- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: BGP EVPN routes can be filtered through border...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2018 01:33 AM
11-10-2018 01:33 AM
BGP EVPN routes can be filtered through border leaf?
Hi folks,
I ask for your help because I am trying to filter EVPN routes through border leaf to another CPD but I am not able to find the solution...
The EVPN addresses are synchronized and there is level 2 communication between the CPDs. The problem is that the borderleaf sends EVPN information of all the VSIs, and we only want it to send information of the VSIs that we want to extend. For example:
bgp 65500
graceful-restart
graceful-restart timer restart 500
graceful-restart timer wait-for-rib 500
group SPINE internal
peer SPINE connect-interface LoopBack0
peer 10.4.0.106 as-number 65500
peer 10.4.0.106 description DCI-TEST
peer 10.4.0.106 connect-interface LoopBack1023
peer 172.16.125.129 group SPINE
peer 172.16.125.129 description SPINE03W-01
peer 172.16.125.130 group SPINE
peer 172.16.125.130 description SPINE04W-01
#
address-family ipv4 unicast
default-route imported
#
address-family l2vpn evpn
peer SPINE enable
peer 10.4.0.106 enable
peer 10.4.0.106 route-policy DCI_EVPN_Route_Policy export
peer 10.4.0.106 advertise-community
peer 10.4.0.106 router-mac-local
#
[LEAFVX-01] dis bgp l2vpn evpn peer 10.4.0.106 advertised-routes
Total number of routes: 258
We have created the route-policy DCI_EVPN-Route_policy, so that it only sends the requests with Rt 65500: 200256 (the automatically generated RT), but it has no effect:
route-policy DCI_EVPN_Route_Policy allow node 10
if-match extcommunity 10
#
route-policy DCI_EVPN_Route_Policy deny node 20
#
ip extcommunity-list 10 permit rt 65500: 200256
Verification of RT:
[LEAFVX-01] display bgp l2vpn evpn route-distinguisher 1: 200256 [3] [0] [32] [172.16.125.145] 80
BGP local router ID: 172.16.125.145
Local AS number: 65500
Route distinguisher: 1: 200256
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [3] [0] [32] [172.16.125.145] / 80:
Imported route.
Original nexthop: 0.0.0.0
OutLabel: NULL
Ext-Community: <RT: 65500: 200256>, <Encapsulation Type: VXLAN>
RxPathID: 0x0
TxPathID: 0x0
PMSI tunnel: Flag 0, TunnelType 6, Label 200256, EndPointAddress 0.0.0.0
AS-path: (null)
Origin: igp
Attribute value: MED 0, localpref 100, pref-val 32768
State: valid, local, best
IP precedence: N / A
Local QoS ID: N / A
Traffic index: N / A
EVPN route type: Inclusive multicast Ethernet tag route
Ethernet tag ID: 0
Origin address: 172.16.125.145/32
By doing a bgp peer show we see that it is applied:
[LEAFVX-01] dis bgp peer l2vpn evpn 10.4.0.106 verbose
Peer: 10.4.0.106 Local: 172.16.125.145
Type: IBGP link
Peer's description: "DCI-TEST"
BGP version 4, remote router ID 10.4.0.106
BGP current state: Established, Up for 08d04h13m01s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
Port: Local - 52813 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
Received: Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec
Peer optional capabilities:
Peer support BGP multi-protocol extended
Peer support BGP route refresh capability
Peer support BGP Graceful-Restart capability
Peer support BGP route AS4 capability
Graceful Restart Capability: advertised and received
Restart Timer Value of Peer: 120 seconds
Forwarding State preserved by Peer for following Address families:
Address family L2VPN EVPN: advertised and received
Address family L2VPN EVPN:
Additional-paths receive capability: received
InQ updates: 0, OutQ updates: 0
NLRI statistics:
Rcvd: UnReach NLRI 0, Reach NLRI 10
Sent: UnReach NLRI 42, Reach NLRI 300
Message statistics:
Msg type Last rcvd time / Current rcvd count / History rcvd count /
Last sent time Current sent count History sent count
Open 13: 18: 40-2018.10.30 1 25
13: 18: 40-2018.10.30 1 2780
Update 09: 30: 38-2018.11.6 11 937
16: 30: 40-2018.11.7 301 8612
Notification 14: 42: 25-2018.10.25 0 11
13: 18: 06-2018.10.30 0 11
Keepalive 17: 30: 52-2018.11.7 11773 19458
17: 31: 24-2018.11.7 14185 24235
RouteRefresh - 0 0
09: 30: 38-2018.11.6 4 7
Total - 11785 20431
- 14491 35645
Maximum allowed prefix number: 4294967295
Threshold: 75%
Minimum time between advertisements is 15 seconds
Optional capabilities:
Multi-protocol extended capability has been enabled
Route refresh capability has been enabled
Send community has been configured
Connect-interface has been configured
Peer preferred value: 0
Site-of-Origin: Not specified
Routing policy configured:
Do not import as-path-acl list
Do not export as-path-acl list
Do not import prefix list
No export prefix list
No import route policy
Export route policy is: DCI_EVPN_Route_Policy
No matter filter-policy
No export filter-policy
In the route-policy it does not give any option to filter the EVPN addresses and I have tried almost everything.
Do you have any idea how we could filter this?
Thanks in advance,
Kindly,
RMB
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2018 11:24 PM - edited 11-14-2018 11:25 PM
11-14-2018 11:24 PM - edited 11-14-2018 11:25 PM
Re: BGP EVPN routes can be filtered through border leaf?
Hi,
Have you tried to apply the policy under vpn instances of L3 VNI instead of under BGP ?
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] address-family evpn
[Sysname-vpn-evpn-vpn1] export route-policy poly-1
Else please check the below link page 26
check the topic : Configuring an L3 VXLAN ID for a VSI interface
i believe you need to apply on L3 VNI which is responsible to pass the route to different site.
Please let me know if my understanding is wrong.
I work for HPE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2018 01:58 AM
11-15-2018 01:58 AM
Re: BGP EVPN routes can be filtered through border leaf?
Many thanks for your comments bala5,
The idea was filter this routes between 2 sites connected by the same BGP AS (IBGP) without using L3 VXLAN VNI.
I was testing yesterday and looks like just filter this RD 65500:XXXX but leave this RD 1:XXXXX, and didn´t find the way to filter that (1:XXXX)
I am thinking in RR-FILTER (Nº extcommunity) inside "address-family l2vpn evpn"... maybe it works! pag 20 of the doc you attached. what do you think about?
Anyway I will try your solution!
Kindly,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2018 07:20 PM - edited 11-15-2018 07:32 PM
11-15-2018 07:20 PM - edited 11-15-2018 07:32 PM
Re: BGP EVPN routes can be filtered through border leaf?
Hi Martin,
Filtering at RR is good one but make sure broder leaf does not need that route.
Please try and let us know the result, if its not working out please log a case we will look into that.
Have a good day !
I work for HPE