EFA excludes the VLANs and bridge domains used in the Layer 3 hand-off (toward the external gateway) endpoint group from the cluster instance by configuring member vlan remove <vlan-range> and member bridge-domain remove <bd-range> under the cluster instance.
During EFA upgrade, EFA marks all the VLANs and Bridge Domains (BD) used in l3-hand-off EPGs with the intended member vlan remove <vlan-range> and member bridge-domain remove <bd-range> configuration and shows as configuration drift. On reconciliation of the drift, EFA pushes member vlan remove <vlan-range> and member bridge-domain remove <bd-range> configuration under the cluster.
# efa tenant create --name tenant1 --port 10.24.80.134[0/1-10],10.24.80.135[0/1-10] --vlan-range 2001-2010 # efa tenant po create --name po1 --tenant tenant1 --port 10.24.80.134[0/1],10.24.80.135[0/1] --speed 10Gbps --negotiation active # efa tenant epg create --name L3HandoffEPG1Ten1 --tenant tenant1 --ctag-range 2001-2003 --switchport-mode trunk --po po1 --type l3-hand-off
Device1 # show run interface Port-channel 1 interface Port-channel 1 cluster-client auto switchport switchport mode trunk switchport trunk allowed vlan add 2001-2003 no switchport trunk tag native-vlan no shutdown ! Device1# show running config-evpn evpn-fabric1 route-target both auto ignore-as rd auto duplicate-mac-timer 5 max-count 3 ! Device1# show running-config cluster cluster fabric1-cluster-1 peer 10.20.20.5 peer-interface Port-channel 64 peer-keepalive auto ! member vlan-all member vlan remove 2001-2003 member bridge-domain all !
Device2 # show run interface Port-channel 1 interface Port-channel 1 cluster-client auto switchport switchport mode trunk switchport trunk allowed vlan add 2001-2003 no switchport trunk tag native-vlan no shutdown ! Device2# show running config-evpn evpn-fabric1 route-target both auto ignore-as rd auto duplicate-mac-timer 5 max-count 3 ! Device2# show running-config cluster cluster fabric1-cluster-1 peer 10.20.20.5 peer-interface Port-channel 64 peer-keepalive auto ! member vlan-all member vlan remove 2001-2003 member bridge-domain all !