From ac1f5a89fdad6142cba6813103e933f6f0d8adb0 Mon Sep 17 00:00:00 2001 From: Cameron Schaeffer Date: Thu, 13 Nov 2025 15:36:45 +0000 Subject: [PATCH 1/2] feat: add VXLAN-aware match fields support to flow record module - Add match_datalink_vlan for VLAN input/output matching - Add match_routing_vrf_input for VRF input routing - Add match_vxlan_vnid for VXLAN Network Identifier matching - Add match_vxlan_vtep_input for VTEP input endpoint matching - Add match_vxlan_vtep_output for VTEP output endpoint matching These fields enable VXLAN overlay network monitoring with detailed visibility into VXLAN traffic flows for network segmentation and troubleshooting. --- iosxe_flow.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/iosxe_flow.tf b/iosxe_flow.tf index 32d8677..ceb77d4 100644 --- a/iosxe_flow.tf +++ b/iosxe_flow.tf @@ -96,6 +96,7 @@ locals { match_connection_server_ipv4_address = try(record.match.connection_server_ipv4_address, local.defaults.iosxe.device_config.flow.records.match.connection_server_ipv4_address, null) match_connection_server_ipv6_address = try(record.match.connection_server_ipv6_address, local.defaults.iosxe.device_config.flow.records.match.connection_server_ipv6_address, null) match_connection_server_transport_port = try(record.match.connection_server_transport_port, local.defaults.iosxe.device_config.flow.records.match.connection_server_transport_port, null) + match_datalink_vlan = try(record.match.datalink_vlan, local.defaults.iosxe.device_config.flow.records.match.datalink_vlan, null) match_flow_direction = try(record.match.flow_direction, local.defaults.iosxe.device_config.flow.records.match.flow_direction, null) match_flow_observation_point = try(record.match.flow_observation_point, local.defaults.iosxe.device_config.flow.records.match.flow_observation_point, null) match_interface_input = try(record.match.interface_input, local.defaults.iosxe.device_config.flow.records.match.interface_input, null) @@ -108,8 +109,12 @@ locals { match_ipv6_protocol = try(record.match.ipv6_protocol, local.defaults.iosxe.device_config.flow.records.match.ipv6_protocol, null) match_ipv6_source_address = try(record.match.ipv6_source_address, local.defaults.iosxe.device_config.flow.records.match.ipv6_source_address, null) match_ipv6_version = try(record.match.ipv6_version, local.defaults.iosxe.device_config.flow.records.match.ipv6_version, null) + match_routing_vrf_input = try(record.match.routing_vrf_input, local.defaults.iosxe.device_config.flow.records.match.routing_vrf_input, null) match_transport_destination_port = try(record.match.transport_destination_port, local.defaults.iosxe.device_config.flow.records.match.transport_destination_port, null) match_transport_source_port = try(record.match.transport_source_port, local.defaults.iosxe.device_config.flow.records.match.transport_source_port, null) + match_vxlan_vnid = try(record.match.vxlan_vnid, local.defaults.iosxe.device_config.flow.records.match.vxlan_vnid, null) + match_vxlan_vtep_input = try(record.match.vxlan_vtep_input, local.defaults.iosxe.device_config.flow.records.match.vxlan_vtep_input, null) + match_vxlan_vtep_output = try(record.match.vxlan_vtep_output, local.defaults.iosxe.device_config.flow.records.match.vxlan_vtep_output, null) collect_connection_initiator = try(record.collect.connection_initiator, local.defaults.iosxe.device_config.flow.records.collect.connection_initiator, null) collect_connection_new_connections = try(record.collect.connection_new_connections, local.defaults.iosxe.device_config.flow.records.collect.connection_new_connections, null) collect_connection_server_counter_bytes_network_long = try(record.collect.connection_server_counter_bytes_network_long, local.defaults.iosxe.device_config.flow.records.collect.connection_server_counter_bytes_network_long, null) @@ -139,6 +144,7 @@ resource "iosxe_flow_record" "flow_record" { match_connection_server_ipv4_address = each.value.match_connection_server_ipv4_address match_connection_server_ipv6_address = each.value.match_connection_server_ipv6_address match_connection_server_transport_port = each.value.match_connection_server_transport_port + match_datalink_vlan = each.value.match_datalink_vlan match_flow_direction = each.value.match_flow_direction match_flow_observation_point = each.value.match_flow_observation_point match_interface_input = each.value.match_interface_input @@ -151,8 +157,12 @@ resource "iosxe_flow_record" "flow_record" { match_ipv6_protocol = each.value.match_ipv6_protocol match_ipv6_source_address = each.value.match_ipv6_source_address match_ipv6_version = each.value.match_ipv6_version + match_routing_vrf_input = each.value.match_routing_vrf_input match_transport_destination_port = each.value.match_transport_destination_port match_transport_source_port = each.value.match_transport_source_port + match_vxlan_vnid = each.value.match_vxlan_vnid + match_vxlan_vtep_input = each.value.match_vxlan_vtep_input + match_vxlan_vtep_output = each.value.match_vxlan_vtep_output collect_connection_initiator = each.value.collect_connection_initiator collect_connection_new_connections = each.value.collect_connection_new_connections collect_connection_server_counter_bytes_network_long = each.value.collect_connection_server_counter_bytes_network_long From 1820daa15398b4eedca3ef0066d751f528558d78 Mon Sep 17 00:00:00 2001 From: Cameron Schaeffer Date: Sat, 22 Nov 2025 21:21:57 +0000 Subject: [PATCH 2/2] fix: Remove duplicate match_datalink_vlan attribute MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removed duplicate match_datalink_vlan entries from both the locals block (line 138) and the resource block (line 192) in iosxe_flow.tf. The attribute is already correctly defined earlier in both sections (lines 117 and 171 respectively). This resolves the tflint terraform_map_duplicate_keys warning and the Terraform duplicate attribute error. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- iosxe_flow.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/iosxe_flow.tf b/iosxe_flow.tf index 75db454..47bbc01 100644 --- a/iosxe_flow.tf +++ b/iosxe_flow.tf @@ -135,7 +135,6 @@ locals { match_vxlan_vtep_output = try(record.match.vxlan_vtep_output, local.defaults.iosxe.device_config.flow.records.match.vxlan_vtep_output, null) match_datalink_mac_source_address_input = try(record.match.datalink_mac_source_address_input, local.defaults.iosxe.device_config.flow.records.match.datalink_mac_source_address_input, null) match_datalink_mac_destination_address_input = try(record.match.datalink_mac_destination_address_input, local.defaults.iosxe.device_config.flow.records.match.datalink_mac_destination_address_input, null) - match_datalink_vlan = try(record.match.datalink_vlan, local.defaults.iosxe.device_config.flow.records.match.datalink_vlan, null) match_datalink_source_vlan_id = try(record.match.datalink_source_vlan_id, local.defaults.iosxe.device_config.flow.records.match.datalink_source_vlan_id, null) match_datalink_destination_vlan_id = try(record.match.datalink_destination_vlan_id, local.defaults.iosxe.device_config.flow.records.match.datalink_destination_vlan_id, null) match_ipv4_ttl = try(record.match.ipv4_ttl, local.defaults.iosxe.device_config.flow.records.match.ipv4_ttl, null) @@ -189,7 +188,6 @@ resource "iosxe_flow_record" "flow_record" { match_vxlan_vtep_output = each.value.match_vxlan_vtep_output match_datalink_mac_source_address_input = each.value.match_datalink_mac_source_address_input match_datalink_mac_destination_address_input = each.value.match_datalink_mac_destination_address_input - match_datalink_vlan = each.value.match_datalink_vlan match_datalink_source_vlan_id = each.value.match_datalink_source_vlan_id match_datalink_destination_vlan_id = each.value.match_datalink_destination_vlan_id match_ipv4_ttl = each.value.match_ipv4_ttl