Merge branch 'devel' into cv_deploy-molecule-update

.github/workflows/pull-request-management.yml

@@ -458,7 +458,7 @@ jobs:
         # The version conflicts with our requirements,
         # so we let the galaxy-importer version resolve remaining requirements.
         run: |
-          pip install "galaxy-importer==0.4.22"
+          pip install "galaxy-importer==0.4.25"
       - name: 'Build ansible package'
         run: make collection-build
       - name: 'Run galaxy-importer checks'

.pre-commit-config.yaml

@@ -75,7 +75,7 @@ repos:
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.6.7
+    rev: v0.6.8
     hooks:
       # Run the linter.
       - id: ruff
@@ -85,7 +85,7 @@ repos:
       - id: ruff-format
 
   - repo: https://github.com/pycqa/pylint
-    rev: "v3.3.0"
+    rev: "v3.3.1"
     hooks:
       - id: pylint # Use pylintrc file in repository
         name: Check for Linting errors on Python files outside the Ansible collection.
@@ -213,7 +213,7 @@ repos:
         additional_dependencies: ['Jinja2>=3.0.0', 'cryptography>=38.0.4', 'deepmerge>=1.1.0']
 
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.41.0
+    rev: v0.42.0
     hooks:
       - id: markdownlint
         name: Check for Linting errors on Markdown files with settings defined in `.github/.markdownlint.yaml`.

ansible_collections/arista/avd/docs/porting-guides/5.x.x.md

@@ -391,6 +391,40 @@ The description can be reverted manually if needed:
 +vtep_loopback_description: "VTEP_VXLAN_Tunnel_Source"
 ```
 
+#### Underlay point-to-point L3 ethernet interfaces
+
+The interface description for the L3 point-to-point interfaces changes to `P2P_<peer>_<peer_interface>_VRF_<vrf>`. Previously the description was `P2P_LINK_TO_<peer | upper>_<peer_interface>_vrf_<vrf>`. The VRF suffix is only added when using `uplink_type: p2p-vrfs`.
+
+The interfaces using this are routed uplinks and `p2p_links` defined under `l3_edge` or `core_interfaces`.
+
+Setting the description directly on `p2p_links` defined under `l3_edge` or `core_interfaces` still takes precedence.
+
+The default descriptions can be reverted manually if needed:
+
+```diff
++default_underlay_p2p_ethernet_description: "P2P_LINK_TO_{peer!u}_{peer_interface}{vrf?<_vrf_}"
+```
+
+The description fields support templates. See the input variables documentation for available fields.
+
+#### Underlay point-to-point L3 port-channel interfaces
+
+The interface description for the L3 point-to-point port-channels changes to `P2P_<peer>_<peer_interface>`. Previously the default description was `P2P_LINK_TO_<peer>_<peer_interface>`.
+
+The port-channels using this are `p2p_links` defined under `l3_edge` or `core_interfaces`.
+
+Setting the description directly on `p2p_links` defined under `l3_edge` or `core_interfaces` still takes precedence.
+
+In AVD 5.0.0 it is also possible to control the port-channel description separately by setting the `description` key under `port_channel`. It will replace the full port-channel interface description.
+
+The default descriptions can be reverted manually if needed:
+
+```diff
++default_underlay_p2p_port_channel_description: "P2P_LINK_TO_{peer}_{peer_interface}"
+```
+
+The description fields support templates. See the input variables documentation for available fields.
+
 #### Out-of-band management interface
 
 The default interface description for the management interface changes to `OOB_MANAGEMENT`.
@@ -832,6 +866,42 @@ To retain the vxlan encapsulation on WAN EVPN iBGP peerings use `wan_encapsulati
 + wan_encapsulation: vxlan
 ```
 
+### PREVIEW WAN HA Direct Link now uses Port-Channel by default
+
+For WAN direct HA, AVD will now configure a port-channel by default. This feature was introduced in EOS 4.33.0F.
+
+To retain the previous configuration use custom_platform_settings use `use_port_channel_for_direct_ha: false` under `wan_ha`.
+
+```diff
+  wan_router:
+    node_groups:
+      - group: Site42
+        cv_pathfinder_region: AVD_Land_West
+        cv_pathfinder_site: Site42
+        wan_ha:
+          enabled: true
++         use_port_channel_for_direct_ha: false
+          ha_interfaces: [Ethernet52]
+          ha_ipv4_pool: 10.10.10.0/24
+```
+
+### Prevent redistributing the MLAG peer link subnets into BGP for all VRFs by default
+
+With AVD version 5.0.0 the subnet of VRF L3 peering VLANs between MLAG peers are no longer redistributed into BGP by default. Previously all connected routes were redistributed to BGP.
+
+To retain the previous behavior, set `redistribute_mlag_ibgp_peering_vrfs` to `true` per tenant or VRF:
+
+```diff
+tenants:
+  - name: Tenant_A
++   redistribute_mlag_ibgp_peering_vrfs: true
+    <...>
+    vrfs:
+      - name: Tenant_A_OP
++       redistribute_mlag_ibgp_peering_vrfs: true
+        <...>
+```
+
 ## Changes to role `arista.avd.eos_cli_config_gen`
 
 TODO: Level 3 sections for each change with details on how to migrate

ansible_collections/arista/avd/docs/release-notes/5.x.x.md

@@ -237,6 +237,21 @@ With AVD version 5.0.0 the default encapsulation used for EVPN iBGP peering betw
 
 See the [porting guide](../porting-guides/5.x.x.md#default-encapsulation-for-wan-evpn-ibgp-peerings-changed-to-path-selection) for details.
 
+#### PREVIEW WAN HA Direct Link now uses Port-Channel by default
+
+TODO: Keep PREVIEW changes at the end as we warn users that PREVIEW mean changes
+
+For WAN direct HA, AVD will now configure a port-channel by default.
+This feature was introduced recently in EOS and may not be supported on your version.
+
+See the [porting guide](../porting-guides/5.x.x.md#preview-wan-ha-direct-link-now-uses-port-channel-by-default) for details.
+
+### Prevent redistributing the MLAG peer link subnets into BGP for all VRFs by default
+
+Starting AVD 5.0.0, default value of `redistribute_mlag_ibgp_peering_vrfs` changed to `false`.
+
+See the [porting guide](../porting-guides/5.x.x.md#prevent-redistributing-the-mlag-peer-link-subnets-into-bgp-for-all-vrfs-by-default)
+
 ### Other breaking or behavioral changes
 
 Breaking changes may require modifications to the inventory or playbook. See the [Porting guide for AVD 5.x.x](../porting-guides/5.x.x.md)

ansible_collections/arista/avd/examples/campus-fabric/documentation/devices/SPINE1.md

@@ -324,7 +324,7 @@ vlan 4094
 
 | Interface | Description | Channel Group | IP Address | VRF |  MTU | Shutdown | ACL In | ACL Out |
 | --------- | ----------- | ------------- | ---------- | ----| ---- | -------- | ------ | ------- |
-| Ethernet52/1 | P2P_LINK_TO_WAN_Ethernet1/1 | - | 10.0.0.3/31 | default | 1500 | False | - | - |
+| Ethernet52/1 | P2P_WAN_Ethernet1/1 | - | 10.0.0.3/31 | default | 1500 | False | - | - |
 
 #### Ethernet Interfaces Device Configuration
 
@@ -351,7 +351,7 @@ interface Ethernet51/1
    channel-group 501 mode active
 !
 interface Ethernet52/1
-   description P2P_LINK_TO_WAN_Ethernet1/1
+   description P2P_WAN_Ethernet1/1
    no shutdown
    mtu 1500
    no switchport

ansible_collections/arista/avd/examples/campus-fabric/documentation/devices/SPINE2.md

@@ -324,7 +324,7 @@ vlan 4094
 
 | Interface | Description | Channel Group | IP Address | VRF |  MTU | Shutdown | ACL In | ACL Out |
 | --------- | ----------- | ------------- | ---------- | ----| ---- | -------- | ------ | ------- |
-| Ethernet52/1 | P2P_LINK_TO_WAN_Ethernet1/1 | - | 10.0.0.5/31 | default | 1500 | False | - | - |
+| Ethernet52/1 | P2P_WAN_Ethernet1/1 | - | 10.0.0.5/31 | default | 1500 | False | - | - |
 
 #### Ethernet Interfaces Device Configuration
 
@@ -351,7 +351,7 @@ interface Ethernet51/1
    channel-group 501 mode active
 !
 interface Ethernet52/1
-   description P2P_LINK_TO_WAN_Ethernet1/1
+   description P2P_WAN_Ethernet1/1
    no shutdown
    mtu 1500
    no switchport

ansible_collections/arista/avd/examples/campus-fabric/intended/configs/SPINE1.cfg

@@ -119,7 +119,7 @@ interface Ethernet51/1
    channel-group 501 mode active
 !
 interface Ethernet52/1
-   description P2P_LINK_TO_WAN_Ethernet1/1
+   description P2P_WAN_Ethernet1/1
    no shutdown
    mtu 1500
    no switchport

ansible_collections/arista/avd/examples/campus-fabric/intended/configs/SPINE2.cfg

@@ -119,7 +119,7 @@ interface Ethernet51/1
    channel-group 501 mode active
 !
 interface Ethernet52/1
-   description P2P_LINK_TO_WAN_Ethernet1/1
+   description P2P_WAN_Ethernet1/1
    no shutdown
    mtu 1500
    no switchport

ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE1.yml

@@ -300,14 +300,14 @@ ethernet_interfaces:
   peer: WAN
   peer_interface: Ethernet1/1
   peer_type: other
-  description: P2P_LINK_TO_WAN_Ethernet1/1
   switchport:
     enabled: false
   shutdown: false
   mtu: 1500
   ip_address: 10.0.0.3/31
   ospf_network_point_to_point: true
   ospf_area: 0.0.0.0
+  description: P2P_WAN_Ethernet1/1
 mlag_configuration:
   domain_id: SPINES
   local_interface: Vlan4094

ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE2.yml

@@ -300,14 +300,14 @@ ethernet_interfaces:
   peer: WAN
   peer_interface: Ethernet1/1
   peer_type: other
-  description: P2P_LINK_TO_WAN_Ethernet1/1
   switchport:
     enabled: false
   shutdown: false
   mtu: 1500
   ip_address: 10.0.0.5/31
   ospf_network_point_to_point: true
   ospf_area: 0.0.0.0
+  description: P2P_WAN_Ethernet1/1
 mlag_configuration:
   domain_id: SPINES
   local_interface: Vlan4094

ansible_collections/arista/avd/examples/dual-dc-l3ls/documentation/devices/dc1-leaf1a.md

@@ -265,22 +265,22 @@ vlan 4094
 
 | Interface | Description | Channel Group | IP Address | VRF |  MTU | Shutdown | ACL In | ACL Out |
 | --------- | ----------- | ------------- | ---------- | ----| ---- | -------- | ------ | ------- |
-| Ethernet1 | P2P_LINK_TO_DC1-SPINE1_Ethernet1 | - | 10.255.255.1/31 | default | 1500 | False | - | - |
-| Ethernet2 | P2P_LINK_TO_DC1-SPINE2_Ethernet1 | - | 10.255.255.3/31 | default | 1500 | False | - | - |
+| Ethernet1 | P2P_dc1-spine1_Ethernet1 | - | 10.255.255.1/31 | default | 1500 | False | - | - |
+| Ethernet2 | P2P_dc1-spine2_Ethernet1 | - | 10.255.255.3/31 | default | 1500 | False | - | - |
 
 #### Ethernet Interfaces Device Configuration
 
 ```eos
 !
 interface Ethernet1
-   description P2P_LINK_TO_DC1-SPINE1_Ethernet1
+   description P2P_dc1-spine1_Ethernet1
    no shutdown
    mtu 1500
    no switchport
    ip address 10.255.255.1/31
 !
 interface Ethernet2
-   description P2P_LINK_TO_DC1-SPINE2_Ethernet1
+   description P2P_dc1-spine2_Ethernet1
    no shutdown
    mtu 1500
    no switchport
@@ -772,7 +772,7 @@ router bgp 65101
       router-id 10.255.0.3
       neighbor 10.255.1.97 peer group MLAG-IPv4-UNDERLAY-PEER
       neighbor 10.255.1.97 description dc1-leaf1b_Vlan3009
-      redistribute connected
+      redistribute connected route-map RM-CONN-2-BGP-VRFS
    !
    vrf VRF11
       rd 10.255.0.3:11
@@ -781,7 +781,7 @@ router bgp 65101
       router-id 10.255.0.3
       neighbor 10.255.1.97 peer group MLAG-IPv4-UNDERLAY-PEER
       neighbor 10.255.1.97 description dc1-leaf1b_Vlan3010
-      redistribute connected
+      redistribute connected route-map RM-CONN-2-BGP-VRFS
 ```
 
 ## BFD
@@ -830,13 +830,22 @@ router bfd
 | 10 | permit 10.255.0.0/27 eq 32 |
 | 20 | permit 10.255.1.0/27 eq 32 |
 
+##### PL-MLAG-PEER-VRFS
+
+| Sequence | Action |
+| -------- | ------ |
+| 10 | permit 10.255.1.96/31 |
+
 #### Prefix-lists Device Configuration
 
 ```eos
 !
 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
    seq 10 permit 10.255.0.0/27 eq 32
    seq 20 permit 10.255.1.0/27 eq 32
+!
+ip prefix-list PL-MLAG-PEER-VRFS
+   seq 10 permit 10.255.1.96/31
 ```
 
 ### Route-maps
@@ -849,6 +858,13 @@ ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 | -------- | ---- | ----- | --- | ------------- | -------- |
 | 10 | permit | ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY | - | - | - |
 
+##### RM-CONN-2-BGP-VRFS
+
+| Sequence | Type | Match | Set | Sub-Route-Map | Continue |
+| -------- | ---- | ----- | --- | ------------- | -------- |
+| 10 | deny | ip address prefix-list PL-MLAG-PEER-VRFS | - | - | - |
+| 20 | permit | - | - | - | - |
+
 ##### RM-MLAG-PEER-IN
 
 | Sequence | Type | Match | Set | Sub-Route-Map | Continue |
@@ -862,6 +878,11 @@ ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 !
+route-map RM-CONN-2-BGP-VRFS deny 10
+   match ip address prefix-list PL-MLAG-PEER-VRFS
+!
+route-map RM-CONN-2-BGP-VRFS permit 20
+!
 route-map RM-MLAG-PEER-IN permit 10
    description Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing
    set origin incomplete