Comware

 View Only

  • 1.  BGP EVPN routes can be filtered through border leaf?

    Posted Nov 10, 2018 04:33 AM

    Hi folks,

    I ask for your help because I am trying to filter EVPN routes through border leaf to another CPD but I am not able to find the solution...

    The EVPN addresses are synchronized and there is level 2 communication between the CPDs. The problem is that the borderleaf sends EVPN information of all the VSIs, and we only want it to send information of the VSIs that we want to extend. For example:

    bgp 65500

    graceful-restart

    graceful-restart timer restart 500

    graceful-restart timer wait-for-rib 500

    group SPINE internal

    peer SPINE connect-interface LoopBack0

    peer 10.4.0.106 as-number 65500

    peer 10.4.0.106 description DCI-TEST

     peer 10.4.0.106 connect-interface LoopBack1023

    peer 172.16.125.129 group SPINE

    peer 172.16.125.129 description SPINE03W-01

    peer 172.16.125.130 group SPINE

    peer 172.16.125.130 description SPINE04W-01

    #

    address-family ipv4 unicast

      default-route imported

    #

    address-family l2vpn evpn

      peer SPINE enable

      peer 10.4.0.106 enable

      peer 10.4.0.106 route-policy DCI_EVPN_Route_Policy export

      peer 10.4.0.106 advertise-community

      peer 10.4.0.106 router-mac-local

    #

      [LEAFVX-01] dis bgp l2vpn evpn peer 10.4.0.106 advertised-routes

    Total number of routes: 258

     

    We have created the route-policy DCI_EVPN-Route_policy, so that it only sends the requests with Rt 65500: 200256 (the automatically generated RT), but it has no effect:
     
    route-policy DCI_EVPN_Route_Policy allow node 10
    if-match extcommunity 10
    #
    route-policy DCI_EVPN_Route_Policy deny node 20
    #
    ip extcommunity-list 10 permit rt 65500: 200256
     
    Verification of RT:
    [LEAFVX-01] display bgp l2vpn evpn route-distinguisher 1: 200256 [3] [0] [32] [172.16.125.145] 80
     
    BGP local router ID: 172.16.125.145
    Local AS number: 65500
     
     
    Route distinguisher: 1: 200256
    Total number of routes: 1
    Paths: 1 available, 1 best
     
    BGP routing table information of [3] [0] [32] [172.16.125.145] / 80:
    Imported route.
     Original nexthop: 0.0.0.0
    OutLabel: NULL
    Ext-Community: <RT: 65500: 200256>, <Encapsulation Type: VXLAN>
    RxPathID: 0x0
     TxPathID: 0x0
     PMSI tunnel: Flag 0, TunnelType 6, Label 200256, EndPointAddress 0.0.0.0
    AS-path: (null)
    Origin: igp
    Attribute value: MED 0, localpref 100, pref-val 32768
    State: valid, local, best
     IP precedence: N / A
    Local QoS ID: N / A
    Traffic index: N / A
    EVPN route type: Inclusive multicast Ethernet tag route
    Ethernet tag ID: 0
    Origin address: 172.16.125.145/32
     
    By doing a bgp peer show we see that it is applied:
    [LEAFVX-01] dis bgp peer l2vpn evpn 10.4.0.106 verbose
     
            Peer: 10.4.0.106 Local: 172.16.125.145
            Type: IBGP link
            Peer's description: "DCI-TEST"
            BGP version 4, remote router ID 10.4.0.106
            BGP current state: Established, Up for 08d04h13m01s
            BGP current event: KATimerExpired
            BGP last state: OpenConfirm
            Port: Local - 52813 Remote - 179
            Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
            Received: Active Hold Time: 180 sec
            Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec
            Peer optional capabilities:
            Peer support BGP multi-protocol extended
            Peer support BGP route refresh capability
            Peer support BGP Graceful-Restart capability
            Peer support BGP route AS4 capability
            Graceful Restart Capability: advertised and received
                Restart Timer Value of Peer: 120 seconds
                Forwarding State preserved by Peer for following Address families:
            Address family L2VPN EVPN: advertised and received
            Address family L2VPN EVPN:
                Additional-paths receive capability: received
                   
     InQ updates: 0, OutQ updates: 0
    NLRI statistics:
            Rcvd: UnReach NLRI 0, Reach NLRI 10
            Sent: UnReach NLRI 42, Reach NLRI 300
     
    Message statistics:
    Msg type Last rcvd time / Current rcvd count / History rcvd count /
                  Last sent time Current sent count History sent count
    Open 13: 18: 40-2018.10.30 1 25
                  13: 18: 40-2018.10.30 1 2780
    Update 09: 30: 38-2018.11.6 11 937
                  16: 30: 40-2018.11.7 301 8612
    Notification 14: 42: 25-2018.10.25 0 11
                  13: 18: 06-2018.10.30 0 11
    Keepalive 17: 30: 52-2018.11.7 11773 19458
                  17: 31: 24-2018.11.7 14185 24235
    RouteRefresh - 0 0
                  09: 30: 38-2018.11.6 4 7
    Total - 11785 20431
                  - 14491 35645
     
    Maximum allowed prefix number: 4294967295
    Threshold: 75%
    Minimum time between advertisements is 15 seconds
    Optional capabilities:
      Multi-protocol extended capability has been enabled
      Route refresh capability has been enabled
    Send community has been configured
    Connect-interface has been configured
    Peer preferred value: 0
    Site-of-Origin: Not specified
    Routing policy configured:
    Do not import as-path-acl list
    Do not export as-path-acl list
    Do not import prefix list
    No export prefix list
    No import route policy
    Export route policy is: DCI_EVPN_Route_Policy
    No matter filter-policy
    No export filter-policy
     
    In the route-policy it does not give any option to filter the EVPN addresses and I have tried almost everything.

    Do you have any idea how we could filter this?

    Thanks in advance,

    Kindly,

    RMB

     


    #evpn
    #filter
    #vxlan


  • 2.  RE: BGP EVPN routes can be filtered through border leaf?

    Posted Nov 15, 2018 02:24 AM

    Hi,

    Have you tried to apply the policy under vpn instances of L3 VNI instead of under BGP ?

     

    <Sysname> system-view

    [Sysname] ip vpn-instance vpn1

    [Sysname-vpn-instance-vpn1] address-family evpn

    [Sysname-vpn-evpn-vpn1] export route-policy poly-1

     

    Else please check the below link page 26

    https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=1008910243&docLocale=en_US&docId=emr_na-a00037764en_us

    check the topic : Configuring an L3 VXLAN ID for a VSI interface 

    i believe you need to apply on L3 VNI which is responsible to pass the route to different site. 

    Please let me know if my understanding is wrong.



  • 3.  RE: BGP EVPN routes can be filtered through border leaf?

    Posted Nov 15, 2018 04:59 AM

    Many thanks for your comments bala5,

    The idea was filter this routes between 2 sites connected by the same BGP AS (IBGP) without using L3 VXLAN VNI.

    I was testing yesterday and looks like just filter this RD 65500:XXXX but leave this RD 1:XXXXX, and didn´t find the way to filter that (1:XXXX)

    I am thinking in RR-FILTER (Nº extcommunity) inside "address-family l2vpn evpn"... maybe it works! pag 20 of the doc you attached. what do you think about?

    Anyway I will try your solution!

    Kindly,



  • 4.  RE: BGP EVPN routes can be filtered through border leaf?

    Posted Nov 15, 2018 10:21 PM

    Hi Martin,

      Filtering at RR is good one but make sure broder leaf does not need that route. 

    Please try and let us know the result, if its not working out please log a case we will look into that.

    Have a good day !

     



Related Content