Certifications

Expand all | Collapse all

When an import policy is a must when vrf-target is configured manually?

Jump to Best Answer
  • 1.  When an import policy is a must when vrf-target is configured manually?

    Posted 04-24-2020 15:48

    I came across some places where an import policy is mentioned to be a must when you configure vrf-target in EVPN manully.

    EVPN-VXLAN lab – RT assignment methods is one of them.

    I am taking Juniper ADCX traininig. The lab2 shows how to manually configure vrf-target manually. It does not ask to configure any import policy.  except showing an policy generated by the device.

    I also labbed it in the EVE to find the same.

    Default policy when using general vrf-target
    root@leaf-3# run show policy
    Configured policies:
    __vrf-export-default-switch-internal__
    __vrf-import-__default_evpn__-internal__
    __vrf-import-default-switch-internal__
    
    {master:0}[edit]
    
    On both vteps, add the following
    set protocols evpn vni-options vni 5010 vrf-target target:65000:10
    
    Policy after configuring vrf-target manually
    root@leaf-3# run show policy
    Configured policies:
    __vrf-export-bd-override-5010-internal__           (automatically generated)
    __vrf-export-default-switch-internal__
    __vrf-import-__default_evpn__-internal__
    __vrf-import-autoderive-default-switch-internal__
    __vrf-import-default-switch-internal__
    
    

    Anyone can help me  to understand when I have to manually configure an import policy ?

     

    thanks !!



  • 2.  RE: When an import policy is a must when vrf-target is configured manually?

     
    Posted 04-24-2020 16:20

    Hey gongyayu,

     

    Greetings, the auto knob is not part of the manual configuration is actually the opposite: 

     

    autoAutomatically derives the route target (RT). The auto-derived route targets have higher precedence over manually configured RT in vrf-target, vrf-export policies, and vrf-import policies.

     

    When "auto" is used there is no need to configure vrf import or export policies the system will accept and send everything.

     
    NOTE

    Auto-derived route targets are supported only in virtual switch and EVPN routing instances.

     

    If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

    Regards,

    Lil Dexx
    JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

     

     

     



  • 3.  RE: When an import policy is a must when vrf-target is configured manually?

    Posted 04-24-2020 19:41

    thanks for taking a look at it.

    This time I removed auto configuration, and manually configure vrf-target in EVPN stanza, sorry not having indicated this previously.

    On leaf-1 and leaf-2
    set protocols evpn vni-options vni 5010 vrf-target target:65000:10
    (auto configuration is removed)

     I am testing three optional vrf-target one by one. 

    general

    auto

    manual

    The training lab has all these exercises.



  • 4.  RE: When an import policy is a must when vrf-target is configured manually?
    Best Answer

     
    Posted 04-24-2020 21:50

    No Problem Mate!

     

    Essentially you have 1 the general way (under switch-options) all vni's use the same RT you still have the option to limit what you are going to import and export if you, however, s the doc said all PE routers, participating in this EVPN instance, will learn all routes from all VLANs/VXLANs. 2 per vni RT in which you will need the RT-import policy plus you need to permit not only RT for this specific VNI, but also general vrf-target RT, used for EVPN type 1 routes. 3 Auto you don't need to configure anything else as mentioned before. everything is automatically configured. 🙂

     

    If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

    Regards,

     

    Lil Dexx
    JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

     



  • 5.  RE: When an import policy is a must when vrf-target is configured manually?

    Posted 04-25-2020 06:32

    thanks !!



  • 6.  RE: When an import policy is a must when vrf-target is configured manually?

     
    Posted 04-24-2020 20:30

    >>>>>Anyone can help me  to understand when I have to manually configure an import policy ?

    Hi Gongyayu,

    import policy would be used when you need to control the routes which needs to imported. 

    Check this link and see it helps to understand on this one.

    https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-collapsed-topology.html

     

    Let me know if i didnot understand your question.

     

    Thanks.