Enhance Overlapping VLAN pools check #155
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current
overlapping_vlan_pools_check
only checks whether each EPG has multiple domains and whether or not those domains have VLAN pools with overlapping VLAN IDs. It does not check the VLAN or interfaces used in those EPGs.The current implementation can warn users about the potential risk of overlapping VLAN pools and highly encourage them to check their design and implementation. However, this can be a daunting task.
The enhancement in this PR checks the VLAN and interfaces in those EPGs along with the VLAN scope (portlocal/global) to show users the exact VLAN ID and interfaces that are using the overlapping VLAN pools along with their impact. This can reduce the amount of configurations to be examined by users, and can also prevent a potential false alarm that may occur with the current implementation, such as when the EPG does have overlapping VLAN pools but the VLAN used in the EPG is not in the overlapping range.
In the examples below,
TN1:AP1:EPG1
is listed as one of the problematic ones in the current implementation. However, it is not listed in the new output with the enhancement because the VLAN used in the EPG is not in the overlapping ranges of those pools.The new output also shows different impacts for each VLAN and interface. The main difference is whether the affected VLAN is implemented on a vPC or not. In such as case, the impact is shown as
Outage
because it affects not only the flooding scope but also the endpoint learning. More detailed explanations and examples were added in the github doc with this PR.Current Output Example
New Output Example
When there are only non-vPC ports using the overlapping VLAN pools, the overall check result shows
MANUAL_CHECK_REQUIRED
instead ofFAIL - OUTAGE WARNING!!
because the flooding scope inconsistency with overlapping VLAN pools typically impacts only STP BPDUs unless Flood-in-Encap is used. In the case of STP BPDUs, the impact may be negligible when the VLANs are purely for server connectivity.New Output Example