Change the relation of Prefix / VRF to Prefix / Route Target #5240

New Issue

Closed

opened 2025-12-29 19:25:47 +01:00 by adam · 2 comments

adam commented 2025-12-29 19:25:47 +01:00

Owner

Copy Link

Originally created by @timrabl on GitHub (Aug 29, 2021).

NetBox version

v2.11.12

Feature type

Change to existing functionality

Proposed functionality

Example case

Let's take a Site A ( a data center ) with the autonomous system number (ASN) 1234.
There are two or more routers in one of the racks in this data center.

Each router announces its routes to the directly connected networks via BGP.
All routers speak to each other using a Link Aggregation Protocol (HSRP, LACP, whatever).
Each VRF now imports and exports its routes to the corresponding other VRFs.

According to EVPN RFCs, route distinguisher values ​​should be unique per MAC-VRF or IP-VRF.
See IP Prefix Advertisement in EVPN or RFC 7432.

As a result, there are now n VRFs and in order to avoid route leaking there is exactly one routing table (route target) created in Netbox.

As an example:

vrf definition router-1
  rd 1234:1000

  route target import 1234:100
  route target export 1234:100

vrf definition router-2
  rd 1234:2000

  route target import 1234:100
  route target export 1234:100

Current behaviour

If a new prefix is ​​now entered in Netbox, which is announced by any of the n routers, this must be assigned to a single VRF.

If you now assume that a router fails and a BGP route is no longer announced, the whole thing may still be manageable as soon as the primary router ( router with highest priority ) announces routes again. This means that the entries in Netbox are correct again after the failure has been resolved. Technically, however, they are temporarily wrong.

However, if one assumes that ECMP is used as the routing strategy (different route distinguisher are absolutely necessary here), then no firm statement can be made as to which BGP route is used or which VRF routes the traffic to the network.

So there is currently no possibility of entering prefixes correctly, in the sense of routing table specific and not VRF specifically, in Netbox.

It would be nice if you had a clear assignment of prefixes to routing tables in the prefix overview. Because the VRF is not very meaningful in some cases.

Implementation ideas

1. Adding multiple VRFs to a prefix

I deliberately write VRFs to a prefix, because you can currently theoretically create two "same" prefixes in two different VRFs. However, you then have to give the end device two IP addresses in this network, which again is completely wrong.

2. Change the prefix relations

Currently, VRF and Prefix are related:

• a VRF several prefixes (1:n)
• a prefix a VRF (1:1)

It would be better and more correct (in my opinion) to relate the prefix and the VRF to a route target.

• one VRF several route targets (1:n) (this is currently already possible)
• one route target several prefixes (1:n)
• one prefix several route targets (1:n)

Use case

See section current behaviour. I think that's explained in detail there.

Database changes

I would guess that database relations between VRF / Prefix / Route Target have to be changed in any case. How far remains to be seen.

External dependencies

I think there is no need for external libraries here.

Originally created by @timrabl on GitHub (Aug 29, 2021). ### NetBox version v2.11.12 ### Feature type Change to existing functionality ### Proposed functionality ### Example case ### Let's take a **Site A** ( a data center ) with the autonomous system number (ASN) **1234**. There are two or more routers in one of the racks in this data center. Each router announces its routes to the directly connected networks via BGP. All routers speak to each other using a Link Aggregation Protocol (HSRP, LACP, whatever). Each VRF now imports and exports its routes to the corresponding other VRFs. According to EVPN RFCs, route distinguisher values ​​should be unique per MAC-VRF or IP-VRF. See [IP Prefix Advertisement in EVPN](https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-prefix-advertisement-11) or [RFC 7432](https://datatracker.ietf.org/doc/html/rfc7432#section-7.9). As a result, there are now `n` VRFs and in order to avoid route leaking there is exactly `one` routing table (route target) created in Netbox. As an example: ``` vrf definition router-1 rd 1234:1000 route target import 1234:100 route target export 1234:100 ``` ``` vrf definition router-2 rd 1234:2000 route target import 1234:100 route target export 1234:100 ``` ### Current behaviour ### If a new prefix is ​​now entered in Netbox, which is announced by any of the `n` routers, this must be assigned to a **single** VRF. If you now assume that a router fails and a BGP route is no longer announced, the whole thing may still be manageable as soon as the primary router ( router with highest priority ) announces routes again. This means that the entries in Netbox are correct again after the failure has been resolved. Technically, however, they are temporarily wrong. However, if one assumes that ECMP is used as the routing strategy (different route distinguisher are absolutely necessary here), then no firm statement can be made as to which BGP route is used or which VRF routes the traffic to the network. So there is currently no possibility of entering prefixes *correctly*, in the sense of routing table specific and not VRF specifically, in Netbox. It would be nice if you had a clear assignment of prefixes to routing tables in the prefix overview. Because the VRF is not very meaningful in some cases. ### Implementation ideas ### #### 1. Adding multiple VRFs to a prefix #### I deliberately write VRFs to a prefix, because you can currently theoretically create two "same" prefixes in two different VRFs. However, you then have to give the end device two IP addresses in this network, which again is completely wrong. #### 2. Change the prefix relations #### Currently, VRF and Prefix are related: - a VRF several prefixes (1:n) - a prefix a VRF (1:1) It would be better and more correct (in my opinion) to relate the prefix and the VRF to a route target. - one VRF several route targets (1:n) (this is currently already possible) - one route target several prefixes (1:n) - one prefix several route targets (1:n) ### Use case See section current behaviour. I think that's explained in detail there. ### Database changes I would guess that database relations between VRF / Prefix / Route Target have to be changed in any case. How far remains to be seen. ### External dependencies I think there is no need for external libraries here.

adam added the type: feature label 2025-12-29 19:25:47 +01:00

adam closed this issue 2025-12-29 19:25:47 +01:00

adam commented 2025-12-29 19:25:47 +01:00

Author

Owner

Copy Link

@DanSheps commented on GitHub (Aug 30, 2021):

So, I think I understand what you are getting at here is...

Because prefixes are tied to a VRF, you can't "see" when a prefix is in an imported VRF in Netbox. I think the proposal you are proposing is the wrong workaround for it as it does not match the real world implementation. Take for example this configuration:

vrf definition RED
  rd 64512:100
  address-family ipv4 unicast
    route-target export 64512:100
    route-target import 64512:100

vrf definition GREEN
  rd 64512:200
  address-family ipv4 unicast
    route-target export 64512:200
    route-target import 64512:200
    route-target import 64512:100

interface Gi0/1
  vrf forwarding RED
  ip address 10.231.23.1 255.255.255.0

The prefix, in this relation, is assigned to the VRF, not the route target.

I think it would be very rare that you would have the "same" VRF with a differnet name advertising the same prefix.

Now, I could see adding a little more advanced checking to check for prefixes that are existing in route-targets that are being imported into the VRF you are creating the new prefix it. However, this type of heavy lifting might be best left to some custom validation (see NetBox 3.0)

@DanSheps commented on GitHub (Aug 30, 2021): So, I think I understand what you are getting at here is... Because prefixes are tied to a VRF, you can't "see" when a prefix is in an imported VRF in Netbox. I think the proposal you are proposing is the **wrong** workaround for it as it does not match the real world implementation. Take for example this configuration: ``` vrf definition RED rd 64512:100 address-family ipv4 unicast route-target export 64512:100 route-target import 64512:100 vrf definition GREEN rd 64512:200 address-family ipv4 unicast route-target export 64512:200 route-target import 64512:200 route-target import 64512:100 interface Gi0/1 vrf forwarding RED ip address 10.231.23.1 255.255.255.0 ``` The prefix, in this relation, is assigned to the VRF, not the route target. I think it would be very rare that you would have the "same" VRF with a differnet name advertising the same prefix. Now, I could see adding a little more advanced checking to check for prefixes that are existing in route-targets that are being imported into the VRF you are creating the new prefix it. However, this type of heavy lifting might be best left to some custom validation (see NetBox 3.0)

adam commented 2025-12-29 19:25:48 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Sep 9, 2021):

@DanSheps hit the nail on the head here. NetBox's model for VRFs, route targets, and related objects replicates how the objects interact in the real world, and this is not something we would want to deviate from.

@jeremystretch commented on GitHub (Sep 9, 2021): @DanSheps hit the nail on the head here. NetBox's model for VRFs, route targets, and related objects replicates how the objects interact in the real world, and this is not something we would want to deviate from.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label type: feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#5240