[TRM] Add VFI/VPLS Support in Terraform Module

[camschaecisco]

L2 VFI/VPLS Support

Add Terraform mapping logic to translate schema's L2 VFI (Virtual Forwarding Instance) VPLS configurations into the Terraform provider's iosxe_l2_vfi resource attributes.

Schema Mappings

Device L2 VFI Configuration:

• l2_vfi.name → name
• l2_vfi.mode → mode
• l2_vfi.vpn_id → vpn_id
• l2_vfi.neighbors[].ip_address → neighbors[].ip_address
• l2_vfi.neighbors[].encapsulation → neighbors[].encapsulation

Changes

Add new L2 VFI resource module iosxe_l2_vfi.tf:

• name (line 5) - VFI name identifier
• mode (line 6) - VFI mode selection (manual, autodiscovery, point-to-point)
• vpn_id (line 7) - VPN identifier (1-4294967295, required for manual/autodiscovery modes)
• neighbors (lines 8-11) - List of VFI neighbor configurations
  • ip_address (line 9) - Neighbor router IP address
  • encapsulation (line 10) - Encapsulation type (mpls, l2tpv3)
• for_each (line 2) - Multi-device deployment support
• Support for device-specific, default, and null configuration values
• Three-tier fallback hierarchy: device config → global defaults → null
• Pre-commit hooks passed: terraform fmt, tflint, terraform-docs

This Enables Declarative Configuration of:

• L2 VPN Virtual Forwarding Instances (VFI) for VPLS deployments
• Per-device L2 VFI policies with global default fallback
• Three VFI modes: manual (static configuration), autodiscovery (BGP-based), point-to-point (direct connection)
• Multiple encapsulation types (MPLS, L2TPv3) for flexible transport options
• Multiple neighbors per VFI for multi-point VPLS topologies
• VPN ID assignment for service instance identification
• Multi-device VPLS deployments from centralized YAML data models
• Network-wide L2 VPN service provisioning
• Consistent VPLS forwarding behavior across campus and data center fabrics
• GitOps workflows for L2 VPN configuration management

Version Requirements

IOS-XE 17.15 and later:

• ✅ name - VFI name identifier
• ✅ mode - VFI mode (manual, autodiscovery, point-to-point)
• ✅ vpn_id - VPN identifier (manual/autodiscovery modes only)
• ✅ neighbors - Neighbor configuration with IP address and encapsulation

Platform Notes:

• Both Cat8k routers and Cat9k switches support L2 VFI/VPLS features
• vpn_id has YANG constraint: only valid for manual and autodiscovery modes (not point-to-point)
• Point-to-point mode not supported on all platforms (use manual or autodiscovery as fallback)
• IOS-XE 17.12 does not support L2 VFI (ios-features:l2 not available)
• YANG model validation confirms feature availability from IOS-XE 17.15

Example Configuration

Manual Mode VFI with Multiple Neighbors:

iosxe:
  devices:
    - name: Cat8k-Router
      configuration:
        l2_vfi:
          name: TENANT-A
          mode: manual
          vpn_id: 20001
          neighbors:
            - ip_address: 172.16.255.2
              encapsulation: mpls
            - ip_address: 172.16.255.3
              encapsulation: l2tpv3

Autodiscovery Mode VFI:
iosxe:
  devices:
    - name: Cat9k-Switch
      configuration:
        l2_vfi:
          name: TENANT-B
          mode: autodiscovery
          vpn_id: 20002
          neighbors:
            - ip_address: 172.16.255.4
              encapsulation: mpls

Global Defaults:
iosxe:
  defaults:
    configuration:
      l2_vfi:
        mode: manual
        neighbors:
          encapsulation: mpls

Testing

Multi-Platform Validation
- ✅ Catalyst 8000V (Router, IOS-XE 17.15): Global L2 VFI deployed successfully
  - Manual mode with 2 neighbors (mpls + l2tpv3)
- ✅ Catalyst 9200L (Switch, IOS-XE 17.15): Global L2 VFI deployed successfully
  - Autodiscovery mode with 1 neighbor (mpls)

Terraform Operations Verified
- ✅ terraform plan - Correctly identifies L2 VFI configuration changes
- ✅ terraform apply - Successfully creates L2 VFI configuration
- ✅ terraform destroy - Cleanly removes L2 VFI configuration
- ✅ Device verification - All L2 VFI settings present in running-config
- ✅ State management - Proper resource state tracking across lifecycle
- ✅ Idempotency - No changes on second apply

Robot Framework Integration Tests
- ✅ Router tests passed (1/1) - Manual mode with mpls and l2tpv3 encapsulation
- ✅ Switch tests passed (1/1) - Autodiscovery mode with mpls encapsulation
- ✅ RESTCONF validation - JSONPath queries validate all parameters
- ✅ Schema validation - nac-validate passes for all test data

Pre-commit Quality Checks
- ✅ Terraform fmt............................................................Passed
- ✅ Terraform validate with tflint...........................................Passed
- ✅ terraform-docs...........................................................Passed
- ✅ terraform-docs...........................................................Passed
- ✅ terraform-docs...........................................................Passed
- ✅ terraform-docs...........................................................Passed