exit: allow multiple VLANs per VRF

Turns out that while Cumulus supports “up to” 255 VRFs, no switch it
runs on supports more than 64. So we have to turn down paranoia and
put internal networks for each tenant in the same VRF.

This commit just ensures VRF definitions are not duplicated on exits.

roles/exit/templates/frr.conf.j2

@@ -3,7 +3,7 @@
     | selectattr('role') | selectattr('role.value', '==', 'loopback')
     | map(attribute='address') %}
 {% set inside_vrfs = interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
-    | selectattr('vrf') | map(attribute='vrf.name') | reject('==', 'outside') | sort %}
+    | selectattr('vrf') | map(attribute='vrf.name') | reject('==', 'outside') | sort | unique %}
 
 frr defaults datacenter
 log syslog informational
@@ -239,7 +239,7 @@ ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr(
 
 # individual prefix lists for each inside network
 {% for prefix in vrf_prefixes | selectattr('vrf.name', 'in', inside_vrfs)
-    | sort(attribute='family.value') | sort(attribute='vlan.vid') %}
+    | sort(attribute='family.value') | sort(attribute='vrf.name') %}
 {% if prefix.family.value == 4 %}
 ip prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
 {% else %}

roles/exit/templates/networks.intf.j2

@@ -1,6 +1,6 @@
 {# VRF outside is special, all others are inside but also firewalled from each other. #}
 {% set inside_vrfs = interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
-    | selectattr('vrf') | map(attribute='vrf') | rejectattr('name', '==', 'outside') -%}
+    | selectattr('vrf') | map(attribute='vrf') | rejectattr('name', '==', 'outside') | unique -%}
 
 # A separate VRF for each inside network so we can firewall between them.
 {% for vrf in inside_vrfs %}