1 files changed, 23 insertions, 7 deletions
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index af2d0588d..05f68112a 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2022 VyOS maintainers and contributors
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -24,6 +24,7 @@ from vyos.config import Config
 from vyos.configdict import get_interface_dict
 from vyos.configdict import leaf_node_changed
 from vyos.configdict import is_node_changed
+from vyos.configdict import node_changed
 from vyos.configverify import verify_address
 from vyos.configverify import verify_bridge_delete
 from vyos.configverify import verify_mtu_ipv6
@@ -52,13 +53,14 @@ def get_config(config=None):
     # VXLAN interfaces are picky and require recreation if certain parameters
     # change. But a VXLAN interface should - of course - not be re-created if
     # it's description or IP address is adjusted. Feels somehow logic doesn't it?
-    for cli_option in ['external', 'gpe', 'group', 'port', 'remote',
+    for cli_option in ['parameters', 'external', 'gpe', 'group', 'port', 'remote',
                        'source-address', 'source-interface', 'vni']:
-        if leaf_node_changed(conf, base + [ifname, cli_option]):
+        if is_node_changed(conf, base + [ifname, cli_option]):
             vxlan.update({'rebuild_required': {}})
+            break
 
-    if is_node_changed(conf, base + [ifname, 'parameters']):
-        vxlan.update({'rebuild_required': {}})
+    tmp = node_changed(conf, base + [ifname, 'vlan-to-vni'], recursive=True)
+    if tmp: vxlan.update({'vlan_to_vni_removed': tmp})
 
     # We need to verify that no other VXLAN tunnel is configured when external
     # mode is in use - Linux Kernel limitation
@@ -89,8 +91,8 @@ def verify(vxlan):
             raise ConfigError('Multicast VXLAN requires an underlaying interface')
         verify_source_interface(vxlan)
 
-    if not any(tmp in ['group', 'remote', 'source_address'] for tmp in vxlan):
-        raise ConfigError('Group, remote or source-address must be configured')
+    if not any(tmp in ['group', 'remote', 'source_address', 'source_interface'] for tmp in vxlan):
+        raise ConfigError('Group, remote, source-address or source-interface must be configured')
 
     if 'vni' not in vxlan and 'external' not in vxlan:
         raise ConfigError(
@@ -148,6 +150,20 @@ def verify(vxlan):
                     raise ConfigError(error_msg)
                 protocol = 'ipv4'
 
+    if 'vlan_to_vni' in vxlan:
+        if 'is_bridge_member' not in vxlan:
+            raise ConfigError('VLAN to VNI mapping requires that VXLAN interface '\
+                              'is member of a bridge interface!')
+
+        vnis_used = []
+        for vif, vif_config in vxlan['vlan_to_vni'].items():
+            if 'vni' not in vif_config:
+                raise ConfigError(f'Must define VNI for VLAN "{vif}"!')
+            vni = vif_config['vni']
+            if vni in vnis_used:
+                raise ConfigError(f'VNI "{vni}" is already assigned to a different VLAN!')
+            vnis_used.append(vni)
+
     verify_mtu_ipv6(vxlan)
     verify_address(vxlan)
     verify_bond_bridge_member(vxlan)