vlab: generate wiring for externals #529
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
edipascale
requested review from
Frostman and
Copilot
and removed request for
Frostman and
Copilot
edipascale
force-pushed
the
ema/external-autogen
branch
from
60b442d to
1727b00
Compare
|
I've added commits to also address #522, but we have a problem here:
In terms of having the ci passing, it would be easy enough to add explicit values to the vlab-gen for either the collapsed-core (if we keep the defaults as described above) or the spine-leaf cases (if we do not touch the current default). The question is what is the "least undesirable" option @Frostman |
Frostman
requested changes
Apr 5, 2025
edipascale
force-pushed
the
ema/vlab-external-testing
branch
from
50d6799 to
34d6562
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
from
1727b00 to
d74be05
Compare
edipascale
force-pushed
the
ema/vlab-external-testing
branch
2 times, most recently
from
25246f0 to
a8c57f4
Compare
Frostman
requested changes
Apr 8, 2025
edipascale
force-pushed
the
ema/external-autogen
branch
from
d74be05 to
698fbab
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
from
698fbab to
76bd390
Compare
|
current status:
|
edipascale
force-pushed
the
ema/external-autogen
branch
from
76bd390 to
8222ee8
Compare
I went for the second option but it's not perfect. Technically the issue is not with virtual externals, but with virtual switches attached to any type of externals. Because right now we only have hardware externals connected to hardware switches and virtual externals connected to virtual switches, discarding virtual externals is the easy solution... but we probably want to revisit it.
I've already got an answer from BCM on the case I opened requesting more info, which I provided; let's see if we can get unblocked there. In the meanwhile I reduced the autogenerated external connections from 2 to 1, which should work even with this strange issue. Also I'm seeing several failures in the CI, both here and in other PRs. but they do not appear related to the changes. I'll dig a bit more tomorrow. |
edipascale
force-pushed
the
ema/external-autogen
branch
from
8222ee8 to
44d4e94
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
3 times, most recently
from
a59936d to
358d9e7
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
from
358d9e7 to
db78dc5
Compare
|
@Frostman this is technically ready to review now. I've removed the default external generation as discussed, and added warnings in case an option with multiple external connections is selected. The only thing missing is a run on a physical environment to check whether we need any additional fix for https://github.com/githedgehog/lab/issues/247, unsure whether we want to wait for that before tagging this as ready |
edipascale
force-pushed
the
ema/external-autogen
branch
from
db78dc5 to
e829871
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
2 times, most recently
from
7d0e6a3 to
9045927
Compare
|
@Frostman I've also added an iptable rule to mimic the ACL to drop fabric-to-fabric traffic that we recently added on the ds2000-01, it appears to work: and |
There was a problem hiding this comment.
Pull Request Overview
This PR adds functionality to generate wiring for external connections as part of the VLAB generation process. It introduces parameters to control the number of externals and external connections created, with placement options for MCLAG, ESLAG, or orphan leaves.
- Adds new CLI flags for configuring external generation parameters
- Improves external connection validation and error handling in VLAB config
- Updates BGP configuration template for better multipath support
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/hhfab/vlabconfig.go | Enhanced external connection validation logic with better error handling for mixed hardware/virtual scenarios |
| pkg/hhfab/vlabbuilder.go | Added external generation functionality with new parameters and connection creation methods |
| pkg/hhfab/vlab_external_butane.tmpl.yaml | Updated BGP configuration to enable multipath-relax and improved routing policies |
| pkg/hhfab/release.go | Refactored external detection logic and removed NamedExternal skip flag |
| cmd/hhfab/main.go | Added CLI flags for external configuration parameters |
Comments suppressed due to low confidence (2)
pkg/hhfab/vlabbuilder.go:932
- [nitpick] The comment removal
//nolint:unparamsuggests this function now returns different error types, but the function signature and implementation appear unchanged. Consider adding back the nolint comment if the function still always returns the same error pattern, or document why it was removed.
func (b *VLABBuilder) createConnection(ctx context.Context, spec wiringapi.ConnectionSpec) (*wiringapi.Connection, error) {
pkg/hhfab/vlabbuilder.go:782
- [nitpick] The use of double hyphens '--' in the attachment name could be confusing and may cause parsing issues. Consider using a single hyphen or underscore for better readability and consistency.
extAttachName := fmt.Sprintf("%s--%s", conn.Spec.External.Link.Switch.DeviceName(), ext.Name)
c9be7a7 to
822128a
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
from
822128a to
79c60af
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
2 times, most recently
from
59e6912 to
2a5ecf3
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
from
2a5ecf3 to
d6a2c6d
Compare
edipascale
force-pushed
the
ema/external-autogen
branch
3 times, most recently
from
51d4625 to
41c914f
Compare
Frostman
approved these changes
Sep 30, 2025
Frostman
added
ci:+release
to speed up testing with the new external spawn options, auto generate wirings for externals if desired Signed-off-by: Emanuele Di Pascale <[email protected]>
use the first hardware external if we find any. If not, look for virtual externals that are attached over hardware connections, i.e. to hardware switches. The problem being that virtual switches do not support ACLs and so multiple external peerings will also make those VPCs peer among each other, breaking the tests. Also warn about conditions that will lead to some tests being skipped. Signed-off-by: Emanuele Di Pascale <[email protected]>
if no [mclag/eslag] leaves are present, the corresponding servers will not be generated, but the log output was still mentioning the default values, which can be confusing. Signed-off-by: Emanuele Di Pascale <[email protected]>
* add 'bestpath as-path multipath relax' to have multiple ECMP routes to the vpc subnets in case of multiple external connections in the same VRF * remove the 'maximum-paths 1' constraint for the same reason * enable 'soft-reconfiguration inbound' for troubleshooting Signed-off-by: Emanuele Di Pascale <[email protected]>
the previous check was skipping external connections that were hardware annotated, but that is incorrect. what we really want is to perform the extra config steps (adding a link towards the externals and the VRF information) only if the connection goes to a virtual externals. the check is slightly complicated by the fact that we need to iterate over the attachments, but now things should work properly. Signed-off-by: Emanuele Di Pascale <[email protected]>
similar to what we do in the hardware external right now, to avoid peering VPCs at the external Signed-off-by: Emanuele Di Pascale <[email protected]>
the warning is easy to miss and then we end up spending a lot of time troubleshooting this. I'm keeping the option to force this with a --yes flag because we might still want to test this in the future, or use the generated yaml as a base that will be edited afterwards. Signed-off-by: Emanuele Di Pascale <[email protected]>
edipascale
force-pushed
the
ema/external-autogen
branch
from
41c914f to
4b56721
Compare
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generate wirings for externals as part of hhfab vlab gen. Add parameters to determine how many externals and external connections are created, and where the ext. connections are placed (i.e. mclag, eslag or orphan leaves).
All attachments are currently vlan tagged, I didn't want to over complicate things with extra params for untagged.
Also all externals are in the same namespace, and attachments are created for all externals and all connections.
Closes: #521