After I apply vpn apply export as you suggested, I see the expected behavior: Type2/3 routes are filtered, only type 1 routes are advertised:
__default_evpn__.evpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
1:3.3.3.3:0::0500000001000003e800::FFFF:FFFF/192 AD/ESI
* 3.3.3.3 100 I
Original Message:
Sent: 03-10-2024 11:04
From: Aninda Chatterjee
Subject: Controlling BGP EVP routes via export policy
Can you post the full BGP group configuration for the DCI? If you don't already have the 'vpn-apply-export' configuration option configured (set protocols bgp group <> vpn-apply-export), please configure that and test again.
------------------------------
Aninda Chatterjee
Original Message:
Sent: 03-09-2024 14:34
From: LEEBAHI
Subject: Controlling BGP EVP routes via export policy
Thanks Farid.
I do see what you mentioned: explicit defined VNI target using vni vrf-target takes precedence over globally defined RT.
Below is the output:
root@DC3> ...ising-protocol bgp 199.199.199.4 extensive
SW1.evpn.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
* 2:3.3.3.3:1::1000::00:00:5e:00:01:01/304 MAC/IP (1 entry, 1 announced)
BGP group EVPN type Internal
Route Distinguisher: 3.3.3.3:1
Route Label: 1000
ESI: 05:00:00:00:01:00:00:03:e8:00
Nexthop: 3.3.3.3
Localpref: 100
AS path: [1] I
Communities: target:1000:1000 encapsulation:vxlan(0x8)
* 2:3.3.3.3:1::1000::00:05:86:71:c4:f0/304 MAC/IP (1 entry, 1 announced)
BGP group EVPN type Internal
Route Distinguisher: 3.3.3.3:1
Route Label: 1000
ESI: 00:00:00:00:00:00:00:00:00:00
Nexthop: 3.3.3.3
Localpref: 100
AS path: [1] I
Communities: target:1000:1000 encapsulation:vxlan(0x8)
* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0/304 MAC/IP (1 entry, 1 announced)
BGP group EVPN type Internal
Route Distinguisher: 3.3.3.3:1
Route Label: 1000
ESI: 00:00:00:00:00:00:00:00:00:00
Nexthop: 3.3.3.3
Localpref: 100
AS path: [1] I
Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway
- 2:3.3.3.3:1::1000::00:00:5e:00:01:01::100.100.100.10/304 MAC/IP (1 entry, 1 announced)
BGP group EVPN type Internal
Route Distinguisher: 3.3.3.3:1
Route Label: 1000
ESI: 05:00:00:00:01:00:00:03:e8:00
Nexthop: 3.3.3.3
Localpref: 100
AS path: [1] I
Communities: target:1000:1000 encapsulation:vxlan(0x8)
* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0::100.100.100.1/304 MAC/IP (1 entry, 1 announced)
BGP group EVPN type Internal
Route Distinguisher: 3.3.3.3:1
Route Label: 1000
ESI: 00:00:00:00:00:00:00:00:00:00
Nexthop: 3.3.3.3
Localpref: 100
AS path: [1] I
Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway
* 3:3.3.3.3:1::1000::3.3.3.3/248 IM (1 entry, 1 announced)
BGP group EVPN type Internal
Route Distinguisher: 3.3.3.3:1
Route Label: 1000
PMSI: Flags 0x0: Label 1000: Type INGRESS-REPLICATION 3.3.3.3
Nexthop: 3.3.3.3
Localpref: 100
AS path: [1] I
Communities: target:1000:1000 encapsulation:vxlan(0x8)
PMSI: Flags 0x0: Label 62: Type INGRESS-REPLICATION 3.3.3.3
------------------------------
Be kind!!
Original Message:
Sent: 03-09-2024 03:16
From: FARID AKHUNDOV
Subject: Controlling BGP EVP routes via export policy
Hi,
Configuration looks OK, according to the documentation, vrf-target under VNI overrides any other global route-targets and applies only to Type 2/3 routes.
Interesting case.
Could you share output of show route advertising-protocol bgp 199.199.199.4 detail for one Type 2 or Type 3 entry?
------------------------------
FARID AKHUNDOV
Original Message:
Sent: 03-08-2024 20:28
From: LEEBAHI
Subject: Controlling BGP EVP routes via export policy
Hi everyone,
I have a simple set up:
DC3 ( 199.199.199.1)--EVPN BGP-----199.199.199.4 ( DC4)
DC3 has following config:
We can see DC3 is announcing EVPN Type2/3 routes with community :target:1000:1000 to DC4 ( 199.199.199.4):
Let's say we want to stop DC3 to stop advertising these Type2/3 routes tagged with community target:1000:1000.
I configured a following a policy that matches on community target:1000:1000 and deny as an action, This policy is then applied as export policy under BGP towards 199.199.199.4:
Policy is applied as export:
But it has no effect, DC3 continues to advertises type2/3 routes tagged with community target:1000:1000:
What am I missing ?
Thanks !!
------------------------------
Be kind!!
------------------------------