Data Center

Hi everyone,

I have a simple set up:

DC3 ( 199.199.199.1)--EVPN BGP-----199.199.199.4 ( DC4)

DC3 has following config:

We can see DC3 is announcing  EVPN  Type2/3 routes with community :target:1000:1000  to DC4 ( 199.199.199.4):

Let's say we want to stop DC3 to stop advertising these Type2/3 routes tagged with community target:1000:1000.

I configured a following a policy that matches on community target:1000:1000 and deny as an action, This policy is then applied as export policy under BGP towards 199.199.199.4:

Policy is applied as export:

But it has no effect, DC3 continues to advertises type2/3 routes tagged with community target:1000:1000:

What am I missing ?

Thanks !!

Hi,

Configuration looks OK, according to the documentation, vrf-target under VNI overrides any other global route-targets and applies only to Type 2/3 routes.

Interesting case.

Could you share output of show route advertising-protocol bgp 199.199.199.4 detail for one Type 2 or Type 3 entry?

------------------------------
FARID AKHUNDOV

Original Message:
Sent: 03-08-2024 20:28
From: LEEBAHI
Subject: Controlling BGP EVP routes via export policy

Hi everyone,

I have a simple set up:

DC3 ( 199.199.199.1)--EVPN BGP-----199.199.199.4 ( DC4)

DC3 has following config:

We can see DC3 is announcing  EVPN  Type2/3 routes with community :target:1000:1000  to DC4 ( 199.199.199.4):

Let's say we want to stop DC3 to stop advertising these Type2/3 routes tagged with community target:1000:1000.

I configured a following a policy that matches on community target:1000:1000 and deny as an action, This policy is then applied as export policy under BGP towards 199.199.199.4:

Policy is applied as export:

But it has no effect, DC3 continues to advertises type2/3 routes tagged with community target:1000:1000:

What am I missing ?

Thanks !!

------------------------------
Be kind!!
------------------------------

Thanks Farid.

I  do see what you mentioned:  explicit defined VNI target using  vni vrf-target takes precedence over globally defined  RT.

Below is the output:

root@DC3> ...ising-protocol bgp 199.199.199.4 extensive                     

SW1.evpn.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
* 2:3.3.3.3:1::1000::00:00:5e:00:01:01/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 05:00:00:00:01:00:00:03:e8:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::00:05:86:71:c4:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal           
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway

• 2:3.3.3.3:1::1000::00:00:5e:00:01:01::100.100.100.10/304 MAC/IP (1 entry, 1 announced)
   BGP group EVPN type Internal
       Route Distinguisher: 3.3.3.3:1
       Route Label: 1000
       ESI: 05:00:00:00:01:00:00:03:e8:00
       Nexthop: 3.3.3.3
       Localpref: 100
       AS path: [1] I 
       Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0::100.100.100.1/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway

* 3:3.3.3.3:1::1000::3.3.3.3/248 IM (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     PMSI: Flags 0x0: Label 1000: Type INGRESS-REPLICATION 3.3.3.3
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)
     PMSI: Flags 0x0: Label 62: Type INGRESS-REPLICATION 3.3.3.3

------------------------------
Be kind!!

Original Message:
Sent: 03-09-2024 03:16
From: FARID AKHUNDOV
Subject: Controlling BGP EVP routes via export policy

Hi,

Configuration looks OK, according to the documentation, vrf-target under VNI overrides any other global route-targets and applies only to Type 2/3 routes.

Interesting case.

Could you share output of show route advertising-protocol bgp 199.199.199.4 detail for one Type 2 or Type 3 entry?

------------------------------
FARID AKHUNDOV

Original Message:
Sent: 03-08-2024 20:28
From: LEEBAHI
Subject: Controlling BGP EVP routes via export policy

Hi everyone,

I have a simple set up:

DC3 ( 199.199.199.1)--EVPN BGP-----199.199.199.4 ( DC4)

DC3 has following config:

We can see DC3 is announcing  EVPN  Type2/3 routes with community :target:1000:1000  to DC4 ( 199.199.199.4):

Let's say we want to stop DC3 to stop advertising these Type2/3 routes tagged with community target:1000:1000.

I configured a following a policy that matches on community target:1000:1000 and deny as an action, This policy is then applied as export policy under BGP towards 199.199.199.4:

Policy is applied as export:

But it has no effect, DC3 continues to advertises type2/3 routes tagged with community target:1000:1000:

What am I missing ?

Thanks !!

------------------------------
Be kind!!
------------------------------

Thanks Farid.

I  do see what you mentioned:  explicit defined VNI target using  vni vrf-target takes precedence over globally defined  RT.

Below is the output:

root@DC3> ...ising-protocol bgp 199.199.199.4 extensive                     

SW1.evpn.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
* 2:3.3.3.3:1::1000::00:00:5e:00:01:01/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 05:00:00:00:01:00:00:03:e8:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::00:05:86:71:c4:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal           
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway

• 2:3.3.3.3:1::1000::00:00:5e:00:01:01::100.100.100.10/304 MAC/IP (1 entry, 1 announced)
   BGP group EVPN type Internal
       Route Distinguisher: 3.3.3.3:1
       Route Label: 1000
       ESI: 05:00:00:00:01:00:00:03:e8:00
       Nexthop: 3.3.3.3
       Localpref: 100
       AS path: [1] I 
       Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0::100.100.100.1/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway

* 3:3.3.3.3:1::1000::3.3.3.3/248 IM (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     PMSI: Flags 0x0: Label 1000: Type INGRESS-REPLICATION 3.3.3.3
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)
     PMSI: Flags 0x0: Label 62: Type INGRESS-REPLICATION 3.3.3.3

------------------------------
Be kind!!

Original Message:
Sent: 03-09-2024 03:16
From: FARID AKHUNDOV
Subject: Controlling BGP EVP routes via export policy

Hi,

Configuration looks OK, according to the documentation, vrf-target under VNI overrides any other global route-targets and applies only to Type 2/3 routes.

Interesting case.

Could you share output of show route advertising-protocol bgp 199.199.199.4 detail for one Type 2 or Type 3 entry?

------------------------------
FARID AKHUNDOV

Original Message:
Sent: 03-08-2024 20:28
From: LEEBAHI
Subject: Controlling BGP EVP routes via export policy

Hi everyone,

I have a simple set up:

DC3 ( 199.199.199.1)--EVPN BGP-----199.199.199.4 ( DC4)

DC3 has following config:

We can see DC3 is announcing  EVPN  Type2/3 routes with community :target:1000:1000  to DC4 ( 199.199.199.4):

Let's say we want to stop DC3 to stop advertising these Type2/3 routes tagged with community target:1000:1000.

I configured a following a policy that matches on community target:1000:1000 and deny as an action, This policy is then applied as export policy under BGP towards 199.199.199.4:

Policy is applied as export:

But it has no effect, DC3 continues to advertises type2/3 routes tagged with community target:1000:1000:

What am I missing ?

Thanks !!

------------------------------
Be kind!!
------------------------------

Can you post the full BGP group configuration for the DCI? If you don't already have the 'vpn-apply-export' configuration option configured (set protocols bgp group <> vpn-apply-export), please configure that and test again. 

Thanks Farid.

I  do see what you mentioned:  explicit defined VNI target using  vni vrf-target takes precedence over globally defined  RT.

Below is the output:

root@DC3> ...ising-protocol bgp 199.199.199.4 extensive                     

SW1.evpn.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
* 2:3.3.3.3:1::1000::00:00:5e:00:01:01/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 05:00:00:00:01:00:00:03:e8:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::00:05:86:71:c4:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal           
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway

• 2:3.3.3.3:1::1000::00:00:5e:00:01:01::100.100.100.10/304 MAC/IP (1 entry, 1 announced)
   BGP group EVPN type Internal
       Route Distinguisher: 3.3.3.3:1
       Route Label: 1000
       ESI: 05:00:00:00:01:00:00:03:e8:00
       Nexthop: 3.3.3.3
       Localpref: 100
       AS path: [1] I 
       Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0::100.100.100.1/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway

* 3:3.3.3.3:1::1000::3.3.3.3/248 IM (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     PMSI: Flags 0x0: Label 1000: Type INGRESS-REPLICATION 3.3.3.3
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)
     PMSI: Flags 0x0: Label 62: Type INGRESS-REPLICATION 3.3.3.3

------------------------------
Be kind!!

Original Message:
Sent: 03-09-2024 03:16
From: FARID AKHUNDOV
Subject: Controlling BGP EVP routes via export policy

Hi,

Configuration looks OK, according to the documentation, vrf-target under VNI overrides any other global route-targets and applies only to Type 2/3 routes.

Interesting case.

Could you share output of show route advertising-protocol bgp 199.199.199.4 detail for one Type 2 or Type 3 entry?

------------------------------
FARID AKHUNDOV

Original Message:
Sent: 03-08-2024 20:28
From: LEEBAHI
Subject: Controlling BGP EVP routes via export policy

Hi everyone,

I have a simple set up:

DC3 ( 199.199.199.1)--EVPN BGP-----199.199.199.4 ( DC4)

DC3 has following config:

We can see DC3 is announcing  EVPN  Type2/3 routes with community :target:1000:1000  to DC4 ( 199.199.199.4):

Let's say we want to stop DC3 to stop advertising these Type2/3 routes tagged with community target:1000:1000.

I configured a following a policy that matches on community target:1000:1000 and deny as an action, This policy is then applied as export policy under BGP towards 199.199.199.4:

Policy is applied as export:

But it has no effect, DC3 continues to advertises type2/3 routes tagged with community target:1000:1000:

What am I missing ?

Thanks !!

------------------------------
Be kind!!
------------------------------

Can you post the full BGP group configuration for the DCI? If you don't already have the 'vpn-apply-export' configuration option configured (set protocols bgp group <> vpn-apply-export), please configure that and test again. 

Thanks Farid.

I  do see what you mentioned:  explicit defined VNI target using  vni vrf-target takes precedence over globally defined  RT.

Below is the output:

root@DC3> ...ising-protocol bgp 199.199.199.4 extensive                     

SW1.evpn.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
* 2:3.3.3.3:1::1000::00:00:5e:00:01:01/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 05:00:00:00:01:00:00:03:e8:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::00:05:86:71:c4:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal           
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway

• 2:3.3.3.3:1::1000::00:00:5e:00:01:01::100.100.100.10/304 MAC/IP (1 entry, 1 announced)
   BGP group EVPN type Internal
       Route Distinguisher: 3.3.3.3:1
       Route Label: 1000
       ESI: 05:00:00:00:01:00:00:03:e8:00
       Nexthop: 3.3.3.3
       Localpref: 100
       AS path: [1] I 
       Communities: target:1000:1000 encapsulation:vxlan(0x8)

* 2:3.3.3.3:1::1000::2c:6b:f5:6d:b3:f0::100.100.100.1/304 MAC/IP (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8) evpn-default-gateway

* 3:3.3.3.3:1::1000::3.3.3.3/248 IM (1 entry, 1 announced)
 BGP group EVPN type Internal
     Route Distinguisher: 3.3.3.3:1
     Route Label: 1000
     PMSI: Flags 0x0: Label 1000: Type INGRESS-REPLICATION 3.3.3.3
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: [1] I 
     Communities: target:1000:1000 encapsulation:vxlan(0x8)
     PMSI: Flags 0x0: Label 62: Type INGRESS-REPLICATION 3.3.3.3

------------------------------
Be kind!!

Original Message:
Sent: 03-09-2024 03:16
From: FARID AKHUNDOV
Subject: Controlling BGP EVP routes via export policy

Hi,

Configuration looks OK, according to the documentation, vrf-target under VNI overrides any other global route-targets and applies only to Type 2/3 routes.

Interesting case.

Could you share output of show route advertising-protocol bgp 199.199.199.4 detail for one Type 2 or Type 3 entry?

------------------------------
FARID AKHUNDOV

Original Message:
Sent: 03-08-2024 20:28
From: LEEBAHI
Subject: Controlling BGP EVP routes via export policy

Hi everyone,

I have a simple set up:

DC3 ( 199.199.199.1)--EVPN BGP-----199.199.199.4 ( DC4)

DC3 has following config:

We can see DC3 is announcing  EVPN  Type2/3 routes with community :target:1000:1000  to DC4 ( 199.199.199.4):

Let's say we want to stop DC3 to stop advertising these Type2/3 routes tagged with community target:1000:1000.

I configured a following a policy that matches on community target:1000:1000 and deny as an action, This policy is then applied as export policy under BGP towards 199.199.199.4:

Policy is applied as export:

But it has no effect, DC3 continues to advertises type2/3 routes tagged with community target:1000:1000:

What am I missing ?

Thanks !!

------------------------------
Be kind!!
------------------------------