Data Center

Hi everyone,

I am trying  to learn how to use use import and export policies to control what EVPN routes get installed into switching-instance rather than using vrf auto target option.

I built this simple lab with two DC: DC3 and DC4,  two vMX are configured as layer2gateway  for stretched VLAN 100.

                Both DC have following import and export policy:

DC3:

 I then applied these policies as import and export under switching instance:

DC4 should have mirror image of the policies:

But DC3 will not announce  any type 2 routes say 100.100.100.100.5 to DC4:

We can see above DC3 does have locally learned MAC/IP routes but none of them are being announced to DC4:

The moment I removed all import and export policies, DC3 has no issue advertising MAC/IP routes to DC4.

I removed import/export policies on DC3 and DC4, which now  uses RT 1:1 defined under switching instance:

DC3 can advertise routes now:

What am I missing?

Much appreciated!!

------------------------------
Be kind!!
------------------------------

Hi,

If I am not wrong, you should not combine together vrf-target xxx and vrf-import/vrf-export to avoid confusion. You should either use vrf-target xxx in order to attach this community to advertised routes and accept received routes with this community; or for more granular control, you can use vrf-import and vrf-export if you have different import and export communities.

However, when you use vrf-export, your policy should set and accept the community, not match and accept. For vrf-import you should match and accept the community, like below for instance - 

community vxlan-vni5100 members target:54591:5100;

policy-statement vxlan-vni5100-export {
    term 1 {
        then {
            community add vxlan-vni5100;
            accept;
        }
    }
}
policy-statement vxlan-vni5100-import {
    term 1 {
        from {
            protocol bgp;               
            community vxlan-vni5100;
        }
        then accept;
    }
}

So, fixing export policy should fix the problem.

Hi everyone,

I am trying  to learn how to use use import and export policies to control what EVPN routes get installed into switching-instance rather than using vrf auto target option.

I built this simple lab with two DC: DC3 and DC4,  two vMX are configured as layer2gateway  for stretched VLAN 100.

                Both DC have following import and export policy:

DC3:

 I then applied these policies as import and export under switching instance:

DC4 should have mirror image of the policies:

But DC3 will not announce  any type 2 routes say 100.100.100.100.5 to DC4:

We can see above DC3 does have locally learned MAC/IP routes but none of them are being announced to DC4:

The moment I removed all import and export policies, DC3 has no issue advertising MAC/IP routes to DC4.

I removed import/export policies on DC3 and DC4, which now  uses RT 1:1 defined under switching instance:

DC3 can advertise routes now:

What am I missing?

Much appreciated!!

------------------------------
Be kind!!
------------------------------

Works like a charm!!

Appreciated!!

Hi,

If I am not wrong, you should not combine together vrf-target xxx and vrf-import/vrf-export to avoid confusion. You should either use vrf-target xxx in order to attach this community to advertised routes and accept received routes with this community; or for more granular control, you can use vrf-import and vrf-export if you have different import and export communities.

However, when you use vrf-export, your policy should set and accept the community, not match and accept. For vrf-import you should match and accept the community, like below for instance - 

community vxlan-vni5100 members target:54591:5100;

policy-statement vxlan-vni5100-export {
    term 1 {
        then {
            community add vxlan-vni5100;
            accept;
        }
    }
}
policy-statement vxlan-vni5100-import {
    term 1 {
        from {
            protocol bgp;               
            community vxlan-vni5100;
        }
        then accept;
    }
}

So, fixing export policy should fix the problem.

Hi everyone,

I am trying  to learn how to use use import and export policies to control what EVPN routes get installed into switching-instance rather than using vrf auto target option.

I built this simple lab with two DC: DC3 and DC4,  two vMX are configured as layer2gateway  for stretched VLAN 100.

                Both DC have following import and export policy:

DC3:

 I then applied these policies as import and export under switching instance:

DC4 should have mirror image of the policies:

But DC3 will not announce  any type 2 routes say 100.100.100.100.5 to DC4:

We can see above DC3 does have locally learned MAC/IP routes but none of them are being announced to DC4:

The moment I removed all import and export policies, DC3 has no issue advertising MAC/IP routes to DC4.

I removed import/export policies on DC3 and DC4, which now  uses RT 1:1 defined under switching instance:

DC3 can advertise routes now:

What am I missing?

Much appreciated!!

------------------------------
Be kind!!
------------------------------

Hi,

If I am not wrong, you should not combine together vrf-target xxx and vrf-import/vrf-export to avoid confusion. You should either use vrf-target xxx in order to attach this community to advertised routes and accept received routes with this community; or for more granular control, you can use vrf-import and vrf-export if you have different import and export communities.

However, when you use vrf-export, your policy should set and accept the community, not match and accept. For vrf-import you should match and accept the community, like below for instance - 

community vxlan-vni5100 members target:54591:5100;

policy-statement vxlan-vni5100-export {
    term 1 {
        then {
            community add vxlan-vni5100;
            accept;
        }
    }
}
policy-statement vxlan-vni5100-import {
    term 1 {
        from {
            protocol bgp;               
            community vxlan-vni5100;
        }
        then accept;
    }
}

So, fixing export policy should fix the problem.

------------------------------
FARID AKHUNDOV

Original Message:
Sent: 03-07-2024 22:27
From: LEEBAHI
Subject: VRF-Import/Export question

Hi everyone,

I am trying  to learn how to use use import and export policies to control what EVPN routes get installed into switching-instance rather than using vrf auto target option.

I built this simple lab with two DC: DC3 and DC4,  two vMX are configured as layer2gateway  for stretched VLAN 100.

                Both DC have following import and export policy:

DC3:

 I then applied these policies as import and export under switching instance:

DC4 should have mirror image of the policies:

But DC3 will not announce  any type 2 routes say 100.100.100.100.5 to DC4:

We can see above DC3 does have locally learned MAC/IP routes but none of them are being announced to DC4:

The moment I removed all import and export policies, DC3 has no issue advertising MAC/IP routes to DC4.

I removed import/export policies on DC3 and DC4, which now  uses RT 1:1 defined under switching instance:

DC3 can advertise routes now:

What am I missing?

Much appreciated!!

------------------------------
Be kind!!
------------------------------