ANTA Tests for EVPN
Tests¶
Module related to EVPN tests.
VerifyEVPNType5Routes ¶
Verifies EVPN Type-5 routes for given IP prefixes and VNIs.
It supports multiple levels of verification based on the provided input:
- Prefix/VNI only: Verifies there is at least one ‘active’ and ‘valid’ path across all Route Distinguishers (RDs) learning the given prefix and VNI.
- Specific Routes (RD/Domain): Verifies that routes matching the specified RDs and domains exist for the prefix/VNI. For each specified route, it checks if at least one of its paths is ‘active’ and ‘valid’.
- Specific Paths (Nexthop/Route Targets): Verifies that specific paths exist within a specified route (RD/Domain). For each specified path criteria (nexthop and optional route targets), it finds all matching paths received from the peer and checks if at least one of these matching paths is ‘active’ and ‘valid’. The route targets check ensures all specified RTs are present in the path’s extended communities (subset check).
Expected Results
- Success:- If only prefix/VNI is provided: The prefix/VNI exists in the EVPN table and has at least one active and valid path across all RDs.
- If specific routes are provided: All specified routes (by RD/Domain) are found, and each has at least one active and valid path (if paths are not specified for the route).
- If specific paths are provided: All specified routes are found, and for each specified path criteria (nexthop/RTs), at least one matching path exists and is active and valid.
 
- Failure:- No EVPN Type-5 routes are found for the given prefix/VNI.
- A specified route (RD/Domain) is not found.
- No active and valid path is found when required (either globally for the prefix, per specified route, or per specified path criteria).
- A specified path criteria (nexthop/RTs) does not match any received paths for the route.
 
Examples
anta.tests.evpn:
  - VerifyEVPNType5Routes:
      prefixes:
        # At least one active/valid path across all RDs
        - address: 192.168.10.0/24
          vni: 10
        # Specific routes each has at least one active/valid path
        - address: 192.168.20.0/24
          vni: 20
          routes:
            - rd: "10.0.0.1:20"
              domain: local
            - rd: "10.0.0.2:20"
              domain: remote
        # At least one active/valid path matching the nexthop
        - address: 192.168.30.0/24
          vni: 30
          routes:
            - rd: "10.0.0.1:30"
              domain: local
              paths:
                - nexthop: 10.1.1.1
        # At least one active/valid path matching nexthop and specific RTs
        - address: 192.168.40.0/24
          vni: 40
          routes:
            - rd: "10.0.0.1:40"
              domain: local
              paths:
                - nexthop: 10.1.1.1
                  route_targets:
                    - "40:40"
Inputs¶
| Name | Type | Description | Default | 
|---|---|---|---|
| prefixes | list[EVPNType5Prefix] | 
                    List of EVPN Type-5 prefixes to verify.
                   | - | 
Source code in anta/tests/evpn.py
  | 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 |  | 
Input models¶
Module containing input models for EVPN tests.
EVPNPath ¶
Model for an EVPN Type-5 path for a route.
Source code in anta/input_models/evpn.py
  | 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |  | 
EVPNRoute ¶
Model for an EVPN Type-5 route for a prefix.
| Name | Type | Description | Default | 
|---|---|---|---|
| rd | str | 
                    Expected route distinguisher `<admin>:<local assignment>` of the route.
                   | - | 
| domain | Literal['local', 'remote'] | 
                    EVPN domain. Can be remote on gateway nodes in a multi-domain EVPN VXLAN fabric.
                   | 'local' | 
| paths | list[EVPNPath] | None | 
                    Specific paths to verify for this route.
                   | None | 
Source code in anta/input_models/evpn.py
  | 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |  | 
EVPNType5Prefix ¶
Model for an EVPN Type-5 prefix.
| Name | Type | Description | Default | 
|---|---|---|---|
| address | IPv4Interface | IPv6Interface | 
                    IPv4 or IPv6 prefix address to verify.
                   | - | 
| vni | Vni | 
                    VNI associated with the prefix.
                   | - | 
| routes | list[EVPNRoute] | None | 
                    Specific EVPN routes to verify for this prefix.
                   | None | 
Source code in anta/input_models/evpn.py
  | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |  |