Certifications

I came across some places where an import policy is mentioned to be a must when you configure vrf-target in EVPN manully.

EVPN-VXLAN lab – RT assignment methods is one of them.

I am taking Juniper ADCX traininig. The lab2 shows how to manually configure vrf-target manually. It does not ask to configure any import policy.  except showing an policy generated by the device.

I also labbed it in the EVE to find the same.

Default policy when using general vrf-target
root@leaf-3# run show policy
Configured policies:
__vrf-export-default-switch-internal__
__vrf-import-__default_evpn__-internal__
__vrf-import-default-switch-internal__

{master:0}[edit]

On both vteps, add the following
set protocols evpn vni-options vni 5010 vrf-target target:65000:10

Policy after configuring vrf-target manually
root@leaf-3# run show policy
Configured policies:
__vrf-export-bd-override-5010-internal__           (automatically generated)
__vrf-export-default-switch-internal__
__vrf-import-__default_evpn__-internal__
__vrf-import-autoderive-default-switch-internal__
__vrf-import-default-switch-internal__

Anyone can help me  to understand when I have to manually configure an import policy ?

thanks !!

Hey gongyayu,

Greetings, the auto knob is not part of the manual configuration is actually the opposite: 

auto—Automatically derives the route target (RT). The auto-derived route targets have higher precedence over manually configured RT in vrf-target, vrf-export policies, and vrf-import policies.

When "auto" is used there is no need to configure vrf import or export policies the system will accept and send everything.

thanks for taking a look at it.

This time I removed auto configuration, and manually configure vrf-target in EVPN stanza, sorry not having indicated this previously.

On leaf-1 and leaf-2
set protocols evpn vni-options vni 5010 vrf-target target:65000:10
(auto configuration is removed)

 I am testing three optional vrf-target one by one. 

general

auto

manual

The training lab has all these exercises.

No Problem Mate!

Essentially you have 1 the general way (under switch-options) all vni's use the same RT you still have the option to limit what you are going to import and export if you, however, s the doc said all PE routers, participating in this EVPN instance, will learn all routes from all VLANs/VXLANs. 2 per vni RT in which you will need the RT-import policy plus you need to permit not only RT for this specific VNI, but also general vrf-target RT, used for EVPN type 1 routes. 3 Auto you don't need to configure anything else as mentioned before. everything is automatically configured. 🙂

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

Regards,

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

thanks !!

>>>>>Anyone can help me  to understand when I have to manually configure an import policy ?

Hi Gongyayu,

import policy would be used when you need to control the routes which needs to imported. 

Check this link and see it helps to understand on this one.

https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-collapsed-topology.html

Let me know if i didnot understand your question.

Thanks.