[BGP] Implement EVPN Advanced Support in Terraform Provider

[Dan-Dev-Net]

Related Issue(s)

Fixes #471

Proposed Changes

This PR implements support for BGP L2VPN EVPN advanced configuration attributes, enabling fine-tuned control over EVPN routing behavior and nexthop tracking optimization.

Changes Made:

YANG Definition Updates (Manual):

• gen/definitions/bgp_address_family_l2vpn.yaml - Added 3 new attributes for EVPN advanced configuration

Auto-Generated Code Updates (via make gen):

• Provider resources and data sources for BGP L2VPN address-family
• Documentation (Markdown files)
• Examples (Terraform configurations)
• Test files

Attributes Implemented:

1. rewrite_evpn_rt_asn (boolean)

   • YANG Path: /native/router/ios-bgp:bgp/address-family/no-vrf/l2vpn/l2vpn-evpn/rewrite-evpn-rt-asn
   • YANG Type: empty (mapped to boolean)
   • Purpose: Enable Route Target ASN rewriting for multi-AS EVPN deployments

2. nexthop_trigger_enable (boolean)

   • YANG Path: /native/router/ios-bgp:bgp/address-family/no-vrf/l2vpn/l2vpn-evpn/bgp/nexthop/trigger/enable
   • YANG Type: boolean
   • Default: true
   • Purpose: Enable nexthop tracking (prerequisite for delay configuration)

3. nexthop_trigger_delay (integer)

   • YANG Path: /native/router/ios-bgp:bgp/address-family/no-vrf/l2vpn/l2vpn-evpn/bgp/nexthop/trigger/delay
   • YANG Type: uint8
   • Range: 0-100
   • Default: 5
   • Purpose: Set delay (in seconds) for nexthop tracking to optimize route convergence
   • Dependency: Requires nexthop_trigger_enable = true (YANG when constraint)

Configuration Example:

resource "iosxe_bgp" "example" {
  asn                  = "65000"
  default_ipv4_unicast = false
  log_neighbor_changes = true
}

resource "iosxe_bgp_address_family_l2vpn" "evpn" {
  asn     = iosxe_bgp.example.asn
  af_name = "evpn"

  # EVPN Advanced Configuration (NEW)
  rewrite_evpn_rt_asn    = true
  nexthop_trigger_enable = true
  nexthop_trigger_delay  = 10
}

Resulting IOS-XE Configuration:

router bgp 65000
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 !
 address-family l2vpn evpn
  rewrite-evpn-rt-asn
  bgp nexthop trigger enable
  bgp nexthop trigger delay 10
 exit-address-family

Robot Test(s)

Test Environment:

• Device: Cisco CSR1000v
• IOS-XE Version: 17.x
• IP Address: 10.81.239.54
• Protocol: RESTCONF (HTTPS)
• Test Method: Local provider development build

Test Results:

Terraform Plan:

$ terraform plan
Plan: 1 to add, 0 to change, 0 to destroy.

# iosxe_bgp_address_family_l2vpn.evpn_advanced_test will be created
+ resource "iosxe_bgp_address_family_l2vpn" "evpn_advanced_test" {
    + af_name                = "evpn"
    + asn                    = "65000"
    + nexthop_trigger_delay  = 10        # NEW
    + nexthop_trigger_enable = true      # NEW
    + rewrite_evpn_rt_asn    = true      # NEW
  }

Terraform Apply:

$ terraform apply -auto-approve
iosxe_bgp_address_family_l2vpn.evpn_advanced_test: Creating...
iosxe_bgp_address_family_l2vpn.evpn_advanced_test: Creation complete after 0s

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Idempotency Test (Second Apply):

$ terraform apply -auto-approve
iosxe_bgp_address_family_l2vpn.evpn_advanced_test: Refreshing state...

No changes. Your infrastructure matches the configuration.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

✓ Idempotency Verified: Provider correctly reads back configuration

Device Verification:

Router# show running-config | section router bgp
router bgp 65000
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 !
 address-family l2vpn evpn
  rewrite-evpn-rt-asn                    ✓ VERIFIED
  bgp nexthop trigger enable             ✓ VERIFIED
  bgp nexthop trigger delay 10           ✓ VERIFIED
 exit-address-family

Test Artifacts:

• ✓ Provider builds successfully with Go 1.24.4
• ✓ Terraform plan succeeds
• ✓ Terraform apply succeeds
• ✓ Configuration written to device via RESTCONF
• ✓ Configuration verified on device via CLI
• ✓ Idempotency verified (no changes on second apply)
• ✓ All 3 attributes functioning correctly

Cisco IOS-XE Version

Developed Against: IOS-XE 17.x (CSR1000v)
YANG Module: Cisco-IOS-XE-bgp (revision 2024-07-01)

External Repo Link

This PR is part of a coordinated enhancement across three repositories:

1. terraform-provider-iosxe (Issue #471) - THIS PR
2. nac-iosxe (Issue #472)
3. terraform-iosxe-nac-iosxe (Issue #473)

Master Epic: #474 - Complete EVPN Advanced Configuration Support

Note: Issues #472 and #473 will be submitted as PRs for review and will be pending the release of this provider change.

Checklist

• Latest commit is rebased from develop with merge conflicts resolved
• New or updates to documentation has been made accordingly (auto-generated via make gen)
• Robot test(s) included or updated for data model updates or additions
  • Comprehensive testing performed on live IOS-XE device (10.81.239.54)
• If applicable, external repo link, e.g. Ansible Collection, provided
• Assigned the proper reviewers

Additional Notes

Critical YANG Discovery:

During YANG model exploration, we discovered that the nexthop trigger delay attribute has a YANG when constraint: when ../enable = 'true'. This means users cannot configure the delay without the enable attribute being true.

Issue Description specified 2 CLI commands:

rewrite-evpn-rt-asn
bgp nexthop trigger delay 10

YANG Model revealed 3 attributes are required:

rewrite-evpn-rt-asn                   # Attribute 1
bgp nexthop trigger enable            # Attribute 2 (PREREQUISITE)
bgp nexthop trigger delay 10          # Attribute 3 (DEPENDS ON #2)

While the enable attribute defaults to true, implementing all 3 attributes provides:

• Complete YANG model coverage
• Explicit control over nexthop tracking
• Ability to disable tracking if needed
• Proper dependency handling

Build Process:

# Code generation
make gen

# Verification
go version  # Go 1.24.4
Provider builds successfully (9 files changed, 166 insertions)

Backwards Compatibility:

✓ This change is fully backwards compatible. Existing L2VPN EVPN configurations continue to work. The new attributes are optional and default to standard EVPN behavior.

Use Cases:

Multi-AS EVPN Deployments:

• rewrite_evpn_rt_asn = true enables RT rewriting when EVPN routes cross AS boundaries

Nexthop Tracking Optimization:

• nexthop_trigger_enable = true (default) maintains standard nexthop tracking
• nexthop_trigger_delay = 10 adds a 10-second delay before triggering nexthop tracking, useful for:
  • Large-scale EVPN fabrics
  • Preventing route flapping during network convergence
  • Optimizing CPU utilization during topology changes

Files Changed:

• gen/definitions/bgp_address_family_l2vpn.yaml (manual edit)
• 8 auto-generated files via make gen:
  • internal/provider/model_iosxe_bgp_address_family_l2vpn.go
  • internal/provider/resource_iosxe_bgp_address_family_l2vpn.go
  • internal/provider/data_source_iosxe_bgp_address_family_l2vpn.go
  • docs/resources/bgp_address_family_l2vpn.md
  • docs/data-sources/bgp_address_family_l2vpn.md
  • examples/resources/iosxe_bgp_address_family_l2vpn/resource.tf
  • 2 test files

Total: 9 files changed, +166 lines

---

This PR enables comprehensive EVPN advanced configuration support, providing network engineers with granular control over EVPN routing behavior and nexthop tracking optimization.

[danischm]

shouldn't we add the bgp_ prefix here for clarity?

[danischm]

Why do we set a default value here?

[danischm]

same as above

[Dan-Dev-Net]

Clicked wrong button, I am reviewing the suggestions above

[Dan-Dev-Net]

Hi @danischm, thanks for the review!

Re: Naming Convention (bgp_ prefix)

Agreed - I'll add the bgp_ prefix for clarity:

• nexthop_trigger_delay → bgp_nexthop_trigger_delay

This aligns with the YANG path structure (bgp/nexthop/trigger/...) and improves readability.

Re: Default Values & nexthop_trigger_enable

Good catch on the defaults! After reviewing the YANG model and IOS-XE behavior:

Proposed Solution: Remove nexthop_trigger_enable entirely

Reasoning:

• enable defaults to true on IOS-XE (nexthop tracking is enabled by default)
• It's only needed if a user wants to explicitly disable tracking
• The delay attribute can be configured independently (IOS-XE accepts it when enable is true by default)
• Simpler user experience - users only configure the delay value they need

Updated Implementation:

# BEFORE (3 attributes)
rewrite_evpn_rt_asn: true
nexthop_trigger_enable: true    # ← Remove this
nexthop_trigger_delay: 10

# AFTER (2 attributes)
rewrite_evpn_rt_asn: true
bgp_nexthop_trigger_delay: 10   # ← Renamed with bgp_ prefix

Impact: This simplifies the implementation and will require updates across the
schema (#472) and module (#473) repos. I'll make these changes and update all three PRs.