Template tag 'create' overwriting existing node value

tsiemers1 · ‎07-24-2019

Testing with a vrf configuration to push out vrfs for a l3vpn service. When pushing a vrf we don't want to overwrite a vrf RD if it already exists for that vrf. Doing so on a 920 ios-xe deletes the route targets and disrupts traffic. I tried to use the xml tag 'create' to tell the service not to overwirte the RD node, but I am finding that even if the RD node is already set and sync'd to the NSO it will still overwrite it.

create: Creates a node. The node can not already exist. An error is raised if the node exists.

Is this not correct that it should error out since the node already exist? I am not seeing that result

Template:

                                                                                                                                                                   
<config-template xmlns="http://tail-f.com/ns/config/1.0"
                 servicepoint="VRF_TEST">
  <devices xmlns="http://tail-f.com/ns/ncs">
    <device>
      <name>{/device}</name>
      <config>
        <vrf xmlns="urn:ios">
          <definition>
            <name>{/VRF_NAME}</name>
            <rd tags="create">9999:{/RD}</rd>
            <address-family>
              <ipv4>
                <route-target>
                  <export>
                    <asn-ip>9999:{/RTE}</asn-ip>
                  </export>
                  <import>
                    <asn-ip>9999:{/RTI}</asn-ip>
                  </import>
                </route-target>
              </ipv4>
            </address-family>
          </definition>
        </vrf>
      </config>
    </device>
  </devices>
</config-template>

Router Before:

CQ6CORPLBB12#sh run vrf VRF_CREATE_TEST
Building configuration...

Current configuration : 99 bytes
vrf definition VRF_CREATE_TEST
 rd 9999:5222
 !
 address-family ipv4
  route-target export 9999:5201
  route-target import 9999:5201
 exit-address-family
!
!
end

After commit:

CQ6CORPLBB12#sh vrf VRF_CREATE_TEST
  Name                             Default RD            Protocols   Interfaces
  VRF_CREATE_TEST                  <being deleted>       ipv4        
   
CQ6CORPLBB12#sh vrf VRF_CREATE_TEST
  Name                             Default RD            Protocols   Interfaces
  VRF_CREATE_TEST                  9999:5444             ipv4        

CQ6CORPLBB12#sh run vrf VRF_CREATE_TEST
Building configuration...

Current configuration : 99 bytes
vrf definition VRF_CREATE_TEST
 rd 9999:5444
 !
 address-family ipv4
 exit-address-family
!
!
end

commit dry-run | debug template

tas3@labncs(config)# VRF_TEST test2 device CQ6CORPLBB12 VRF_NAME VRF_CREATE_TEST RD 5444 RTE 5201 RTI 5201
tas3@labncs(config-VRF_TEST-test2)# commit dry-run | debug template                                                      
Evaluating "/device" (from file "VRF_TEST-template.xml", line 5)
Context node: /VRF_TEST[name='test2']
Result:
For /VRF_TEST[name='test2']/device[.='CQ6CORPLBB12'], it evaluates to "CQ6CORPLBB12"
Operation 'merge' on existing node: /devices/device[name='CQ6CORPLBB12'] (from file "VRF_TEST-template.xml", line 5)
Evaluating "/VRF_NAME" (from file "VRF_TEST-template.xml", line 9)
Context node: /VRF_TEST[name='test2']/device[.='CQ6CORPLBB12']
Result:
For /VRF_TEST[name='test2'], it evaluates to "VRF_CREATE_TEST"
Operation 'merge' on existing node: /devices/device[name='CQ6CORPLBB12']/config/ios:vrf/definition[name='VRF_CREATE_TEST'] (from file "VRF_TEST-template.xml", line 9)
Operation 'create' on node: /devices/device[name='CQ6CORPLBB12']/config/ios:vrf/definition[name='VRF_CREATE_TEST']/rd (from file "VRF_TEST-template.xml", line 10)
Fetching literal "9999:" (from file "VRF_TEST-template.xml", line 10)
Evaluating "/RD" (from file "VRF_TEST-template.xml", line 10)
Context node: /VRF_TEST[name='test2']
Result:
For /VRF_TEST[name='test2'], it evaluates to "5444"
Setting /devices/device[name='CQ6CORPLBB12']/config/ios:vrf/definition[name='VRF_CREATE_TEST']/rd to "9999:5444"
Operation 'merge' on existing node: /devices/device[name='CQ6CORPLBB12']/config/ios:vrf/definition[name='VRF_CREATE_TEST']/address-family/ipv4 (from file "VRF_TEST-template.xml", line 12)
Fetching literal "9999:" (from file "VRF_TEST-template.xml", line 15)
Evaluating "/RTE" (from file "VRF_TEST-template.xml", line 15)
Context node: /VRF_TEST[name='test2']
Result:
For /VRF_TEST[name='test2'], it evaluates to "5201"
Operation 'merge' on existing node: /devices/device[name='CQ6CORPLBB12']/config/ios:vrf/definition[name='VRF_CREATE_TEST']/address-family/ipv4/route-target/export[asn-ip='9999:5201'] (from file "VRF_TEST-template.xml", line 15)
Fetching literal "9999:" (from file "VRF_TEST-template.xml", line 18)
Evaluating "/RTI" (from file "VRF_TEST-template.xml", line 18)
Context node: /VRF_TEST[name='test2']
Result:
For /VRF_TEST[name='test2'], it evaluates to "5201"
Operation 'merge' on existing node: /devices/device[name='CQ6CORPLBB12']/config/ios:vrf/definition[name='VRF_CREATE_TEST']/address-family/ipv4/route-target/import[asn-ip='9999:5201'] (from file "VRF_TEST-template.xml", line 18)
cli {
    local-node {
        data +VRF_TEST test2 {
             +    device [ CQ6CORPLBB12 ];
             +    RD 5444;
             +    VRF_NAME VRF_CREATE_TEST;
             +    RTI 5201;
             +    RTE 5201;
             +}
              devices {
                  device CQ6CORPLBB12 {
                      config {
                          ios:vrf {
                              definition VRF_CREATE_TEST {
             -                    rd 9999:5222;
             +                    rd 9999:5444;
                              }
                          }
                      }
                  }
              }
    }
}
tas3@labncs(config-VRF_TEST-test2)# commit
Commit complete.

Operation 'create' on node: /devices/device[name='CQ6CORPLBB12']/config/ios:vrf/definition[name='VRF_CREATE_TEST']/rd (from file "VRF_TEST-template.xml", line 10)
Fetching literal "9999:" (from file "VRF_TEST-template.xml", line 10)
Evaluating "/RD" (from file "VRF_TEST-template.xml", line 10)
Context node: /VRF_TEST[name='test2']
Result:
For /VRF_TEST[name='test2'], it evaluates to "5444"
Setting /devices/device[name='CQ6CORPLBB12']/config/ios:vrf/definition[name='VRF_CREATE_TEST']/rd to "9999:5444"

rogaglia · ‎07-24-2019

Hi,

Interesting question. I do not have an answer and it may be something to check with TAC.

However, I wonder if this is really what you want. The thing is that an error woudl mean an exception and a failure of the transaction. If what you want is that the transaction succeeds but that line is not added, we need to think on a different logic.

Regards,

Roque

tsiemers1 · ‎07-24-2019

Thanks, Currently we are working on using the code (python) to evaluate the device and see if that vrf exists and if its current RD matches the one passed into the service. If it doesn't match the current one we will just display a log message or error message to notify the user that the RD wasn't changed.

Was wondering if I was using the create tag wrong or missing something since it works on vrf itself just not the child nodes under it.

Working:
<name tags="create">{/VRF_NAME}</name>

but that does just as you mentioned and causes an exception.

rogaglia · ‎07-26-2019

Hi,

I cannot give you a definitely answer but I would bet that vrf is a list and rd is a leaf. My guess is that the tags="create"/tags="nocreate" may refer only to list or leaf-list elements as there is not such a concept as "create" for a leaf (which you assign to a value).

Roque

Lack of trust in AI recommendations
AI decisions being a “black box”
Skills or knowledge gaps among staff
Security, compliance, or privacy concerns
Fear of automation causing outages or misconfigurations
Data quality and completeness issues
Organizational resistance to change
Other