Porting Guide for Ansible AVD 6.x.x

Major releases of AVD can contain breaking changes. This porting guide addresses how to update your inventory and playbooks to be compatible with new default behaviors and changed data models when upgrading from AVD 5.x versions.

Note

To upgrade from AVD version 4.x, first upgrade to AVD 5.7 using the Porting Guide for Ansible AVD 5.x.x and then upgrade to 6.x with this guide.

Users of eos_designs need to consider the changes in eos_cli_config_gen when using structured configuration.

Common changes

All eos_designs and eos_cli_config_gen variables are always validated by schemas

In AVD 6.0.0, all eos_designs and eos_cli_config_gen keys are validated by schemas and execution will stop for any violations. If additional custom keys are desired, a key starting with an underscore _ will be ignored by validation.

It was previously possible to only warn about input schema violations, but this is no longer allowed.

-avd_data_validation_mode: warning

Requirements changes

ansible.utils collection was removed from the arista.avd Ansible collection

Until 5.x, ansible.utils collection was a requirement of arista.avd Ansible collection.

This has been removed in AVD 6.0.0. If you were using the ansible.utils collection functionalities in your playbooks or templates, you now need to add the installation of the collection to your environment. You will need to adjust your scripts to install your environment to add this collection.

As an example, you can install it in your environment using:

ansible-galaxy collection install ansible.utils

Jinja2 extensions no longer needed in ansible.cfg

Until 5.x, the AVD documentation indicated that it was necessary to configure some Jinja2 extensions in ansible.cfg This is no longer needed as the extensions are automatically loaded in pyavd when compiling the Jinja2 templates.

 [defaults]
-jinja2_extensions = jinja2.ext.loopcontrols,jinja2.ext.do,jinja2.ext.i18n

anta is now a core dependency of pyavd

In AVD 6.0.0, the anta library has been promoted from an optional dependency (previously part of the ansible-collection extra) to a core requirement of pyavd.

This ensures that ANTA-related PyAVD functions are available immediately upon installation without requiring additional extras or manual package installation.

Removal of Ansible components

The following Ansible components have been removed from the arista.avd Ansible collection in version 6.0.0.

Component type	Name	Replacement
Filter	arista.avd.xxx
Action plugin/Module	arista.avd.configlet_build_config	The internal arista.avd.configlet_build_config module is no longer used by AVD. The plugin is released as open source, so it can be copied and reused according to the license and copyright.
Action plugin/Module	arista.avd.inventory_to_container	The internal arista.avd.inventory_to_container module is no longer used by AVD. The plugin is released as open source, so it can be copied and reused according to the license and copyright.
Role	arista.avd.dhcp_provisioner	The role is not compatible with modern DHCP servers and should not be used for production. The arista.avd.dhcp_provisioner role is released as open source, so it can be copied and reused according to the license and copyright.
Role	arista.avd.eos_config_deploy_cvp	Migrate to arista.avd.cv_deploy. See the detailed porting guide for instructions.
Role	arista.avd.cvp_configlet_upload	Migrate to arista.avd.cv_deploy. See the detailed porting guide for instructions.

Changes to Ansible components

sort_key is now mandatory when sorting list of dictionaries using arista.avd.natural_sort

In AVD 6.0.0, sort_key is now mandatory when sorting list of dictionaries using arista.avd.natural_sort. Previously, sort_key was not required and when omitted, the key used to sort was the output of str on each items. This could lead to inconsistent behavior when the items do not have keys in the same order in the dictionary.

       exporter {{ exporter.name }}
-{%             for collector in exporter.collectors | arista.avd.natural_sort %}
+{%             for collector in exporter.collectors | arista.avd.natural_sort(sort_key="host") %}
 {%                 set collector_cli = "collector " ~ collector.host %}
 {%                 if collector.port is arista.avd.defined %}
 {%                     set collector_cli =  collector_cli ~ " port " ~ collector.port %}

Changes to role arista.avd.eos_designs

Removal of deprecated eos_designs data models

The following data model keys have been removed from eos_designs in AVD 6.0.0.

Removed key	New key
aaa_settings.accounting.exec.console.group	aaa_settings.accounting.exec.console.methods[].group
aaa_settings.accounting.exec.console.logging	aaa_settings.accounting.exec.console.methods[].method
aaa_settings.accounting.exec.default.group	aaa_settings.accounting.exec.default.methods[].group
aaa_settings.accounting.exec.default.logging	aaa_settings.accounting.exec.default.methods[].method
aaa_settings.accounting.system.default.group	aaa_settings.accounting.system.default.methods[].group
aaa_settings.accounting.dot1x.default.type	dot1x_settings.accounting.mode
aaa_settings.accounting.dot1x.default.group	dot1x_settings.accounting.radius_groups
aaa_settings.accounting.dot1x.default.methods[].multicast	dot1x_settings.accounting.multicast
aaa_settings.accounting.dot1x.default.methods[].method	dot1x_settings.accounting.syslog
aaa_settings.accounting.dot1x.default.methods[].group	dot1x_settings.accounting.radius_groups
aaa_settings.accounting.commands[].console[].group	aaa_settings.accounting.commands[].console[].methods[].group
aaa_settings.accounting.commands[].console[].logging	aaa_settings.accounting.commands[].console[].methods[].method
aaa_settings.accounting.commands[].default[].group	aaa_settings.accounting.commands[].default[].methods[].group
aaa_settings.accounting.commands[].default[].logging	aaa_settings.accounting.commands[].default[].methods[].method
aaa_settings.authorization.dynamic.dot1x_additional_groups	dot1x_settings.dynamic_authorization.additional_groups
aaa_settings.authentication.dot1x.default	dot1x_settings.authentication.radius_groups
avd_6_behaviors	-
core_interfaces.p2p_links[].structured_config	core_interfaces.p2p_links.ethernet_structured_config or core_interfaces.p2p_links.port_channel_structured_config
core_interfaces.p2p_links[].underlay_multicast	core_interfaces.p2p_links.multicast_pim_sm
core_interfaces.p2p_links_profiles[].structured_config	core_interfaces.p2p_links_profiles.ethernet_structured_config or core_interfaces.p2p_links_profiles.port_channel_structured_config
core_interfaces.p2p_links_profiles[].underlay_multicast	core_interfaces.p2p_links_profiles.multicast_pim_sm
cvp_ingestauth_key	-
cvp_instance_ips	cv_settings
cvp_token_file	cv_settings
design	-
flow_tracking_settings.trackers.exporters.collector	flow_tracking_settings.trackers.exporters.collectors
l3_edge.p2p_links[].structured_config	l3_edge.p2p_links.ethernet_structured_config or l3_edge.p2p_links.port_channel_structured_config
l3_edge.p2p_links[].underlay_multicast	l3_edge.p2p_links.multicast_pim_sm
l3_edge.p2p_links_profiles[].structured_config	l3_edge.p2p_links_profiles.ethernet_structured_config or l3_edge.p2p_links_profiles.port_channel_structured_config
l3_edge.p2p_links_profiles[].underlay_multicast	l3_edge.p2p_links_profiles.multicast_pim_sm
name_servers	dns_settings.servers
<network_services_key>[].vrfs[].ipv6_static_routes[].destination_address_prefix	<network_services_key>[].vrfs[].ipv6_static_routes[].prefix
<network_services_key>[].vrfs[].ipv6_static_routes[].gateway	<network_services_key>[].vrfs[].ipv6_static_routes[].next_hop
<network_services_key>[].vrfs[].static_routes[].destination_address_prefix	<network_services_key>[].vrfs[].static_routes[].prefix
<network_services_key>[].vrfs[].static_routes[].gateway	<network_services_key>[].vrfs[].static_routes[].next_hop
node_type_keys[].interface_descriptions.overlay_loopback_interface	node_type_keys[].interface_descriptions.router_id_loopback_interface
<node_type_key>.defaults.uplink_structured_config	<node_type_key>.defaults.uplink_port_channel_structured_config or <node_type_key>.defaults.uplink_ethernet_structured_config or <node_type_key>.defaults.uplink_switch_ethernet_structured_config or <node_type_key>.defaults.uplink_switch_port_channel_structured_config
<node_type_key>.node_groups[].nodes[].uplink_structured_config	<node_type_key>.node_groups[].nodes[].uplink_port_channel_structured_config or <node_type_key>.node_groups[].nodes[].uplink_ethernet_structured_config or <node_type_key>.node_groups[].nodes[].uplink_switch_ethernet_structured_config or <node_type_key>.node_groups[].nodes[].uplink_switch_port_channel_structured_config
<node_type_key>.node_groups[].uplink_structured_config	<node_type_key>.node_groups[].uplink_port_channel_structured_config or <node_type_key>.node_groups[].uplink_ethernet_structured_config or <node_type_key>.node_groups[].uplink_switch_ethernet_structured_config or <node_type_key>.node_groups[].uplink_switch_port_channel_structured_config
<node_type_key>.nodes[].uplink_structured_config	<node_type_key>.nodes[].uplink_port_channel_structured_config or <node_type_key>.nodes[].uplink_ethernet_structured_config or <node_type_key>.nodes[].uplink_switch_ethernet_structured_config or <node_type_key>.nodes[].uplink_switch_port_channel_structured_config
overlay_loopback_description	router_id_loopback_description
snmp_settings.enable_inband_mgmt_vrf	snmp_settings.vrfs[name="use_inband_mgmt_vrf"].enabled
snmp_settings.enable_mgmt_interface_vrf	snmp_settings.vrfs[name="use_mgmt_interface_vrf"].enabled
snmp_settings.hosts[].use_inband_mgmt_vrf	snmp_settings.hosts[vrf=use_inband_mgmt_vrf]
snmp_settings.hosts[].use_mgmt_interface_vrf	snmp_settings.hosts[vrf=use_mgmt_interface_vrf]
snmp_settings.ipv4_acls	snmp_settings.vrfs[].ipv4_acl
snmp_settings.ipv6_acls	snmp_settings.vrfs[].ipv6_acl
source_interfaces.domain_lookup	dns_settings
source_interfaces.radius	aaa_settings.radius.vrfs[].source_interface or aaa_settings.radius.servers[].vrf: use_mgmt_interface_vrf or aaa_settings.radius.servers[].vrf: use_inband_mgmt_vrf
source_interfaces.snmp	snmp_settings.vrfs[].source_interface or snmp_settings.hosts[].vrf: use_mgmt_interface_vrf or snmp_settings.hosts[].vrf: use_inband_mgmt_vrf or avd_6_behaviors.snmp_settings_vrfs
source_interfaces.tacacs	aaa_settings.tacacs.vrfs[].source_interface or aaa_settings.tacacs.servers[].vrf: use_mgmt_interface_vrf or aaa_settings.tacacs.servers[].vrf: use_inband_mgmt_vrf
terminattr_disable_aaa	cv_settings.terminattr.disable_aaa
terminattr_ingestexclude	cv_settings.terminattr.ingestexclude
terminattr_ingestgrpcurl_port	cv_settings
terminattr_smashexcludes	cv_settings.terminattr.smashexcludes
underlay_mutlticast	underlay_mutlticast_pim_sm or <node_type_key>.defaults.underlay_multicast.pim_sm.enabled or <node_type_key>.node_groups[].underlay_multicast.pim_sm.enabled or <node_type_key>.node_groups[].nodes[].underlay_multicast.pim_sm.enabled or <node_type_key>.nodes[].underlay_multicast.pim_sm.enabled
underlay_ospf_authentication.message_digest_keys[].key	underlay_ospf_authentication.message_digest_keys[].cleartext_key

Enhanced conflict detection in eos_designs

In AVD 5.x, conflict detection was done per data model (e.g., network_services, connected_endpoints, …). This implies that it was possible to declare conflicting information between data models (e.g., overwriting an MLAG interface in connected_endpoints), which could lead to difficult-to-track errors.

Starting with AVD 6.0.0, conflict detection is now done across all data models, allowing for much stronger detection of these conflicting configurations.

You may experience errors when migrating. In general, these errors indicate that you had conflicting inputs across different data models in your variables and you should adjust them accordingly.

For example, it was possible to overwrite the MLAG interface in l3edge:

---
type: l3leaf

l3leaf:
  defaults:
    platform: vEOS-LAB
    loopback_ipv4_pool: 192.168.255.0/24
    vtep_loopback_ipv4_pool: 192.168.254.0/24
    virtual_router_mac_address: 00:dc:00:00:00:0a
    mlag_peer_l3_ipv4_pool: 10.255.251.0/24
    mlag_peer_ipv4_pool: 10.255.252.0/24
    mlag_interfaces: [Ethernet3, Ethernet4]
    bgp_as: 65101
  node_groups:
    - group: MLAG_GROUP
      nodes:
        - name: mlag-leaf-1
          id: 1
          mgmt_ip: 192.168.200.101/24
        - name: mlag-leaf-2
          id: 2
          mgmt_ip: 192.168.200.102/24

l3_edge:
  p2p_links:
    - id: 1
      nodes: [mlag-leaf-1, peer]
      # This configuration is accepted in AVD 5.x.x
      interfaces: [Ethernet3, Ethernet1]
      include_in_underlay_protocol: false

But in AVD 6.0.0, it will raise this issue:

fatal: [mlag-leaf-1 -> localhost]: FAILED! => {"changed": false, "msg": "Found duplicate objects with conflicting data while generating configuration for EthernetInterfaces.
{'name': 'Ethernet3', 'description': 'L3_EDGE_peer_Ethernet1', 'shutdown': False, 'mtu': 9214, 'metadata': {'peer': 'peer', 'peer_interface': 'Ethernet1', 'peer_type': 'other'},
'switchport': {'enabled': False}} conflicts with {'name': 'Ethernet3', 'description': 'MLAG_PEER_mlag-leaf-2_Ethernet3', 'shutdown': False, 'channel_group': {'id': 3, 'mode': 'active'},
'metadata': {'peer': 'mlag-leaf-2', 'peer_interface': 'Ethernet3', 'peer_type': 'mlag_peer'}}."}

Removed the support of wan_use_evpn_node_settings_for_lan key

In AVD 5.x, the key wan_use_evpn_node_settings_for_lan was used as preview to use overlay_routing_protocol, evpn_role and vtep node settings for LAN side on WAN devices

Starting with AVD 6.0.0, this is the only possible behavior and the key has been removed.

Change in default value of default_overlay_routing_protocol for wan_router and wan_rr node type

In AVD 5.x, the default value of default_overlay_routing_protocol was ibgp.

Starting with AVD 6.0.0, the default value of default_overlay_routing_protocol has been changed to none.

To retain the previous behavior, the following change is required:

node_type_keys:
  - key: "wan_router"
    type: "wan_router"
    default_evpn_role: "client"
    default_wan_role: "client"
    default_underlay_routing_protocol: "none"
+   default_overlay_routing_protocol: "ibgp"
    default_flow_tracker_type: "hardware"
    vtep: true
    network_services:
      l3: true
  - key: "wan_rr"
    type: "wan_rr"
    default_evpn_role: "server"
    default_wan_role: "server"
    default_underlay_routing_protocol: "none"
+   default_overlay_routing_protocol: "ibgp"
    default_flow_tracker_type: "hardware"
    vtep: true
    network_services:
      l3: true

Change in default value of default_evpn_role for wan_router and wan_rr node type

In AVD 5.x, the default value of default_evpn_role was client for the wan_router node type and server for the wan_rr node type.

Starting with AVD 6.0.0, the default value has been changed to none for both wan_router and wan_rr.

To retain the previous behavior, the following change is required:

node_type_keys:
  - key: "wan_router"
    type: "wan_router"
+   default_evpn_role: "client"
    default_wan_role: "client"
    default_underlay_routing_protocol: "none"
    default_overlay_routing_protocol: "ibgp"
    default_flow_tracker_type: "hardware"
    vtep: true
    network_services:
      l3: true
  - key: "wan_rr"
    type: "wan_rr"
+   default_evpn_role: "server"
    default_wan_role: "server"
    default_underlay_routing_protocol: "none"
    default_overlay_routing_protocol: "ibgp"
    default_flow_tracker_type: "hardware"
    vtep: true
    network_services:
      l3: true

wan_mode: autovpn renamed wan_mode: legacy-autovpn

With AVD version 6.0.0 the valid values for wan_mode key have changed. If using the autovpn mode in AVD 5.x, the wan_mode key needs to be updated to legacy-autovpn.

-  wan_mode: autovpn
+  wan_mode: legacy-autovpn

OSPF Graceful Restart is now enabled by default in the underlay

In AVD 5.x, the default value of underlay_ospf_graceful_restart was false.

Starting with AVD 6.0.0, the default value of underlay_ospf_graceful_restart has been changed to true.

To retain the previous behavior, the following change is required:

+ underlay_ospf_graceful_restart: false

The default value for snmp_settings.compute_local_engineid_source is now rfc3411_type5

In AVD 5.x, the default value of snmp_settings.compute_local_engineid_source was hostname_and_ip. This method has several issues; firstly the method is not using the inband management IP, even if no management interface IP is set, and secondly the resulting Engine ID is not compliant with the RFC3411 format.

Starting with AVD 6.0.0, the default value has been changed to rfc3411_type5. This now generates a RFC3411 Type 5 compliant engine ID and handles the inband management IP cases properly.

To retain the previous behavior, the following change is required:

snmp_settings:
+  compute_local_engineid_source: hostname_and_ip

It is not possible anymore to override data from the Underlay OSPF process in network_services

In AVD 5.x, it was possible to override data from the Underlay OSPF process from network_services using the default VRF.

Starting with AVD 6.0.0, it is only possible to add data to the process but not to override values anymore.

To retain previous behaior, it is necessary to either leverage available variables for the underlay or to use custom_structured_configuration.

 underlay_routing_protocol: ospf
 underlay_ospf_process_id: 101
 underlay_ospf_graceful_restart: false
+underlay_ospf_max_lsa: 42

 tenants:
   - name: Tenant-A
     vrfs:
       - name: default
         vrf_id: 2
         ospf:
           enabled: true
           process_id: 101
-          # max_lsa overwrites underlay ospf max_lsa of 12000.
-          max_lsa: 42

Programming all forwarding paths of ECMP routes in the kernel is now enabled via the CLI for WAN routers

In AVD 5.x, for historical reason, the ECMP route programming was enabled by default using an environment variable for the Agent. Effectively, it meant that the default value of wan_use_agent_env_var_for_kernel_software_forwarding_ecmp was true.

Starting with AVD 6.0.0, The key wan_use_agent_env_var_for_kernel_software_forwarding_ecmp has been removed. A new key kernel_ecmp_cli under node_type settings has been introduced to control this behavior with default: true i.e. the functionality is now enabled by default via the proper CLI.

To retain the previous behavior, for instance because your device does not support the CLI introduced in EOS 4.33.2F, the following change is required:

- wan_use_agent_env_var_for_kernel_software_forwarding_ecmp: true
+ l3leaf:
+   nodes:
+    - name: kernel-ecmp-cli-node1
+      kernel_ecmp_cli: false

Change of default behavior for PIM-SM multicast for core_interfaces.p2p_links and l3_edge.p2p_links

In AVD 5.x.x, enabling PIM-SM on a core_interface or l3_edge link required all of the following settings:

• underlay_multicast: true at the global level
• underlay_multicast: true and include_in_underlay_protocol: true at the link or profile level

As of AVD 6.0.0, the global underlay_mutlicast is replaced with node setting underlay_multicast.pim_sm.enabled or global underlay_mutlicast_pim_sm. Additionally, the underlay_multicast key has been replaced by multicast_pim_sm for both core_interfaces.p2p_links[] and l3_edge.p2p_links[].

The breaking change in default behavior is for l3_edge and core_interfaces P2P links. PIM-SM is now automatically configured on links when include_in_underlay_protocol: true, provided that PIM-SM is already enabled globally (either through node settings or the global key). To retain the previous behavior, the following change is required:

- underlay_multicast: true
# # The next line enables globally
+ underlay_mutlicast_pim_sm: true

 l3leafs:
   [...]
   nodes:
     - name: MULTICAST_LEAF
+      # Alternatively, PIM-SM can be enabled at the node setting level
+      underlay_multicast:
+        pim_sm:
+          enabled: true

 # The same applies for l3_edge
 core_interfaces:
   p2p_links:
     - nodes: [MULTICAST_LEAF, MULTICAST_PEER]
       [...]
       include_in_underlay_protocol: true
+      # previously `underlay_multicast` had a default of `false`
+      multicast_pim_sm: false

Tip

To avoid editing every single p2p_links, it is possible to leverage p2p_links_profiles.

SNMP snmp-server IPv4 and IPv6 ACLs are now only configured when the VRF is enabled under snmp_settings.vrfs

In AVD 5.x, SNMP snmp-server IPv4 and IPv6 ACLs were rendered even when the VRF was not enabled under snmp_settings.vrfs.

Starting AVD 6.0.0, it is required to set enable: true under the VRF in order to render IPV4 and IPV6 ACLs or use custom_structured_config.

snmp_settings:
   vrfs:
    - name: Test_VRF
+     enable: true
      ipv4_acl: IPV4

Length of uplink_interfaces, uplink_switches and uplink_switch_interfaces has to be same

In AVD 5.x, mismatched lengths for uplink_interfaces, uplink_switches, and uplink_switch_interfaces do not trigger an error. Instead, AVD silently defaults to the minimum length of the three lists, effectively ignoring any trailing entries in the longer lists during configuration generation.

Starting with AVD 6.0.0, the number of entries in uplink_interfaces and uplink_switch_interfaces must match the number of entries in uplink_switches. If this requirement is not met, AVD will raise an appropriate error.

If an error is generated after upgrading, you may need to adjust your inputs and make sure all three lists have the same size:

l3leaf:
  nodes:
    - name: Test_device
      id: 1
      mgmt_ip: 172.16.1.15/24
      uplink_switches: ['uplink-switch-1', 'uplink-switch-1']
-     uplink_interfaces: ['Ethernet1']
+     uplink_interfaces: ['Ethernet1', 'Ethernet2']
-     uplink_switch_interfaces: ['Ethernet3']
+     uplink_switch_interfaces: ['Ethernet3', 'Ethernet4']

Configure BGP AS notation to Asdot/Asplain using bgp_as_notation

In AVD 5.x, all BGP AS would get converted to asplain format in EOS even when it is given in asdot format in eos_designs input, since the option to set AS notation was not available in eos_designs.

Starting AVD 6.0.0, BGP AS notation can be set by defining bgp_as_notation to auto, asdot or asplain default value is auto.

When bgp_as_notation: auto (default), AVD takes decision based on the device input AS number: - If the AS number contains a dot (.), all other AS numbers get converted to asdot notation. - If the AS number does not contain a dot, all other AS numbers get converted to asplain notation.

It may not be possible to retain the old behavior if you had a mix and match of asdot and asplain notation, which was not rendering what EOS would have rendered anyway.

Default value of underlay_ospf_maximum_paths is set to 128

In AVD 5.x, the parameter underlay_ospf_maximum_paths(maximum number of OSPF next-hops in an ECMP route) had no default value.

Starting AVD 6.0.0, default value of underlay_ospf_maximum_paths is set to 128. Since 128 is already the EOS system default, it will neither be rendered in the structured configuration nor the CLI configuration.

Migrating from CloudVision keys to cv_settings

In the previous versions of AVD, you may have defined your CloudVision settings as follows.

Previous VariablesRendered Configuration

cvp_instance_ips:
  - 192.168.200.12
  - 192.168.200.13
cvp_token_file: /tmp/token
terminattr_disable_aaa: true
terminattr_ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent
terminattr_ingestgrpcurl_port: 9910
terminattr_smashexcludes: ale,flexCounter,hardware,kni,pulse,strata

daemon TerminAttr
  exec /usr/bin/TerminAttr -cvaddr=192.168.200.12:9910,192.168.200.13:9910 -cvauth=token,/tmp/token -cvvrf=default -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
  no shutdown

These keys are now removed and replaced with cv_settings, to build a similar output, you should update your variables with the following structure.

AVD 6.xRendered Configuration

cv_settings:
  onprem_clusters:
    - name: MAIN
      servers:
        - name: 192.168.200.12
        - name: 192.168.200.13
  terminattr:
    disable_aaa: true
    ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent
    smashexcludes: ale,flexCounter,hardware,kni,pulse,strata

daemon TerminAttr
  exec /usr/bin/TerminAttr -cvaddr=192.168.200.12:9910,192.168.200.13:9910 -cvauth=token,/tmp/token -cvvrf=default -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -taillogs -cvsourceintf=Management0 -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent
  no shutdown

Note

The example above leverages the built-in defaults, if you would like to override any settings, please refer to the “New key” listed in the table.

Custom keys starting without _ in structured config are no longer supported

In AVD 5.x, custom keys starting with or without _ were accepted in structured config.

Starting AVD 6.0.0, only custom keys that begin with _ are accepted in structured config.

l3leaf:
  nodes:
    - name: host1
      id: 101
      bgp_as: 101
      structured_config:
-        custom_key: [ custom_value ]
+        _custom_key: [ custom_value ]

vrfs[].ospf.process_id and underlay_ospf_process_id must have different values for all VRFs other than default

In AVD 5.x, it was possible to configure the same value for vrfs[].ospf.process_id and underlay_ospf_process_id for any VRF, which was leading to potentially overwritten configuration.

Starting AVD 6.0.0, setting the same value for vrfs[].ospf.process_id and underlay_ospf_process_id is not allowed for any VRF other than default vrf.

An error is raised if any VRF have the same ospf.process_id as underlay_ospf_process_id.

  underlay_ospf_process_id: 101
  tenants:
    - name: Tenant-A
      vrfs:
        - name: ospf-vrf
          vrf_id: 2
          ospf:
            enabled: true
-           process_id: 101
+           process_id: 102 # cannot use same value as underlay_ospf_process_id

Removal of design.type

In AVD 5.x, the variable design.type was used to select between different variants of default values for node_type_keys.

As of AVD 6.x, the design.type variable has been removed. The default values of node_type_keys combine all the default node type from all designs.

# Remove the design.type setting
- design:
-   type: l2ls

Removal of default bgp_ecmp value

In AVD 5.x, bgp_ecmp had a default value of 4 except for WAN routers where there was no default value.

Starting AVD 6.0.0, the default value for bgp_ecmp has been removed to take advantage of the default value in EOS, which will be the maximum supported ECMP routes for the platform. Now bgp_ecmp must be explicitly defined if required.

To retain the previous behavior, set the value explicitly in your input variables:

+ bgp_ecmp: 4

eAPI is not enabled by default anymore in eos_designs

In previous versions, management_eapi.enabled was true by default.

In AVD 6.0, this is not the case anymore and eAPI needs to be explicitly enabled as follows:

management_eapi:
+ enabled: true
  enable_https: true

A management IP or IPv6 is now required to enable eAPI when default_mgmt_method: oob

Before AVD 6.x, it was possible to enable eAPI without setting mgmt_ip or ipv6_mgmt_ip when the default management method was set to out-of-band (which is the default) default_mgmt_method: oob and management_eapi.vrfs was not set.

Starting AVD 6.0, enabling eAPI when the default management method is set to oob and management_eapi.vrfs is not set will raise an error if neither mgmt_ip nor ipv6_mgmt_ip are defined. Below changes should be noted to migrate to AVD 6.0 without errors.

type: l2leaf

management_eapi:
+ enabled: true # This must be set for management_eapi to take effect.
  enable_https: true

l2leaf:
  nodes:
    - name: management-eapi-host
      id: 1
+     mgmt_ip: 10.10.10.1/8

Removal of setting overlay_rd_type.admin_subfield to router_id on invalid IPv4 address entry

In AVD 5.x, setting invalid ipv4 address in overlay_rd_type.admin_subfield would set the value to router_id ignoring a potential input typo.

Starting AVD 6.0.0, setting invalid ipv4 address in overlay_rd_type.admin_subfield would raise a validation error.

To retain the previous behavior, set the value explicitly in your input variables:

overlay_rd_type:
+ admin_subfield: router_id

New eos_designs schema restrictions

Starting AVD 6.0.0, the following data model keys will have defined restrictions in eos_designs.

Keys	New Restrictions
aaa_settings.accounting.commands.console[].type	required
aaa_settings.accounting.commands.default[].type	required
aaa_settings.accounting.exec.default.type	required
aaa_settings.accounting.system.default.type	required
default_interfaces[].mlag_interfaces_speed	Added valid_values
default_interfaces[].uplink_interface_speed	Added valid_values
<custom_connected_endpoints_keys.key>[].adapters[].speed	Added valid_values
network_ports.[].switches	min_length: 1
"<network_services_keys.name>[].vrfs[].additional_route_targets[].address_family	required
"<network_services_keys.name>[].vrfs[].additional_route_targets[].route_target	required
"<network_services_keys.name>[].vrfs[].additional_route_targets[].type	required
<network_services_keys.name>[].vrfs[].l3_interfaces[].ospf.message_digest_keys[].id	Primary key
<network_services_keys.name>[].vrfs[].l3_port_channels[].member_interfaces[].speed	Added valid_values
<network_services_keys.name>[].vrfs[].l3_port_channels[].ospf.message_digest_keys[].id	Primary key
<network_services_keys.name>[].vrfs[].svis[].ospf.message_digest_keys[].id	Primary key
<network_services_keys.name>[].vrfs[].svis[].nodes[].ospf.message_digest_keys[].id	Primary key
<node_type_keys.key>.defaults.uplink_interface_speed	Added valid_values
<node_type_keys.key>.node_groups.[].nodes.[].uplink_interface_speed	Added valid_values
<node_type_keys.key>.node_groups.[].uplink_interface_speed	Added valid_values
<node_type_keys.key>.nodes.[].uplink_interface_speed	Added valid_values
<node_type_keys.key>.defaults.uplink_switch_interface_speed	Added valid_values
<node_type_keys.key>.node_groups.[].nodes.[].uplink_switch_interface_speed	Added valid_values
<node_type_keys.key>.node_groups.[].uplink_switch_interface_speed	Added valid_values
<node_type_keys.key>.nodes.[].uplink_switch_interface_speed	Added valid_values
<node_type_keys.key>.defaults.mlag_interfaces_speed	Added valid_values
<node_type_keys.key>.node_groups.[].nodes.[].mlag_interfaces_speed	Added valid_values
<node_type_keys.key>.node_groups.[].mlag_interfaces_speed	Added valid_values
<node_type_keys.key>.nodes.[].mlag_interfaces_speed	Added valid_values
<node_type_keys.key>.defaults.l3_interfaces.[].speed	Added valid_values
<node_type_keys.key>.node_groups.[].nodes.[].l3_interfaces.[].speed	Added valid_values
<node_type_keys.key>.node_groups.[].l3_interfaces.[].speed	Added valid_values
<node_type_keys.key>.nodes.[].l3_interfaces.[].speed	Added valid_values
<node_type_keys.key>.defaults.l3_port_channels.[].member_interfaces.[].speed	Added valid_values
<node_type_keys.key>.node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].speed	Added valid_values
<node_type_keys.key>.node_groups.[].l3_port_channels.[].member_interfaces.[].speed	Added valid_values
<node_type_keys.key>.nodes.[].l3_port_channels.[].member_interfaces.[].speed	Added valid_values
p2p_links[].description	min_length: 2, max_length: 2
p2p_links[].interfaces	min_length: 2, max_length: 2
p2p_links[].ip	min_length: 2, max_length: 2
p2p_links[].nodes	min_length: 2, max_length: 2
p2p_links[].speed	Added valid_values
svi_profiles[].ospf.message_digest_keys[].id	Primary key
svi_profiles[].nodes[].ospf.message_digest_keys[].id	Primary key

Removal of default Jinja2 templates for interface_descriptions and ip_addressing in eos_designs

Starting AVD 6.0.0, the default templates for interface_descriptions and ip_addressing are removed from the eos_designs role. Custom templates may still be provided, but the role no longer includes built-in templates.

The removed default templates for ip_addressing are:

- avd-v2-spine-p2p-uplinks-ip.j2
- avd-v2-spine-p2p-uplinks-peer-ip.j2
- mlg-ibgp-peering-ip-primary.j2
- mlg-ibgp-peering-ip-secondary.j2
- mlag-ip-primary.j2
- mlag-ip-secondary.j2
- mlag-l3-ip-primary.j2
- mlag-l3-ip-secondary.j2
- p2p-uplinks-ip.j2
- p2p-uplinks-peer-ip.j2
- router-id-ipv6.j2
- router-id.j2
- vtep-ip-mlag.j2
- vtep-ip.j2

The removed default templates for interface_descriptions are:

- connected_endpoints/ethernet-interfaces.j2
- connected_endpoints/port-channel-interfaces.j2
- loopback_interfaces/overlay-loopback.j2
- loopback_interfaces/vtep-loopback.j2
- mlag/ethernet-interfaces.j2
- mlag/port-channel-interfaces.j2
- underlay/ethernet-interfaces.j2
- underlay/port-channel-interfaces.j2

For migration cases where you must retain legacy logic, copy the required templates from the AVD 5.7 roles/eos_designs/templates into a custom template location and reference them explicitly.

As an example, copy the templates to a directory custom_templates (make sure it is available in the search paths when the Ansible playbook is executing as documented here) and update your input variables as follows:

node_type_keys:
  - key: spine
    type: spine
    ip_addressing:
+     p2p_uplinks_ip: 'custom_templates/ip_addressing/avd-v2-spine-p2p-uplinks-ip.j2'
    interface_descriptions:
+     underlay_ethernet_interfaces: 'custom_templates/interface_descriptions/underlay/ethernet-interfaces.j2'

Removing support for templating of internal switch.* variables in Jinja templates

Starting AVD 6.0.0, Jinja templates will no longer have access to internal AVD variables previously exposed as switch.*. This also applies to inline Jinja templates in the input variables (like host vars, group vars, task vars and play vars).

Examples of variables that can no longer be used:

• {{ switch.id }}
• {{ switch.mgmt_ip }}
• {{ switch.mgmt_interface }}

For custom IP Addressing or Interface Description templates, refer to the documentation for the available variables.

Also refer to the documentation to see all the new models that may resolve the need for inline jinja templating. Several of the new AVD models provide abstractions like default_mgmt_method_ip or default_mgmt_method_vrf, which are intended to remove the need for inline Jinja templating in the input variables.

If there is no alternative available for your current use case, please open a GitHub issue so we can work with you to identify alternatives. Users with a support agreement can contact Arista support to get assistance.

p2p_links now accepts a minimum and maximum of two entries

In AVD 5.0.0, p2p_links list keys nodes, ip, interfaces and descriptions did not have any limitation in size. This was sometimes working but could lead to undefined behavior as all the code was written to work for exactly 2 nodes, in particular when figuring out the peer device.

Starting AVD 6.0.0, the length to all these lists have been restricted to exactly 2 items (min_length: 2 and max_length: 2).

# The same applies for core_interfaces
l3_edge:
  p2p_links:
-   - ip: [10.10.10.0/31, 10.10.10.1/31, 10.10.10.2/31, 10.10.10.3/31]
-     nodes: [peer1, peer2, peer3, peer4]
-     interfaces: [Ethernet1, Ethernet1, Ethernet1, Ethernet1]
-     descriptions: ["Custom description peer1", "Custom description peer2", "Custom description peer3",  "Custom description peer4"]
+   - ip: [10.10.10.0/31, 10.10.10.1/31]
+     nodes: [peer1, peer2]
+     interfaces: [Ethernet1, Ethernet1]
+     descriptions: ["Custom description peer1", "Custom description peer2"]
+   - ip: [10.10.10.2/31, 10.10.10.3/31]
+     nodes: [peer3, peer4]
+     interfaces: [Ethernet1, Ethernet1]
+     descriptions: ["Custom description peer3", "Custom description peer4"]
  p2p_links_profiles:
-   - ip: [10.10.10.0/31, 10.10.10.1/31, 10.10.10.2/31, 10.10.10.3/31]
-     nodes: [peer1, peer2, peer3, peer4]
-     interfaces: [Ethernet1, Ethernet1, Ethernet1, Ethernet1]
-     descriptions: ["Custom description peer1", "Custom description peer2", "Custom description peer3", "Custom description peer4"]
+   - ip: [10.10.10.0/31, 10.10.10.1/31]
+     nodes: [peer1, peer2]
+     interfaces: [Ethernet1, Ethernet1]
+     descriptions: ["Custom description peer1", "Custom description peer2"]
+   - ip: [10.10.10.2/31, 10.10.10.3/31]
+     nodes: [peer3, peer4]
+     interfaces: [Ethernet1, Ethernet1]
+     descriptions: ["Custom description peer3", "Custom description peer4"]

Removed autoconversion of bgp_as from float under node config

In AVD 5.x.x, the bgp_as value under node configuration was automatically converted from a float to a string. This could lead to unintended truncation, for example, 65000.100 being interpreted as 65000.1.

Starting with AVD 6.0.0, this automatic float-to-string conversion has been removed. To use ASDOT notation in YAML inputs, you must enclose the value in quotes (e.g., “65000.100”) to ensure it is treated as a string and not a float.

This change applies to below instances of bgp_as:

• node_type.defaults
• node_type.defaults.evpn_gateway.remote_peers
• node_type.defaults.ipvpn_gateway.remote_peers

node_type:
  defaults:
-   bgp_as: 65000.100
+   bgp_as: "65000.100"
    evpn_gateway:
      remote_peers:
-       bgp_as: 65000.100
+       bgp_as: "65000.100"
    ipvpn_gateway:
      remote_peers:
-       bgp_as: 65000.100
+       bgp_as: "65000.100"

Changing behavior of cv_topology and use_cv_topology

The behavior of cv_topology and use_cv_topology has been changed in the following areas:

• use_cv_topology: true now requires cv_topology_levels to describe the relationships between devices of each node type, instead of relying on default_interfaces to infer this.
• MLAG peer interfaces are now set to all interfaces towards the MLAG peer.
• use_cv_topology: true can no longer be combined with manually setting uplink_interfaces, uplink_switches, uplink_switch_interfaces or mlag_interfaces.

use_cv_topology: true
+cv_topology_levels:
+  - type: super-spine
+    level: 1
+  - type: spine
+    level: 2
+  - type: l3leaf
+    level: 3
+  - type: l2leaf
+    level: 4
+  - type: overlay-controller
+    level: 5
-default_interfaces:
-  <...>
cv_topology:
  <...>

See the documentation for cv_topology for details on the new behavior.

Fixed IP extended community list and route map for EVPN-SOO

In AVD 6.0, when vtep_loopback is set to Loopback0, the IP extended community list and route map for EVPN SOO is corrected to use the Loopback0 IP address.

Change of default behavior for evpn_prevent_readvertise_to_server

In AVD 5.x.x, enabling evpn_prevent_readvertise_to_server would configure an outbound route-map towards EVPN route-servers that would filter out BGP updates learned directly from the ASN of the route-server. This approach would not filter out routes learned via any other peer, even if they had the route-server’s ASN in the AS-path.

As of AVD 6.0.0, the new key evpn_prevent_readvertise_to_server_mode was introduced to control the mode of matching specific routes to be filtered out. The new default mode as_path_acl now relies on the route-map with as-path access-list to filter out BGP updates with the route-server ASN anywhere in the AS-path.

To retain the previous behavior when enabling evpn_prevent_readvertise_to_server, the following change is required:

+ evpn_prevent_readvertise_to_server_mode: source_peer_asn

vtep_diagnostic change of default behavior for loopback_ip_pools, loopback_ip_range and loopback_ipv6_range under network services

In AVD 5.x.x, loopback_ip_range for IPv4 and loopback_ipv6_range for IPv6 take precedence over loopback_ip_pools under vtep_diagnostic under network services.

As of AVD 6.0.0, if the POD name defined for a device is matching an entry under loopback_ip_pools, this entry will take precedence over loopback_ip_range for IPv4 and loopback_ipv6_range for IPV6.

To retain the previous behavior remove the pool under loopback_ip_pools where pod is matching pod_name.

  pod_name: TENANT_NETWORKS_POD
  tenants:
    - name: Tenant_X
      mac_vrf_vni_base: 11000
      vrfs:
        - name: VRF_with_loopback_ip_pools
          vrf_id: 22
          vtep_diagnostic:
            loopback: 200
            loopback_ip_pools:
-             - pod: TENANT_NETWORKS_POD
-               ipv4_pool: 10.101.102.0/24
-               ipv6_pool: 2001:db8:1::-2001:db8:1:7fff::
              - pod: OTHER_POD
                ipv4_pool: 10.101.103.0/24
            loopback_ip_range: 10.255.1.0/24
            loopback_ipv6_range: 2001:db8:1::-2001:db8:1:7fff::

Changes in local user structured configuration for no_password and disabled

In AVD 5.x.x, no_password: true was always rendered in the structured configuration even if sha512_password was set, and even if disabled: true was configured for a local user, all other fields were still rendered in the structured configuration.

Starting AVD 6.0, if sha512_password or cleartext_password is set, no_password is not rendered in the structured configuration, and if disabled: true is configured for a local user, other fields are not rendered in the structured configuration.

Changes in validation requirements for CV Pathfinder WAN routers

In AVD 5.x.x, WAN routers operating in cv_pathfinder mode could be configured without defining wan_route_servers, which could result in incomplete or invalid configurations.

Starting AVD 6.0, wan_route_servers must be configured for WAN routers operating in cv_pathfinder mode. If wan_route_servers is not defined, AVD will raise a validation error, as this configuration is required for proper CV Pathfinder operation.

+ wan_route_servers:
+  - hostname: uplink_lan_wan_router1

Change in default feature support of bgp_update_wait_install on DCS-7358X4

In previous versions of AVD, the value of bgp_update_wait_install was set to false by default. In AVD 6.0.0 this is now set to true by default.

Change in default value of maximum-routes for underlay bgp peer groups

In previous versions of AVD, the value of maximum_routes for underlay bgp_peer_groups was hardcoded to 12000 by default.

Starting AVD 6.0, new knobs bgp_peer_groups.ipv4_underlay_peers.maximum_routes, bgp_peer_groups.mlag_ipv4_underlay_peer.maximum_routes and bgp_peer_groups.mlag_ipv4_vrfs_peer.maximum_routes are introduced for setting maximum_routes, with a default value of 256000.

To retain the previous behavior, maximum_routes can be set to 12000 under bgp_peer_groups.ipv4_underlay_peers.maximum_routes, bgp_peer_groups.mlag_ipv4_underlay_peer.maximum_routes and bgp_peer_groups.mlag_ipv4_vrfs_peer.maximum_routes for the particular peer-group.

bgp_peer_groups:
  ipv4_underlay_peers:
+   maximum_routes: 12000
  mlag_ipv4_underlay_peer:
+   maximum_routes: 12000
  mlag_ipv4_vrfs_peer:
+   maximum_routes: 12000

Changes in validation requirements for CloudVision clusters

In AVD 5.x.x, CloudVision clusters could be configured without enforcing the presence of NTP or DNS settings, even when servers were defined using DNS names.

Starting AVD 6.0, additional validation is enforced when CloudVision clusters (on-prem or CVaaS) are configured:

• ntp_settings.servers must be configured whenever any CloudVision cluster cv_settings.cvaas.clusters[] or cv_settings.onprem_clusters[].servers[] are defined.
• dns_settings.servers must be configured when CVaaS clusters cv_settings.cvaas.clusters[] are defined.
• dns_settings.servers must be configured for on-prem clusters if any server under cv_settings.onprem_clusters[].servers[].name is specified using a DNS name.

These validations ensure that required infrastructure dependencies are explicitly configured when deploying CloudVision clusters.

New 802.1X configuration model

In AVD 6.0.0, 802.1X configuration is consolidated into the new dot1x_settings data model. This replaces the dot1x keys in aaa_settings and the need for custom_structured_configuration.

The new model enforces strict validation (802.1X RADIUS groups must be defined in aaa_settings) and automatically handles best practices like redistributing 802.1X-learned MACs into EVPN.

To migrate:

1. Remove manual BGP redistribution from your custom configuration, as dot1x_settings.redistribute_in_evpn handles this automatically.

2. Remove dot1x custom structured configuration (e.g., system_auth_control, dynamic_authorization) that is now covered by dot1x_settings.

3. Remove relevant dot1x keys from aaa_settings (authentication, accounting, authorization), as these keys have been removed from the schema.

Tip

dot1x_settings is an abstraction. It is recommended to remove your existing dot1x custom structured configuration, generate the configuration using dot1x_settings, and review the output. You can then re-apply custom configuration for any advanced settings not covered by the new model.

aaa_settings:
  radius:
    servers:
      - host: radius.example.com
        groups: [ radius-server-group ]
        cleartext_key: super-secret-key
      - host: coa.radius.example.com
        groups: [ coa-server-group ]
        cleartext_key: super-secret-key

- authentication:
-   dot1x:
-     default: group radius-server-group
- accounting:
-   dot1x:
-     default:
-       type: start-stop
-       methods:
-         - method: group
-           multicast: true
-           group: radius-server-group
-         - method: logging
- authorization:
-   dynamic:
-     dot1x_additional_groups: [ coa-server-group ]

- custom_structured_configuration_dot1x:
-   system_auth_control: true
-   protocol_bpdu_bypass: true
-   protocol_lldp_bypass: true
-   dynamic_authorization: true
-   radius_av_pair_username_format:
-     delimiter: none
-     mac_string_case: lowercase
-   radius_av_pair:
-     service_type: true

+ dot1x_settings:
+   enabled: true
+   authentication:
+     radius_groups: [ radius-server-group ]
+   accounting:
+     radius_groups: [ radius-server-group ]
+     multicast: true
+     syslog: true
+   dynamic_authorization:
+     additional_groups: [ coa-server-group ]
+   mac_based_authentication:
+     username_format:
+     delimiter: colon
+     letter_case: uppercase
+   radius_av_pairs:
+     service_type: true
+   # The following settings are enabled by default in dot1x_settings
+   # bypass_bpdu: true
+   # bypass_lldp: true
+   # redistribute_in_evpn: true

Changes to role arista.avd.eos_cli_config_gen

Removal of deprecated eos_cli_config_gen data models

The following data model keys have been removed from eos_cli_config_gen in AVD 6.0.0.

Removed key	New key
vxlan_interface.Vxlan1	vxlan_interface.vxlan1
aaa_accounting.exec.console.group	aaa_accounting.exec.console.methods[].group
aaa_accounting.exec.console.logging	aaa_accounting.exec.console.methods[].method
aaa_accounting.exec.default.group	aaa_accounting.exec.default.methods[].group
aaa_accounting.exec.default.logging	aaa_accounting.exec.default.methods[].method
aaa_accounting.system.default.group	aaa_accounting.system.default.methods[].group
aaa_accounting.dot1x.default.group	aaa_accounting.dot1x.default.methods[].group
aaa_accounting.commands[].console[].group	aaa_accounting.commands[].console[].methods[].group
aaa_accounting.commands[].console[].logging	aaa_accounting.commands[].console[].methods[].method
aaa_accounting.commands[].default[].group	aaa_accounting.commands[].default[].methods[].group
aaa_accounting.commands[].default[].logging	aaa_accounting.commands[].default[].methods[].method
community_lists	ip_community_lists
dhcp_servers.subnets	dhcp_servers.ipv4_subnets or dhcp_servers.ipv6_subnets
ethernet_interfaces[].peer_interface	ethernet_interfaces[].metadata.peer_interface
ethernet_interfaces[].peer_type	ethernet_interfaces[].metadata.peer_type
ethernet_interfaces[].peer	ethernet_interfaces[].metadata.peer
ethernet_interfaces[].port_porfile	ethernet_interfaces[].metadata.port_porfile
ethernet_interfaces[].peer_key	ethernet_interfaces[].metadata.peer_key
ethernet_interfaces[].vlans	ethernet_interfaces[].switchport.access_vlan or switchport.trunk.allowed_vlan
ethernet_interfaces[].native_vlan	ethernet_interfaces[].switchport.trunk.native_vlan
ethernet_interfaces[].native_vlan_tag	ethernet_interfaces[].switchport.trunk.native_vlan_tag
ethernet_interfaces[].mode	ethernet_interfaces[].switchport.mode
ethernet_interfaces[].phone	ethernet_interfaces[].switchport.phone
ethernet_interfaces[].trunk_groups	ethernet_interfaces[].switchport.trunk.groups
ethernet_interfaces[].type	-
ethernet_interfaces[].encapsulation_dot1q_vlan	ethernet_interfaces[].encapsulation_dot1q.vlan
ethernet_interfaces[].encapsulation_vlan.client.dot1q	ethernet_interfaces[].encapsulation_vlan.client.encapsulation
ethernet_interfaces[].encapsulation_vlan.client.unmatched	ethernet_interfaces[].encapsulation_vlan.client.encapsulation
ethernet_interfaces[].encapsulation_vlan.network.dot1q	ethernet_interfaces[].encapsulation_vlan.network.encapsulation
ethernet_interfaces[].encapsulation_vlan.network.client	ethernet_interfaces[].encapsulation_vlan.network.encapsulation
ethernet_interfaces[].tcp_mss_ceiling.ipv4_segment_size	ethernet_interfaces[].tcp_mss_ceiling.ipv4
ethernet_interfaces[].tcp_mss_ceiling.ipv6_segment_size	ethernet_interfaces[].tcp_mss_ceiling.ipv6
ethernet_interfaces[].isis_authentication_mode	ethernet_interfaces[].isis_authentication.both.mode or ethernet_interfaces[].isis_authentication.level_1.mode or ethernet_interfaces[].isis_authentication.level_2.mode
ethernet_interfaces[].isis_authentication_key	ethernet_interfaces[].isis_authentication.both.key or ethernet_interfaces[].isis_authentication.level_1.key or ethernet_interfaces[].isis_authentication.level_2.key
ethernet_interfaces[].trunk_private_vlan_secondary	ethernet_interfaces[].switchport.trunk.private_vlan_secondary
ethernet_interfaces[].pvlan_mapping	ethernet_interfaces[].switchport.pvlan_mapping
ethernet_interfaces[].validate_lldp	ethernet_interfaces[].metadata.validate_lldp
ethernet_interfaces[].validate_state	ethernet_interfaces[].metadata.validate_state
ethernet_interfaces[].vlan_translations	ethernet_interfaces[].switchport.vlan_translations
ethernet_interfaces[].vrrp_ids[].ipv6.address	ethernet_interfaces[].vrrp_ids[].ipv6.addresses
ethernet_interfaces[].traffic_engineering.srlg	ethernet_interfaces[].traffic_engineering.srlgs
flow_tracking.trackers[].exporters[].collector	flow_tracking.trackers[].exporters[].collectors
generate_default_config	-
generate_device_documentation	eos_cli_config_gen_documentation.enable
ip_ftp_client_source_interfaces	ip_ftp_client
ip_http_client_source_interfaces	ip_http_client
ip_name_servers	ip_name_server
ip_name_server_groups[].ip_domain_list	ip_name_server_groups[].ip_domain_lists
ip_ssh_client_source_interfaces	ip_ssh_client
ip_telnet_client_source_interfaces	ip_telnet_client
ip_tftp_client_source_interfaces	ip_tftp_client
ipv6_static_routes[].destination_address_prefix	ipv6_static_routes[].prefix
ipv6_static_routes[].gateway	ipv6_static_routes[].next_hop
is_deployed	metadata.is_deployed
local_users	aaa_settings.local_users
management_api_models.providers	management_api_models.provider
management_ssh.access_groups	management_ssh.ip_access_group_in or management_ssh.vrfs.ip_access_group_in
management_ssh.ipv6_access_groups	management_ssh.ipv6_access_group_in or management_ssh.vrfs.ipv6_access_group_in
ntp.servers[].vrf	ntp.vrf
port_channel_interfaces[].peer_interface	port_channel_interfaces[].metadata.peer_interface
port_channel_interfaces[].peer_type	port_channel_interfaces[].metadata.peer_type
port_channel_interfaces[].peer	port_channel_interfaces[].metadata.peer
port_channel_interfaces[].peer_key	port_channel_interfaces[].metadata.peer_key
port_channel_interfaces[].encapsulation_dot1q_vlan	port_channel_interfaces[].encapsulation_dot1q.vlan
port_channel_interfaces[].encapsulation_vlan.client.dot1q	port_channel_interfaces[].encapsulation_vlan.client.encapsulation
port_channel_interfaces[].encapsulation_vlan.client.unmatched	port_channel_interfaces[].encapsulation_vlan.client.encapsulation
port_channel_interfaces[].encapsulation_vlan.network.client	port_channel_interfaces[].encapsulation_vlan.network.encapsulation
port_channel_interfaces[].encapsulation_vlan.network.dot1q	port_channel_interfaces[].encapsulation_vlan.network.encapsulation
port_channel_interfaces[].isis_authentication_key	port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key
port_channel_interfaces[].isis_authentication_mode	port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode
port_channel_interfaces[].mode	port_channel_interfaces[].switchport.mode
port_channel_interfaces[].native_vlan	port_channel_interfaces[].switchport.trunk.native_vlan
port_channel_interfaces[].native_vlan_tag	port_channel_interfaces[].switchport.trunk.native_vlan_tag
port_channel_interfaces[].phone	port_channel_interfaces[].switchport.phone
port_channel_interfaces[].pvlan_mapping	port_channel_interfaces[].switchport.pvlan_mapping
port_channel_interfaces[].traffic_engineering.srlg	port_channel_interfaces[].traffic_engineering.srlgs
port_channel_interfaces[].trunk_groups	port_channel_interfaces[].switchport.trunk.groups
port_channel_interfaces[].trunk_private_vlan_secondary	port_channel_interfaces[].switchport.trunk.private_vlan_secondary
port_channel_interfaces[].type	-
port_channel_interfaces[].validate_lldp	port_channel_interfaces[].metadata.validate_lldp
port_channel_interfaces[].validate_state	port_channel_interfaces[].metadata.validate_state
port_channel_interfaces[].vlans	port_channel_interfaces[].switchport.access_vlan or switchport.trunk.allowed_vlan
port_channel_interfaces[].vlan_translations	port_channel_interfaces[].switchport.vlan_translations
router_bgp.address_family_evpn.bgp_additional_paths	router_bgp.address_family_evpn.bgp.additional_paths
router_bgp.address_family_ipv4.redistribute_routes	router_bgp.address_family_ipv4.redistribute
router_bgp.address_family_ipv4_multicast.redistribute_routes	router_bgp.address_family_ipv4_multicast.redistribute
router_bgp.address_family_ipv6.redistribute_routes	router_bgp.address_family_ipv6.redistribute
router_bgp.address_family_ipv6_multicast.redistribute_routes	router_bgp.address_family_ipv6_multicast.redistribute
router_bgp.peer_groups[].type	router_bgp.peer_groups[].metadata.type
router_bgp.neighbors[].peer	router_bgp.neighbors[].metadata.peer
router_bgp.neighbor_interfaces[].peer	router_bgp.neighbor_interfaces[].metadata.peer
router_bgp.redistribute_routes	router_bgp.redistribute
router_bgp.vlan_aware_bundles[].description	router_bgp.vlan_aware_bundles[].metadata.description
router_bgp.vlan_aware_bundles[].tenant	router_bgp.vlan_aware_bundles[].metadata.tenants
router_bgp.vlans[].tenant	router_bgp.vlans[].metadata.tenants
router_bgp.vrfs[].address_family_ipv4.redistribute_routes	router_bgp.vrfs[].address_family_ipv4.redistribute
router_bgp.vrfs[].address_family_ipv6.redistribute_routes	router_bgp.vrfs[].address_family_ipv6.redistribute
router_bgp.vrfs[].address_family_ipv4_multicast.redistribute_routes	router_bgp.vrfs[].address_family_ipv4_multicast.redistribute
router_bgp.vrfs[].address_family_ipv6_multicast.redistribute_routes	router_bgp.vrfs[].address_family_ipv6_multicast.redistribute
router_path_selection.tcp_mss_ceiling.ipv4_segment_size	router_path_selection.tcp_mss_ceiling.ipv4
serial_number	metadata.serial_number
static_routes[].destination_address_prefix	static_routes[].prefix
static_routes[].gateway	static_routes[].next_hop
vlan_interfaces[].ipv6_ospf_area	vlan_interfaces[].ipv6_ospf.process.area
vlan_interfaces[].ipv6_ospf_network_point_to_point	vlan_interfaces[].ipv6_ospf.network_point_to_point
vlan_interfaces[].tags	vlan_interfaces[].metadata.tags
vlan_interfaces[].tenant	vlan_interfaces[].metadata.tenants
vlan_interfaces[].type	vlan_interfaces[].metadata.type
vlan_interfaces[].vrrp_ids[].ipv6.address	vlan_interfaces[].vrrp_ids[].ipv6.addresses
vlans[].tenant	vlans[].metadata.tenants
vrfs[].tenant	vrfs[].metadata.tenants

CLI configuration order changes

Starting with AVD 6.0.0, CLI configuration ordering follows EOS 4.35.0F. As a result, the generated configuration files may show ordering differences compared to AVD 5.x.

Data-models changed to handle VRF entries

Old data-model	New data-model
ip_ftp_client_source_interfaces	ip_ftp_client
ip_http_client_source_interfaces	ip_http_client
ip_name_servers	ip_name_server
ip_ssh_client_source_interfaces	ip_ssh_client
ip_telnet_client_source_interfaces	ip_telnet_client
ip_tftp_client_source_interfaces	ip_tftp_client
radius_server.hosts	radius_server.vrfs and radius_server.servers

IP FTP client source interface data model changed from ip_ftp_client_source_interfaces to ip_ftp_client

In AVD 5.x, the data model ip_ftp_client_source_interfaces could generate multiple ip ftp client commands using the same source interface in different VRFs.

Starting with AVD 6.0.0, ip_ftp_client_source_interfaces has been replaced by ip_ftp_client, where the VRF is now the primary key. As a result, only one unique ip ftp client command is rendered per VRF.

- ip_ftp_client_source_interfaces
-   - name: Management0
-     vrf: MGMT
-   - name: Loopback0
-     vrf: default
+ ip_ftp_client:
+   source_interface: Loopback0
+   vrfs:
+     - name: MGMT
+       source_interface: Management0

IP HTTP client source interface data model changed from ip_http_client_source_interfaces to ip_http_client

In AVD 5.x, the data model ip_http_client_source_interfaces could generate multiple ip http client commands using the same source interface in different VRFs.

Starting with AVD 6.0.0, ip_http_client_source_interfaces has been replaced by ip_http_client, where only one unique ip http client command is rendered per VRF.

- ip_http_client_source_interfaces
-   - name: Management1
-   - name: Vlan4092
-     vrf: INBANDMGMT
+ ip_http_client:
+   source_interface: Management1
+   vrfs:
+     - name: INBANDMGMT
+       source_interface: Vlan4092

ip_name_servers data model is replaced by the new ip_name_server data model

In AVD 5.x, the data model ip_name_servers needed multiple entries for same VRF with multiple domain ip addresses.

Starting with AVD 6.0.0, ip_name_servers has been replaced with ip_name_server data-model, where the VRF name is now the primary key with servers.ip_address list to handle multiple ip addresses.

- ip_name_servers:
-  - ip_address: 8.8.8.8
-    vrf: MGMT
-  - ip_address: 2.2.2.2
-    vrf: MGMT

+ ip_name_server:
+   vrfs:
+     - name: MGMT
+       servers:
+         - ip_address: 8.8.8.8
+         - ip_address: 2.2.2.2

#### IP SSH client source interface data model changed from `ip_ssh_client_source_interfaces` to `ip_ssh_client`

In AVD 5.x, the data model `ip_ssh_client_source_interfaces` could generate multiple ip ssh client commands using the same source interface in different VRFs.

Starting with AVD 6.0.0, `ip_ssh_client_source_interfaces` has been replaced by `ip_ssh_client`, where only one unique ip ssh client command is rendered per VRF.

```diff
- ip_ssh_client_source_interfaces
-   - name: Management1
-   - name: Vlan4092
-     vrf: INBANDMGMT
+ ip_ssh_client:
+   source_interface: Management1
+   vrfs:
+     - name: INBANDMGMT
+       source_interface: Vlan4092

IP Telnet client source interface data model changed from ip_telnet_client_source_interfaces to ip_telnet_client

In AVD 5.x, the data model ip_telnet_client_source_interfaces could generate multiple ip telnet client commands using the same source interface in different VRFs.

Starting with AVD 6.0.0, ip_telnet_client_source_interfaces has been replaced by ip_telnet_client, where the VRF is now the primary key. As a result, only one unique ip telnet client command is rendered per VRF.

- ip_telnet_client_source_interfaces
-   - name: Management0
-     vrf: MGMT
-   - name: Loopback0
-     vrf: default
+ ip_telnet_client:
+   source_interface: Loopback0
+   vrfs:
+     - source_interface: Management0
+       name: MGMT

IP TFTP client source interface data model changed from ip_tftp_client_source_interfaces to ip_tftp_client

In AVD 5.x, the data model ip_tftp_client_source_interfaces could generate multiple ip tftp client commands using the same source interface in different VRFs.

Starting with AVD 6.0.0, ip_tftp_client_source_interfaces has been replaced by ip_tftp_client, where the VRF is now the primary key. As a result, only one unique ip tftp client command is rendered per VRF.

- ip_tftp_client_source_interfaces
-   - name: Management0
-     vrf: MGMT
-   - name: Loopback0
-     vrf: default
+ ip_tftp_client:
+   source_interface: Loopback0
+   vrfs:
+     - source_interface: Management0
+       name: MGMT

radius_server data-model is updated to handle the vrfs

In AVD 5.x, the data model radius_server.hosts could generate a single command using the same VRF for a particular host.

Starting with AVD 6.0.0, radius_server.hosts is used to generate the configs for default vrf and a new key radius_server.vrfs is introduced to generate configs for non-defualt vrfs, where the VRF name is the primary key, under which multiple hosts can be configured.

radius_server:
-  hosts:
-    - host: 10.10.10.157
-      vrf: mgmt
-      key: 071B245F5A
-    - host: 10.10.11.156
-      vrf: default
-      timeout: 1
-      retransmit: 1
-      key: 071B245F5A
-      tls:
-        enabled: true
-        port: 1700
-    - host: 10.10.10.156
-      vrf: default
-      timeout: 30
-      retransmit: 20
-      key: 071B245F5b
-    - host: 10.10.11.159
-      vrf: mgmt
-      retransmit: 1
-      key: 071B245F5A
+  servers:
+    - host: 10.10.11.156
+      timeout: 1
+      retransmit: 1
+      key: 071B245F5A
+      tls:
+        enabled: true
+        port: 1700
+    - host: 10.10.10.156
+      key: 071B245F5b
+      timeout: 30
+      retransmit: 20
+  vrfs:
+    - name: mgmt
+      servers:
+        - host: 10.10.10.157
+          key: 071B245F5A
+        - host: 10.10.11.159
+          retransmit: 1
+          key: 071B245F5A

### `dhcp_servers.subnets` is replaced with `dhcp_servers.ipv4_subnets` and `dhcp_servers.ipv6_subnets`

In AVD 5.x, the key `dhcp_servers.subnets` was used to define both IPv4 and IPv6 DHCP subnets under a single list.

Starting AVD 6.0.0, this key has been **removed** and replaced with two separate keys for clarity and protocol distinction:

- `dhcp_servers.ipv4_subnets` for IPv4 DHCP subnets
- `dhcp_servers.ipv6_subnets` for IPv6 DHCP subnets

```diff
  dhcp_servers:
-   subnets:
-     - subnet: 192.168.1.0/24
-       default_gateway: 192.168.1.1
-     - subnet: 2001:db8::/64
-       default_gateway: 2001:db8::1
+   ipv4_subnets:
+     - subnet: 192.168.1.0/24
+       default_gateway: 192.168.1.1
+   ipv6_subnets:
+     - subnet: 2001:db8::/64
+       default_gateway: 2001:db8::1

Traffic policy named counters must now be explicitly defined under traffic_policies.policies[].counters

In AVD 5.0.0, named counters were generated automatically based on the traffic_policies.policies[].matches[].actions[].count key.

Starting AVD 6.0.0, this automatic generation has been removed. All named counters must be defined under the new traffic_policies.policies[].counters key.

  traffic_policies:
    policies:
      - name: BLUE-C1-POLICY
+       counters:
+         - DEMO-TRAFFIC
        matches:
          - name: BLUE-C2-POLICY-01
            actions:
              count: DEMO-TRAFFIC

errdisable.recovery.causes is now a list of dictionaries

In AVD 5.x, errdisable.recovery.causes was modeled as a list of strings.

As of AVD 6.0.0, this data model has been updated to a list of dictionaries to allow configuring a recovery interval for each cause.

The diff below shows an example on how to update your inputs to match the new data model:

errdisable:
  recovery:
-   causes: [bpduguard, tapagg]
+   causes:
+     - name: bpduguard
+     - name: tapagg

ntp.servers[].vrf moved to ntp.vrf since all NTP servers must use the same VRF

In AVD 5.x, the VRF for NTP servers was defined individually under ntp.servers[].vrf.

Starting with AVD 6.0.0, because in EOS all NTP servers must be in the same VRF, ntp.servers[].vrf has been replaced by ntp.vrf to avoid misconfigurations.

ntp:
+ vrf: VRF1
  servers:
    - name: 2.2.2.55
-     vrf: VRF1

Updated the IPv6 OSPF data model for VLAN interfaces to support Process ID

In AVD 5.x, IPv6 OSPF area on VLAN interfaces was configured using the key ipv6_ospf_area. This structure did not allow the definition of the OSPF Process ID, which could result in incomplete or incorrect EOS commands being generated. Additionally, the interface network type was configured using the standalone key ipv6_ospf_network_point_to_point.

Starting with AVD 6.0, ipv6_ospf_area has been replaced by the dictionary ipv6_ospf.process.area. This change allows defining both the Process ID and area explicitly. The interface network type configuration has also been moved under the same dictionary as network_point_to_point. These changes ensure the correct EOS command ipv6 ospf <process-id> area <area-id> is generated and keep all IPv6 OSPF related settings grouped together.

vlan_interfaces:
  - name: Vlan11
    ipv6_enable: true
-   ipv6_ospf_network_point_to_point: true
-   ipv6_ospf_area: 0.0.0.0
+   ipv6_ospf:
+     process:
+       id: 100
+       area: 0.0.0.0
+     network_point_to_point: true

ip_dhcp_snooping.information_option.enabled is not a required key

In AVD 5.x, the value of ip_dhcp_snooping.information_option.enabled was implicitly required as true to configure ‘ip dhcp snooping information option circuit-id type xx format xx’ command.

In AVD 6.0.0, this command can be configured without setting ip_dhcp_snooping.information_option.enabled as shown below.

ip_dhcp_snooping:
  information_option:
#   enabled: true
    circuit_id_type: 1
    circuit_id_option: %p:%v

dynamic_prefix_lists[].match_map is not required anymore

In AVD 5.x, the value of dynamic_prefix_lists[].match_map was implicitly required to configure ‘dynamic prefix-list {{ dynamic_prefix_lists[].name }}’ command.

In AVD 6.0.0, this command can be configured without setting dynamic_prefix_lists[].match_map as shown below.

dynamic_prefix_lists:
  - name: DYNAMIC_PREFIX_LIST_NAME_3
#   match_map: Test_2
    prefix_list:
      ipv4: IPV4_PREFIX_LIST
      ipv6: IPV6_PREFIX_LIST

no-drop is no longer a valid value for priority_flow_control.watchdog.action

In AVD 5.x, the valid values for priority_flow_control.watchdog.action were drop and no-drop.

Starting AVD 6.0.0, no-drop has been removed from the valid values for priority_flow_control.watchdog.action, as it is not supported by EOS. The valid values are now drop, errdisable, and notify-only.

router_isis.set_overload_bit.enabled is now required to generate the configuration and documentation for ISIS Overload Bit configurations

AVD 5.0.0 generated the ISIS set_overload_bit configuration and documentation independently of the router_isis.set_overload_bit.enabled key and allowed both set-overload-bit (permanent) and set-overload-bit on-startup to be rendered simultaneously in the configuration.

As of AVD 6.0.0, router_isis.set_overload_bit.enabled must be set to generate the configuration and documentation for router_isis.set_overload_bit and set-overload-bit on-startup command gets precedence in the configuration.

 router_isis:
   set_overload_bit:
+    enabled: true
     on_startup:
       wait_for_bgp:
         enabled: true

Changes to the roles[].sequence_numbers data model

As of AVD 6.0.0, roles[].sequence_numbers[].sequence, roles[].sequence_numbers[].action and roles[].sequence_numbers[].command must be set to generate the configuration and documentation for role configurations.

 roles:
   - name: NMYROLE
     sequence_numbers:
-      - action: permit
+      - sequence: 10
+        action: permit
         command: "show running-config"
-      - action: deny
+      - sequence: 20
+        action: deny
         command: "show interfaces description"

New eos_cli_config_gen schema restrictions

Starting AVD 6.0.0, the following data model keys will have defined restrictions in eos_cli_config_gen.

Keys	Restrictions
aaa_accounting.commands.console[].type	required
aaa_accounting.commands.default[].type	required
aaa_accounting.dot1x.default.type	required
aaa_accounting.exec.default.type	required
aaa_accounting.system.default.type	required
dhcp_servers[].ipv4_vendor_options	min_length: 1
ethernet_interfaces[].ipv6_dhcp_relay_destinations[].address	required but not unique
ethernet_interfaces[].link_tracking.direction	required
ethernet_interfaces[].link_tracking.groups	required, min_length: 1
ethernet_interfaces[].link_tracking_groups[].direction	required
ethernet_interfaces[].speed	Added valid_values
management_interfaces[].speed	Added valid_values
management_security.ssl_profiles[].name	primary key
port_channel_interfaces[].link_tracking.direction	required
port_channel_interfaces[].link_tracking.groups	required, min_length: 1
port_channel_interfaces[].link_tracking_groups[].direction	required
port_channel_interfaces[].switchport.port_security.vlans[].mac_address_maximum	required
roles[].sequence_numbers[].sequence	primary
roles[].sequence_numbers[].action	required
roles[].sequence_numbers[].command	required
router_adaptive_virtual_topology.vrfs[].profiles[].name	primary
router_adaptive_virtual_topology.vrfs[].profiles[].id	required
router_general.vrfs[].leak_routes[].source_vrf	required
router_isis.segment_routing_mpls.prefix_segments[].prefix	primary key
router_isis.set_overload_bit.enabled	required

Changes to role arista.avd.anta_runner

The role variable anta_report_hide_statuses has been renamed to anta_report_exclude_statuses for clarity

vars:
-  anta_report_hide_statuses: [ "success" ]
+  anta_report_exclude_statuses: [ "success" ]

The role variable avd_catalogs_allow_bgp_vrfs has been removed

BGP peer verification within VRFs is now configured in eos_designs via the <network_services_keys.name>[].vrfs[].validate_bgp_peers key. Enabling this generates the structured configuration metadata required by anta_runner to generate and run BGP tests for the configured peers in that specific VRF.

  - name: Run ANTA
    hosts: GLOBAL
    connection: local
    gather_facts: false
    tasks:
      - name: Run ANTA on EOS devices
        import_role:
          name: arista.avd.anta_runner
        vars:
          avd_catalogs_enabled: true
-         avd_catalogs_allow_bgp_vrfs: true

Example of using the <network_services_keys.name>[].vrfs[].validate_bgp_peers key in the eos_designs network services data model:

tenants:
  - name: TENANT1
    mac_vrf_vni_base: 10000
    vrfs:
      - name: VRF10
        vrf_vni: 10
        # This will validate configured BGP peers in VRF10.
+       validate_bgp_peers: true

Execution of user-defined catalogs stored in user_catalogs_dir is now disabled by default

Enable the execution of custom tests by explicitly setting user_catalogs_enabled: true.

  - name: Run ANTA
    hosts: FABRIC
    connection: local
    gather_facts: false
    tasks:
      - name: Run ANTA on EOS devices
        import_role:
          name: arista.avd.anta_runner
      vars:
+      user_catalogs_enabled: true

Changes to PyAVD

Changes to pyavd.get_device_test_catalog

In AVD 6.0.0, pyavd.get_device_test_catalog has undergone a few changes to improve maintainability.

1. Updated Function Signature

The function now accepts an AvdFabricData dataclass instance instead of a dictionary for the minimal_structured_configs argument. The argument name has changed to fabric_data for clarity.

  def get_device_test_catalog(
      hostname: str,
      structured_config: dict,
-     minimal_structured_configs: dict[str, MinimalStructuredConfig],
+     fabric_data: AvdFabricData,
      settings: AvdCatalogGenerationSettings | None = None,
  ) -> AntaCatalog

Action Required: Update your code to convert structured configurations into AvdFabricData before calling the function.

  from pyavd import get_device_test_catalog
- from pyavd.api._anta import get_minimal_structured_configs
+ from pyavd.api._anta import AvdFabricData

  structured_configs = {
      "DC1-LEAF1A": {"hostname": "DC1-LEAF1A"},
      "DC1-LEAF1B": {"hostname": "DC1-LEAF1B"}
  }

- minimal_structured_configs = get_minimal_structured_configs(structured_configs)
+ fabric_data = AvdFabricData.from_structured_configs(structured_configs)

+ anta_catalog = get_device_test_catalog(
+     hostname="DC1-LEAF1A",
+     structured_config=structured_configs["DC1-LEAF1A"],
-     minimal_structured_configs=minimal_structured_configs
+     fabric_data=fabric_data
+ )

2. Removal of ignored_is_deployed Setting

The AvdCatalogGenerationSettings.ignored_is_deployed attribute has been removed.

• AVD 5.x: The function checked metadata.is_deployed inside the structured config. If False, it returned an empty catalog unless ignored_is_deployed was set to True.
• AVD 6.0.0: The function always generates a catalog, ignoring the metadata.is_deployed key.

Action Required: The caller is now responsible for checking the is_deployed status before requesting a catalog.

  from pyavd import get_device_test_catalog
  from pyavd.api._anta import AvdFabricData

  dc1_leaf1a_structured_config = {"hostname": "DC1-LEAF1A", "metadata": {"is_deployed": False}}

  structured_configs = {"DC1-LEAF1A": dc1_leaf1a_structured_config}
  fabric_data = AvdFabricData.from_structured_configs(structured_configs)

- anta_catalog = get_device_test_catalog(hostname="DC1-LEAF1A", structured_config=dc1_leaf1a_structured_config, fabric_data=fabric_data)
+ is_deployed = dc1_leaf1a_structured_config.get("metadata", {}).get("is_deployed", True) is True
+ if is_deployed:
+     anta_catalog = get_device_test_catalog(hostname="DC1-LEAF1A", structured_config=dc1_leaf1a_structured_config, fabric_data=fabric_data)

3. Removal of input_factory_settings Setting

The AvdCatalogGenerationSettings.input_factory_settings attribute, previously used to globally enable BGP validation for VRF peers, has been removed. Control has moved to the device structured configuration.

Action Required: Instead of passing InputFactorySettings(allow_bgp_vrfs=True), you must now set metadata.validate_state to True on specific BGP neighbors or neighbor interfaces (RFC5549) within the structured configuration.

  from pyavd import get_device_test_catalog
- from pyavd.api._anta import AvdCatalogGenerationSettings, AvdFabricData, InputFactorySettings
+ from pyavd.api._anta import AvdCatalogGenerationSettings, AvdFabricData

  # Update structured config to enable validation per neighbor/VRF
- dc1_leaf1a_structured_config = {"hostname": "DC1-LEAF1A"}
+ dc1_leaf1a_structured_config = {
+     "hostname": "DC1-LEAF1A",
+     "router_bgp": {
+         "vrfs": [{
+             "name": "PROD",
+             "neighbors": [{
+                 "ip_address": "10.1.1.11",
+                 "metadata": {"validate_state": True}
+             }]
+         }]
+     }
+ }

  structured_configs = {"DC1-LEAF1A": dc1_leaf1a_structured_config}
  fabric_data = AvdFabricData.from_structured_configs(structured_configs)

- input_factory_settings = InputFactorySettings(allow_bgp_vrfs=True)
- settings = AvdCatalogGenerationSettings(input_factory_settings=input_factory_settings)

  anta_catalog = get_device_test_catalog(
      hostname="DC1-LEAF1A",
      structured_config=dc1_leaf1a_structured_config,
      fabric_data=fabric_data,
-     settings=settings
  )

4. Changes to custom_test_specs Setting

For users generating catalogs with custom test specifications, the AvdCatalogGenerationSettings.custom_test_specs attribute now expects a tuple of AvdTestSpec dataclass instances.

Additionally, the conditional_keys attribute has been removed from AvdTestSpec. Logic for skipping tests based on missing configuration must now be handled within the test factory implementation itself, using the skip_if_missing_config decorator.

Action Required: Update your custom test specs to use the new dataclass and move conditional logic to the factory.

  from typing import Iterator
  from anta.tests.connectivity import VerifyReachability

+ from pyavd._anta.constants import StructuredConfigKey
+ from pyavd._anta.input_factories._decorators import skip_if_missing_config
- from pyavd.api._anta import AvdCatalogGenerationSettings, TestSpec
+ from pyavd.api._anta import AvdCatalogGenerationSettings, AvdTestSpec

  class CustomVerifyReachabilityInputFactory(AntaTestInputFactory[VerifyReachability.Input]):
      """Custom input factory class for the `VerifyReachability` test."""

+     @skip_if_missing_config(StructuredConfigKey.ETHERNET_INTERFACES)
      def create(self) -> Iterator[VerifyReachability.Input]:
          # Custom logic to generate the inputs
          ...

+ test_spec = AvdTestSpec(
+     test_class=VerifyReachability,
-     conditional_keys=[StructuredConfigKey.ETHERNET_INTERFACES],
+     input_factory=CustomVerifyReachabilityInputFactory
+ )

  settings = AvdCatalogGenerationSettings(custom_test_specs=(test_spec,))

5. AvdCatalogGenerationSettings is now a Dataclass

AvdCatalogGenerationSettings has been converted from a Pydantic model to a standard Python dataclass.

Action Required: If your code relies on Pydantic-specific methods (like validation error handling or serialization), updates are required.

+ from dataclasses import asdict
  from pyavd.api._anta import AvdCatalogGenerationSettings

  settings = AvdCatalogGenerationSettings(run_tests=["VerifyReachability"])

- serialized_settings = settings.model_dump()
+ serialized_settings = asdict(settings)