [ enabled](## ".node_groups.[].wan_ha.flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".node_groups.[].wan_ha.flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
@@ -75,6 +81,8 @@
| [ - <str>](## ".nodes.[].wan_ha.ha_interfaces.[]") | String | | | Pattern: `Ethernet[\d/]+` | |
| [ ha_ipv4_pool](## ".nodes.[].wan_ha.ha_ipv4_pool") | String | | | Format: ipv4_cidr | IP address pool used for WAN HA connectivity.
IP is derived from the node ID.
Not used for uplink interfaces. |
| [ max_ha_interfaces](## ".nodes.[].wan_ha.max_ha_interfaces") | Integer | | | | Number of parallel links towards HA switches.
Can be used to reserve IP addresses for future parallel HA links. |
+ | [ port_channel_id](## ".nodes.[].wan_ha.port_channel_id") | Integer | | | | Port-channel ID to use for direct HA. |
+ | [ use_port_channel_for_direct_ha](## ".nodes.[].wan_ha.use_port_channel_for_direct_ha") | Boolean | | `True` | | Enable or disable using a port-channel interface for direct HA when there is only one interface.
This feature was introduced in EOS 4.33.0F. |
| [ flow_tracking](## ".nodes.[].wan_ha.flow_tracking") | Dictionary | | | | Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` setting. |
| [ enabled](## ".nodes.[].wan_ha.flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".nodes.[].wan_ha.flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
@@ -149,6 +157,13 @@
# Can be used to reserve IP addresses for future parallel HA links.
max_ha_interfaces:
+ # Port-channel ID to use for direct HA.
+ port_channel_id:
+
+ # Enable or disable using a port-channel interface for direct HA when there is only one interface.
+ # This feature was introduced in EOS 4.33.0F.
+ use_port_channel_for_direct_ha:
+
# Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` setting.
flow_tracking:
enabled:
@@ -233,6 +248,13 @@
# Can be used to reserve IP addresses for future parallel HA links.
max_ha_interfaces:
+ # Port-channel ID to use for direct HA.
+ port_channel_id:
+
+ # Enable or disable using a port-channel interface for direct HA when there is only one interface.
+ # This feature was introduced in EOS 4.33.0F.
+ use_port_channel_for_direct_ha:
+
# Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` setting.
flow_tracking:
enabled:
@@ -304,6 +326,13 @@
# Can be used to reserve IP addresses for future parallel HA links.
max_ha_interfaces:
+ # Port-channel ID to use for direct HA.
+ port_channel_id:
+
+ # Enable or disable using a port-channel interface for direct HA when there is only one interface.
+ # This feature was introduced in EOS 4.33.0F.
+ use_port_channel_for_direct_ha:
+
# Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` setting.
flow_tracking:
enabled:
@@ -381,6 +410,13 @@
# Can be used to reserve IP addresses for future parallel HA links.
max_ha_interfaces:
+ # Port-channel ID to use for direct HA.
+ port_channel_id:
+
+ # Enable or disable using a port-channel interface for direct HA when there is only one interface.
+ # This feature was introduced in EOS 4.33.0F.
+ use_port_channel_for_direct_ha:
+
# Configures flow-tracking on the HA interfaces. Overrides `fabric_flow_tracking.wan_ha_links` setting.
flow_tracking:
enabled:
diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml
index 708b157e464..010e736e7c6 100644
--- a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml
+++ b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml
@@ -9093,6 +9093,18 @@ $defs:
description: 'Number of parallel links towards HA switches.
Can be used to reserve IP addresses for future parallel HA links.'
+ port_channel_id:
+ type: int
+ convert_types:
+ - str
+ description: Port-channel ID to use for direct HA.
+ use_port_channel_for_direct_ha:
+ type: bool
+ default: true
+ description: 'Enable or disable using a port-channel interface for
+ direct HA when there is only one interface.
+
+ This feature was introduced in EOS 4.33.0F.'
flow_tracking:
type: dict
$ref: eos_designs#/$defs/flow_tracking_link
diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml
index c16592d7a63..dfad31b8b6c 100644
--- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml
+++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml
@@ -1341,6 +1341,18 @@ $defs:
description: |-
Number of parallel links towards HA switches.
Can be used to reserve IP addresses for future parallel HA links.
+ port_channel_id:
+ type: int
+ convert_types:
+ - str
+ description: |-
+ Port-channel ID to use for direct HA.
+ use_port_channel_for_direct_ha:
+ type: bool
+ default: true
+ description: |-
+ Enable or disable using a port-channel interface for direct HA when there is only one interface.
+ This feature was introduced in EOS 4.33.0F.
flow_tracking:
type: dict
$ref: "eos_designs#/$defs/flow_tracking_link"
diff --git a/python-avd/pyavd/_eos_designs/shared_utils/flow_tracking.py b/python-avd/pyavd/_eos_designs/shared_utils/flow_tracking.py
index 08bc391a594..b6b962068b1 100644
--- a/python-avd/pyavd/_eos_designs/shared_utils/flow_tracking.py
+++ b/python-avd/pyavd/_eos_designs/shared_utils/flow_tracking.py
@@ -69,6 +69,7 @@ def get_flow_tracker(
"mlag_interfaces",
"l3_interfaces",
"dps_interfaces",
+ "direct_wan_ha_links",
],
) -> dict:
"""Return flow_tracking settings for a link, falling back to the fabric flow_tracking_settings if not defined."""
diff --git a/python-avd/pyavd/_eos_designs/shared_utils/wan.py b/python-avd/pyavd/_eos_designs/shared_utils/wan.py
index a74d23a24b5..6876a9d1a1b 100644
--- a/python-avd/pyavd/_eos_designs/shared_utils/wan.py
+++ b/python-avd/pyavd/_eos_designs/shared_utils/wan.py
@@ -4,6 +4,7 @@
from __future__ import annotations
from functools import cached_property
+from re import findall
from typing import TYPE_CHECKING, Literal
from pyavd._errors import AristaAvdError, AristaAvdMissingVariableError
@@ -360,18 +361,13 @@ def filtered_wan_route_servers(self: SharedUtils) -> dict:
f"'vtep_ip' is missing for peering with {wan_rs}, either set it in under 'wan_route_servers' or something is wrong with the peer"
" facts."
)
- raise AristaAvdMissingVariableError(
- msg,
- )
+ raise AristaAvdMissingVariableError(msg)
if wan_path_groups is None:
msg = (
f"'wan_path_groups' is missing for peering with {wan_rs}, either set it in under 'wan_route_servers'"
" or something is wrong with the peer facts."
)
- raise AristaAvdMissingVariableError(
- msg,
- )
-
+ raise AristaAvdMissingVariableError(msg)
else:
# Retrieve the values from the dictionary, making them required if the peer_facts were not found
vtep_ip = get(wan_rs_dict, "vtep_ip", required=True)
@@ -515,16 +511,21 @@ def vrf_default_uplink_interfaces(self: SharedUtils) -> list:
@cached_property
def use_uplinks_for_wan_ha(self: SharedUtils) -> bool:
- """Return true or false."""
+ """
+ Indicates whether the device is using its uplinks for WAN HA or direct HA.
+
+ Returns:
+ bool: True if uplinks are used for HA, False otherwise
+
+ Raises:
+ AristaAvdError: when the list of configured interfaces is a mix of uplinks and none uplinks.
+ """
interfaces = set(self.configured_wan_ha_interfaces)
uplink_interfaces = set(self.vrf_default_uplink_interfaces)
if interfaces.issubset(uplink_interfaces):
return True
if not interfaces.intersection(uplink_interfaces):
- if len(interfaces) > 1:
- msg = "AVD does not support multiple HA interfaces when not using uplinks."
- raise AristaAvdError(msg)
return False
msg = "Either all `wan_ha.ha_interfaces` must be uplink interfaces or all of them must not be uplinks."
raise AristaAvdError(msg)
@@ -542,6 +543,32 @@ def wan_ha_interfaces(self: SharedUtils) -> list:
# Using node values
return natural_sort(set(self.configured_wan_ha_interfaces), "name")
+ @cached_property
+ def wan_ha_port_channel_id(self: SharedUtils) -> int:
+ """
+ Port-channel ID to use for direct WAN HA port-channel.
+
+ If not provided, computed from the list of configured members.
+ """
+ return get(self.switch_data_combined, "wan_ha.port_channel_id", default=int("".join(findall(r"\d", self.wan_ha_interfaces[0]))))
+
+ @cached_property
+ def use_port_channel_for_direct_ha(self: SharedUtils) -> bool:
+ """
+ Indicate if port-channel should be used for direct HA.
+
+ Returns:
+ bool: False is use_uplinks_for_wan_ha is True
+ True if strictly there is more than one configured wan_ha.interfaces
+ otherwise the value of `wan_ha.use_port_channel_for_direct_ha` which defaults to True.
+ """
+ if self.use_uplinks_for_wan_ha:
+ return False
+
+ interfaces = set(self.configured_wan_ha_interfaces)
+
+ return len(interfaces) > 1 or get(self.switch_data_combined, "wan_ha.use_port_channel_for_direct_ha", True)
+
@cached_property
def wan_ha_peer_ip_addresses(self: SharedUtils) -> list:
"""
@@ -549,11 +576,11 @@ def wan_ha_peer_ip_addresses(self: SharedUtils) -> list:
Used also to generate the prefix list of the PEER HA prefixes.
"""
- interfaces = set(self.configured_wan_ha_interfaces)
ip_addresses = []
if self.use_uplinks_for_wan_ha:
peer_facts = self.get_peer_facts(self.wan_ha_peer, required=True)
vrf_default_peer_uplinks = [uplink for uplink in get(peer_facts, "uplinks", required=True) if get(uplink, "vrf") is None]
+ interfaces = set(self.configured_wan_ha_interfaces)
for uplink in vrf_default_peer_uplinks:
if not interfaces or uplink["interface"] in interfaces:
ip_address = get(
@@ -578,10 +605,10 @@ def wan_ha_ip_addresses(self: SharedUtils) -> list:
Used to generate the prefix list.
"""
- interfaces = set(self.configured_wan_ha_interfaces)
ip_addresses = []
if self.use_uplinks_for_wan_ha:
+ interfaces = set(self.configured_wan_ha_interfaces)
for uplink in self.vrf_default_uplinks:
if not interfaces or uplink["interface"] in interfaces:
ip_address = get(
@@ -614,6 +641,7 @@ def generate_lb_policy_name(self: SharedUtils, name: str) -> str:
@cached_property
def wan_stun_dtls_profile_name(self: SharedUtils) -> str | None:
+ """Return the DTLS profile name to use for STUN for WAN."""
if not self.is_wan_router or get(self.hostvars, "wan_stun_dtls_disable") is True:
return None
diff --git a/python-avd/pyavd/_eos_designs/structured_config/overlay/router_path_selection.py b/python-avd/pyavd/_eos_designs/structured_config/overlay/router_path_selection.py
index 285169fa170..acfd3497703 100644
--- a/python-avd/pyavd/_eos_designs/structured_config/overlay/router_path_selection.py
+++ b/python-avd/pyavd/_eos_designs/structured_config/overlay/router_path_selection.py
@@ -115,11 +115,16 @@ def _generate_ha_path_group(self: AvdStructuredConfigOverlay) -> dict:
if self.shared_utils.is_cv_pathfinder_server:
return ha_path_group
+ if self.shared_utils.use_port_channel_for_direct_ha is True:
+ local_interfaces = [{"name": f"Port-Channel{self.shared_utils.wan_ha_port_channel_id}"}]
+ else:
+ local_interfaces = [{"name": interface} for interface in self.shared_utils.wan_ha_interfaces]
+
# not a pathfinder device
ha_path_group.update(
{
# This should be the LAN interface over which a DPS tunnel is built
- "local_interfaces": [{"name": interface} for interface in self.shared_utils.wan_ha_interfaces],
+ "local_interfaces": local_interfaces,
"static_peers": [
{
"router_ip": self._wan_ha_peer_vtep_ip(),
diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py
index 5033eebe800..896941c93d7 100644
--- a/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py
+++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py
@@ -285,35 +285,75 @@ def ethernet_interfaces(self: AvdStructuredConfigUnderlay) -> list | None:
context_keys=["name", "peer", "peer_interface"],
)
- # WAN HA interfaces for direct connection
- if self.shared_utils.use_uplinks_for_wan_ha is False:
- direct_wan_ha_links_flow_tracker = get(
- self.shared_utils.switch_data_combined,
- "wan_ha.flow_tracker",
- default=self.shared_utils.get_flow_tracker(None, "direct_wan_ha_links"),
+ # WAN HA interface(s) for direct connection
+ for wan_ha_interface in self._get_direct_ha_ethernet_interfaces():
+ append_if_not_duplicate(
+ list_of_dicts=ethernet_interfaces,
+ primary_key="name",
+ new_dict=wan_ha_interface,
+ context=f"L3 Interfaces defined under {self.shared_utils.node_type_key_data['key']} wan_ha.ha_interfaces",
+ context_keys=["name", "peer", "peer_interface"],
)
- for index, interface in enumerate(get(self.shared_utils.switch_data_combined, "wan_ha.ha_interfaces", required=True)):
- ha_interface = {
- "name": interface,
- "switchport": {"enabled": False},
- "peer_type": "l3_interface",
- "peer": self.shared_utils.wan_ha_peer,
- "shutdown": False,
- "description": "DIRECT LAN HA LINK",
- "ip_address": self.shared_utils.wan_ha_ip_addresses[index],
- "flow_tracker": direct_wan_ha_links_flow_tracker,
- "mtu": self.shared_utils.configured_wan_ha_mtu,
- }
-
- append_if_not_duplicate(
- list_of_dicts=ethernet_interfaces,
- primary_key="name",
- new_dict=ha_interface,
- context=f"L3 Interfaces defined under {self.shared_utils.node_type_key_data['key']} wan_ha_interfaces",
- context_keys=["name", "peer", "peer_interface"],
- )
if ethernet_interfaces:
return ethernet_interfaces
return None
+
+ def _get_direct_ha_ethernet_interfaces(self: AvdStructuredConfigUnderlay) -> list:
+ """
+ Return a list of ethernet interfaces to be configured for WAN direct HA.
+
+ Caters for the scenarii where either a port-channel is used or a single l3_interface.
+ """
+ if self.shared_utils.use_uplinks_for_wan_ha:
+ return []
+
+ direct_wan_ha_interfaces = []
+
+ direct_wan_ha_links_flow_tracker = self.shared_utils.get_flow_tracker(get(self.shared_utils.switch_data_combined, "wan_ha"), "direct_wan_ha_links")
+
+ for index, interface in enumerate(get(self.shared_utils.switch_data_combined, "wan_ha.ha_interfaces", required=True)):
+ description = self.shared_utils.interface_descriptions.wan_ha_ethernet_interface(
+ InterfaceDescriptionData(
+ shared_utils=self.shared_utils,
+ interface=interface,
+ peer=self.shared_utils.wan_ha_peer,
+ peer_interface=interface,
+ ),
+ )
+ if self.shared_utils.use_port_channel_for_direct_ha:
+ direct_wan_ha_interfaces.append(
+ {
+ "name": interface,
+ "peer_type": "wan_ha_peer",
+ "peer_interface": interface,
+ "peer": self.shared_utils.wan_ha_peer,
+ "description": description,
+ "shutdown": False,
+ "channel_group": {
+ "id": self.shared_utils.wan_ha_port_channel_id,
+ "mode": "active",
+ },
+ # TODO: do we need speed?
+ # TODO: do we need mtu
+ "mtu": self.shared_utils.configured_wan_ha_mtu,
+ }
+ )
+ else:
+ # Using direct l3 interface
+ direct_wan_ha_interfaces.append(
+ {
+ "name": interface,
+ "switchport": {"enabled": False},
+ "peer_type": "l3_interface",
+ "peer": self.shared_utils.wan_ha_peer,
+ "shutdown": False,
+ "description": description,
+ "ip_address": self.shared_utils.wan_ha_ip_addresses[index],
+ "flow_tracker": direct_wan_ha_links_flow_tracker,
+ "mtu": self.shared_utils.configured_wan_ha_mtu,
+ }
+ )
+
+ return direct_wan_ha_interfaces
diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py
index dde07b26126..f1d144177a0 100644
--- a/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py
+++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py
@@ -6,7 +6,7 @@
from functools import cached_property
from typing import TYPE_CHECKING
-from pyavd._utils import get, short_esi_to_route_target, strip_null_from_data
+from pyavd._utils import append_if_not_duplicate, get, short_esi_to_route_target, strip_null_from_data
from pyavd.api.interface_descriptions import InterfaceDescriptionData
from .utils import UtilsMixin
@@ -107,7 +107,48 @@ def port_channel_interfaces(self: AvdStructuredConfigUnderlay) -> list | None:
port_channel_interfaces.append(port_channel_interface)
+ # WAN HA interface for direct connection
+ if (port_channel_interface := self._get_direct_ha_port_channel_interface()) is not None:
+ append_if_not_duplicate(
+ list_of_dicts=port_channel_interfaces,
+ primary_key="name",
+ new_dict=port_channel_interface,
+ context="Port-Channel interface for WAN direct HA.",
+ context_keys=["name", "peer", "peer_interface"],
+ )
+
if port_channel_interfaces:
return port_channel_interfaces
return None
+
+ def _get_direct_ha_port_channel_interface(self: AvdStructuredConfigUnderlay) -> dict | None:
+ """Return a dict containing the port-channel interface for direct HA."""
+ if not self.shared_utils.use_port_channel_for_direct_ha:
+ return None
+
+ direct_wan_ha_links_flow_tracker = self.shared_utils.get_flow_tracker(get(self.shared_utils.switch_data_combined, "wan_ha"), "direct_wan_ha_links")
+
+ port_channel_name = f"Port-Channel{self.shared_utils.wan_ha_port_channel_id}"
+ description = self.shared_utils.interface_descriptions.wan_ha_port_channel_interface(
+ InterfaceDescriptionData(
+ shared_utils=self.shared_utils,
+ interface=port_channel_name,
+ peer=self.shared_utils.wan_ha_peer,
+ peer_interface=port_channel_name,
+ ),
+ )
+
+ return {
+ "name": port_channel_name,
+ "switchport": {"enabled": False},
+ "peer_type": "l3_interface",
+ # TODO: if different interfaces used across nodes it will fail just like for mlag.
+ "peer_interface": port_channel_name,
+ "peer": self.shared_utils.wan_ha_peer,
+ "shutdown": False,
+ "description": description,
+ "ip_address": self.shared_utils.wan_ha_ip_addresses[0],
+ "flow_tracker": direct_wan_ha_links_flow_tracker,
+ "mtu": self.shared_utils.configured_wan_ha_mtu,
+ }
diff --git a/python-avd/pyavd/api/interface_descriptions/__init__.py b/python-avd/pyavd/api/interface_descriptions/__init__.py
index 87f7d0a8508..8435a00f168 100644
--- a/python-avd/pyavd/api/interface_descriptions/__init__.py
+++ b/python-avd/pyavd/api/interface_descriptions/__init__.py
@@ -410,6 +410,36 @@ def vtep_loopback_interface(self, data: InterfaceDescriptionData) -> str:
return data.description
+ def wan_ha_ethernet_interface(self, data: InterfaceDescriptionData) -> str:
+ """
+ Build WAN HA ethernet interface description.
+
+ Available data:
+ - interface
+ - peer
+ - peer_interface
+ - mpls_overlay_role
+ - mpls_lsr
+ - overlay_routing_protocol
+ - type
+ """
+ return f"WAN_HA_{data.peer}_{data.peer_interface}"
+
+ def wan_ha_port_channel_interface(self, data: InterfaceDescriptionData) -> str:
+ """
+ Build WAN HA port-channel interface description.
+
+ Available data:
+ - interface
+ - peer
+ - peer_interface
+ - mpls_overlay_role
+ - mpls_lsr
+ - overlay_routing_protocol
+ - type
+ """
+ return f"WAN_HA_{data.peer}_{data.peer_interface}"
+
class InterfaceDescriptionData:
"""