HPE Community
Comware Based
1752493 Members
5289 Online
108788 Solutions
New Discussion

Re: BGP EVPN routes can be filtered through border leaf?

 
Rmartin-pleiade
Occasional Collector

‎11-10-2018 01:33 AM

‎11-10-2018 01:33 AM

BGP EVPN routes can be filtered through border leaf?

Hi folks,

I ask for your help because I am trying to filter EVPN routes through border leaf to another CPD but I am not able to find the solution...

The EVPN addresses are synchronized and there is level 2 communication between the CPDs. The problem is that the borderleaf sends EVPN information of all the VSIs, and we only want it to send information of the VSIs that we want to extend. For example:

bgp 65500

graceful-restart

graceful-restart timer restart 500

graceful-restart timer wait-for-rib 500

group SPINE internal

peer SPINE connect-interface LoopBack0

peer 10.4.0.106 as-number 65500

peer 10.4.0.106 description DCI-TEST

 peer 10.4.0.106 connect-interface LoopBack1023

peer 172.16.125.129 group SPINE

peer 172.16.125.129 description SPINE03W-01

peer 172.16.125.130 group SPINE

peer 172.16.125.130 description SPINE04W-01

#

address-family ipv4 unicast

  default-route imported

#

address-family l2vpn evpn

  peer SPINE enable

  peer 10.4.0.106 enable

  peer 10.4.0.106 route-policy DCI_EVPN_Route_Policy export

  peer 10.4.0.106 advertise-community

  peer 10.4.0.106 router-mac-local

#

  [LEAFVX-01] dis bgp l2vpn evpn peer 10.4.0.106 advertised-routes

Total number of routes: 258

 

We have created the route-policy DCI_EVPN-Route_policy, so that it only sends the requests with Rt 65500: 200256 (the automatically generated RT), but it has no effect:
 
route-policy DCI_EVPN_Route_Policy allow node 10
if-match extcommunity 10
#
route-policy DCI_EVPN_Route_Policy deny node 20
#
ip extcommunity-list 10 permit rt 65500: 200256
 
Verification of RT:
[LEAFVX-01] display bgp l2vpn evpn route-distinguisher 1: 200256 [3] [0] [32] [172.16.125.145] 80
 
BGP local router ID: 172.16.125.145
Local AS number: 65500
 
 
Route distinguisher: 1: 200256
Total number of routes: 1
Paths: 1 available, 1 best
 
BGP routing table information of [3] [0] [32] [172.16.125.145] / 80:
Imported route.
 Original nexthop: 0.0.0.0
OutLabel: NULL
Ext-Community: <RT: 65500: 200256>, <Encapsulation Type: VXLAN>
RxPathID: 0x0
 TxPathID: 0x0
 PMSI tunnel: Flag 0, TunnelType 6, Label 200256, EndPointAddress 0.0.0.0
AS-path: (null)
Origin: igp
Attribute value: MED 0, localpref 100, pref-val 32768
State: valid, local, best
 IP precedence: N / A
Local QoS ID: N / A
Traffic index: N / A
EVPN route type: Inclusive multicast Ethernet tag route
Ethernet tag ID: 0
Origin address: 172.16.125.145/32
 
By doing a bgp peer show we see that it is applied:
[LEAFVX-01] dis bgp peer l2vpn evpn 10.4.0.106 verbose
 
        Peer: 10.4.0.106 Local: 172.16.125.145
        Type: IBGP link
        Peer's description: "DCI-TEST"
        BGP version 4, remote router ID 10.4.0.106
        BGP current state: Established, Up for 08d04h13m01s
        BGP current event: KATimerExpired
        BGP last state: OpenConfirm
        Port: Local - 52813 Remote - 179
        Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
        Received: Active Hold Time: 180 sec
        Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec
        Peer optional capabilities:
        Peer support BGP multi-protocol extended
        Peer support BGP route refresh capability
        Peer support BGP Graceful-Restart capability
        Peer support BGP route AS4 capability
        Graceful Restart Capability: advertised and received
            Restart Timer Value of Peer: 120 seconds
            Forwarding State preserved by Peer for following Address families:
        Address family L2VPN EVPN: advertised and received
        Address family L2VPN EVPN:
            Additional-paths receive capability: received
               
 InQ updates: 0, OutQ updates: 0
NLRI statistics:
        Rcvd: UnReach NLRI 0, Reach NLRI 10
        Sent: UnReach NLRI 42, Reach NLRI 300
 
Message statistics:
Msg type Last rcvd time / Current rcvd count / History rcvd count /
              Last sent time Current sent count History sent count
Open 13: 18: 40-2018.10.30 1 25
              13: 18: 40-2018.10.30 1 2780
Update 09: 30: 38-2018.11.6 11 937
              16: 30: 40-2018.11.7 301 8612
Notification 14: 42: 25-2018.10.25 0 11
              13: 18: 06-2018.10.30 0 11
Keepalive 17: 30: 52-2018.11.7 11773 19458
              17: 31: 24-2018.11.7 14185 24235
RouteRefresh - 0 0
              09: 30: 38-2018.11.6 4 7
Total - 11785 20431
              - 14491 35645
 
Maximum allowed prefix number: 4294967295
Threshold: 75%
Minimum time between advertisements is 15 seconds
Optional capabilities:
  Multi-protocol extended capability has been enabled
  Route refresh capability has been enabled
Send community has been configured
Connect-interface has been configured
Peer preferred value: 0
Site-of-Origin: Not specified
Routing policy configured:
Do not import as-path-acl list
Do not export as-path-acl list
Do not import prefix list
No export prefix list
No import route policy
Export route policy is: DCI_EVPN_Route_Policy
No matter filter-policy
No export filter-policy
 
In the route-policy it does not give any option to filter the EVPN addresses and I have tried almost everything.

Do you have any idea how we could filter this?

Thanks in advance,

Kindly,

RMB

 

0 Kudos
3 REPLIES 3
bala5
Frequent Advisor

‎11-14-2018 11:24 PM - edited ‎11-14-2018 11:25 PM

‎11-14-2018 11:24 PM - edited ‎11-14-2018 11:25 PM

Re: BGP EVPN routes can be filtered through border leaf?

Hi,

Have you tried to apply the policy under vpn instances of L3 VNI instead of under BGP ?

 

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family evpn

[Sysname-vpn-evpn-vpn1] export route-policy poly-1

 

Else please check the below link page 26

https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=1008910243&docLocale=en_US&docId=emr_na-a00037764en_us

check the topic : Configuring an L3 VXLAN ID for a VSI interface 

i believe you need to apply on L3 VNI which is responsible to pass the route to different site. 

Please let me know if my understanding is wrong.

Bala
I work for HPE

Accept or Kudo

Rmartin-pleiade
Occasional Collector

‎11-15-2018 01:58 AM

‎11-15-2018 01:58 AM

Re: BGP EVPN routes can be filtered through border leaf?

Many thanks for your comments bala5,

The idea was filter this routes between 2 sites connected by the same BGP AS (IBGP) without using L3 VXLAN VNI.

I was testing yesterday and looks like just filter this RD 65500:XXXX but leave this RD 1:XXXXX, and didn´t find the way to filter that (1:XXXX)

I am thinking in RR-FILTER (Nº extcommunity) inside "address-family l2vpn evpn"... maybe it works! pag 20 of the doc you attached. what do you think about?

Anyway I will try your solution!

Kindly,

0 Kudos
bala5
Frequent Advisor

‎11-15-2018 07:20 PM - edited ‎11-15-2018 07:32 PM

‎11-15-2018 07:20 PM - edited ‎11-15-2018 07:32 PM

Re: BGP EVPN routes can be filtered through border leaf?

Hi Martin,

  Filtering at RR is good one but make sure broder leaf does not need that route. 

Please try and let us know the result, if its not working out please log a case we will look into that.

Have a good day !

 

Bala
I work for HPE

Accept or Kudo

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.