This section provides example configurations for filtering EVPN routes.
The following example shows how to filter EVPN type-2 routes and set the RMAC extended community as 52fc.c310.2e80.
-
The following output shows the routes in the EVPN table and a type-2 EVPN MAC route before the route map is applied.
leaf1(config)# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 12, Local Router ID is 1.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:32868 (L2VNI 101)
*>i[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/272
33.33.33.33 100 0 i
Route Distinguisher: 3.3.3.3:3
*>i[2]:[0]:[0]:[48]:[52fc.d83a.1b08]:[0]:[0.0.0.0]/216
33.33.33.33 100 0 i
*>i[5]:[0]:[0]:[24]:[101.0.0.0]/224
3.3.3.3 0 100 0 ?
Route Distinguisher: 3.3.3.3:32868
*>i[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/272
33.33.33.33 100 0 i
Route Distinguisher: 1.1.1.1:3 (L3VNI 100)
*>i[2]:[0]:[0]:[48]:[52fc.d83a.1b08]:[0]:[0.0.0.0]/216
33.33.33.33 100 0 i
*>i[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/272
33.33.33.33 100 0 i
*>l[5]:[0]:[0]:[24]:[10.0.0.0]/224
1.1.1.1 0 100 32768 ?
*>l[5]:[0]:[0]:[24]:[100.0.0.0]/224
1.1.1.1 0 100 32768 ?
*>i[5]:[0]:[0]:[24]:[101.0.0.0]/224
3.3.3.3 0 100 0 ?
leaf1(config)# show bgp l2vpn evpn aaaa.aaaa.aaaa
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 1.1.1.1:32868 (L2VNI 101)
BGP routing table entry for [2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/2
72, version 12
Paths: (1 available, best #1)
Flags: (0x000212) (high32 00000000) on xmit-list, is in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop, in rib
Imported from 3.3.3.3:32868:[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:
[101.0.0.3]/272
AS-Path: NONE, path sourced internal to AS
33.33.33.33 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin IGP, MED not set, localpref 100, weight 0
Received label 101 100
Extcommunity: RT:100:100 RT:100:101 SOO:33.33.33.33:0 ENCAP:8
Router MAC:52fc.d83a.1b08
Originator: 3.3.3.3 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 3.3.3.3:32868
BGP routing table entry for [2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/2
72, version 8
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 3 destination(s)
Imported paths list: vni100 default default
AS-Path: NONE, path sourced internal to AS
33.33.33.33 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin IGP, MED not set, localpref 100, weight 0
Received label 101 100
Extcommunity: RT:100:100 RT:100:101 SOO:33.33.33.33:0 ENCAP:8
Router MAC:52fc.d83a.1b08
Originator: 3.3.3.3 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 1.1.1.1:3 (L3VNI 100)
BGP routing table entry for [2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/2
72, version 11
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported from 3.3.3.3:32868:[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:
[101.0.0.3]/272
AS-Path: NONE, path sourced internal to AS
33.33.33.33 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin IGP, MED not set, localpref 100, weight 0
Received label 101 100
Extcommunity: RT:100:100 RT:100:101 SOO:33.33.33.33:0 ENCAP:8
Router MAC:52fc.d83a.1b08
Originator: 3.3.3.3 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
-
The following example shows the route-map configuration.
leaf1(config)# show run rpm
!Command: show running-config rpm
!Running configuration last done at: Thu Sep 3 22:32:23 2020
!Time: Thu Sep 3 22:32:31 2020
version 9.3(5) Bios:version
route-map FILTER_EVPN_TYPE2 permit 10
match evpn route-type 2
set extcommunity evpn rmac 52fc.c310.2e80
route-map allow permit 10
-
The following example shows how to apply the route map to the EVPN peer as an inbound route map.
leaf1(config-router-neighbor-af)# show run bgp
!Command: show running-config bgp
!Running configuration last done at: Mon Aug 3 18:08:24 2020
!Time: Mon Aug 3 18:08:28 2020
version 9.3(5) Bios:version
feature bgp
router bgp 100
event-history detail size large
neighbor 101.101.101.101
remote-as 100
update-source loopback0
address-family l2vpn evpn
send-community extended
route-map FILTER_EVPN_TYPE2 in
vrf vni100
address-family ipv4 unicast
advertise l2vpn evpn
redistribute direct route-map allow
-
The following output shows the routes in the EVPN table and a type-2 EVPN MAC route after the route map is applied.
leaf1(config)# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 19, Local Router ID is 1.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:32868 (L2VNI 101)
*>i[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/272
33.33.33.33 100 0 i
Route Distinguisher: 3.3.3.3:3
*>i[2]:[0]:[0]:[48]:[52fc.d83a.1b08]:[0]:[0.0.0.0]/216
33.33.33.33 100 0 i
Route Distinguisher: 3.3.3.3:32868
*>i[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/272
33.33.33.33 100 0 i
Route Distinguisher: 1.1.1.1:3 (L3VNI 100)
*>i[2]:[0]:[0]:[48]:[52fc.d83a.1b08]:[0]:[0.0.0.0]/216
33.33.33.33 100 0 i
*>i[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/272
33.33.33.33 100 0 i
*>l[5]:[0]:[0]:[24]:[10.0.0.0]/224
1.1.1.1 0 100 32768 ?
*>l[5]:[0]:[0]:[24]:[100.0.0.0]/224
1.1.1.1 0 100 32768 ?
leaf1(config)# show bgp l2vpn evpn aaaa.aaaa.aaaa
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 1.1.1.1:32868 (L2VNI 101)
BGP routing table entry for [2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/2
72, version 19
Paths: (1 available, best #1)
Flags: (0x000212) (high32 00000000) on xmit-list, is in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop, in rib
Imported from 3.3.3.3:32868:[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:
[101.0.0.3]/272
AS-Path: NONE, path sourced internal to AS
33.33.33.33 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin IGP, MED not set, localpref 100, weight 0
Received label 101 100
Extcommunity: RT:100:100 RT:100:101 SOO:33.33.33.33:0 ENCAP:8
Router MAC:52fc.c310.2e80
Originator: 3.3.3.3 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 3.3.3.3:32868
BGP routing table entry for [2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/2
72, version 15
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 3 destination(s)
Imported paths list: vni100 default default
AS-Path: NONE, path sourced internal to AS
33.33.33.33 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin IGP, MED not set, localpref 100, weight 0
Received label 101 100
Extcommunity: RT:100:100 RT:100:101 SOO:33.33.33.33:0 ENCAP:8
Router MAC:52fc.c310.2e80
Originator: 3.3.3.3 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 1.1.1.1:3 (L3VNI 100)
BGP routing table entry for [2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:[101.0.0.3]/2
72, version 18
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported from 3.3.3.3:32868:[2]:[0]:[0]:[48]:[aaaa.aaaa.aaaa]:[32]:
[101.0.0.3]/272
AS-Path: NONE, path sourced internal to AS
33.33.33.33 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin IGP, MED not set, localpref 100, weight 0
Received label 101 100
Extcommunity: RT:100:100 RT:100:101 SOO:33.33.33.33:0 ENCAP:8
Router MAC:52fc.c310.2e80
Originator: 3.3.3.3 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
In a similar manner, you can use the other EVPN-specific match and set clauses with existing route-map options to filter EVPN
routes as required.
The following example shows how EVPN route filtering can be used to redirect traffic to a different VTEP than the one from
which the EVPN route was learned. It involves setting the next-hop IP address and the RMAC of the route to the one corresponding
to the other VTEP.
-
Initially the best path to reach 11.11.11.11 is through 1.1.1.1:
bl1(config)# show bgp l2 e 11.11.11.11
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 1.1.1.1:3
BGP routing table entry for [5]:[0]:[0]:[32]:[11.11.11.11]/224, version 15
Paths: (1 available, best #1)
Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 2 destination(s)
Imported paths list: evpn-tenant-0002 default
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
1.1.1.1 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003002
Extcommunity: RT:1:3003002 ENCAP:8 Router MAC:5254.0074.caf5
Originator: 1.1.1.1 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 2.2.2.2:4
BGP routing table entry for [5]:[0]:[0]:[32]:[11.11.11.11]/224, version 79
Paths: (1 available, best #1)
Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 2 destination(s)
Imported paths list: evpn-tenant-0002 default
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
2.2.2.2 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003002
Extcommunity: RT:1:3003002 ENCAP:8 Router MAC:5254.0090.433e
Originator: 2.2.2.2 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 3.3.3.3:3 (L3VNI 3003002)
BGP routing table entry for [5]:[0]:[0]:[32]:[11.11.11.11]/224, version 80
Paths: (2 available, best #2)Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Path type: internal, path is valid, not best reason: Router Id, no labeled nexthop
Imported from 2.2.2.2:4:[5]:[0]:[0]:[32]:[11.11.11.11]/224
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
2.2.2.2 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003002
Extcommunity: RT:1:3003002 ENCAP:8 Router MAC:5254.0090.433e
Originator: 2.2.2.2 Cluster list: 101.101.101.101
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported from 1.1.1.1:3:[5]:[0]:[0]:[32]:[11.11.11.11]/224
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
1.1.1.1 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003002
Extcommunity: RT:1:3003002 ENCAP:8 Router MAC:5254.0074.caf5
Originator: 1.1.1.1 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 3.3.3.3:4 (L3VNI 3003003)
BGP routing table entry for [5]:[0]:[0]:[32]:[11.11.11.11]/224, version 24
Paths: (1 available, best #1)
Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn
Advertised path-id 1
Path type: local, path is valid, is best path, no labeled nexthop
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
3.3.3.3 (metric 0) from 0.0.0.0 (3.3.3.3)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003003
Extcommunity: RT:1:3003003 ENCAP:8 Router MAC:5254.006a.435b
Originator: 1.1.1.1 Cluster list: 101.101.101.101
Path-id 1 advertised to peers:
101.101.101.101
bl1(config)# show ip route 11.11.11.11
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
11.11.11.11/32, ubest/mbest: 1/0
*via 1.1.1.1, [200/0], 00:02:51, bgp-1, internal, tag 150 (evpn) segid: 3003
002 tunnelid: 0x1010101 encap: VXLAN
-
To redirect traffic to the other VTEP leaf-2, you can set the next hop and RMAC on the 11.11.11.11/32 route with a route-map
configuration.
bl1(config-route-map)# show run rpm
Command: show running-config rpm
!Running configuration last done at: Wed Mar 27 00:12:14 2019
!Time: Wed Mar 27 00:12:17 2019
version 9.2(3) Bios:version
ip prefix-list PFX_LIST1_1 seq 5 permit 11.11.11.11/32
route-map TEST_SET_IP_NEXTHOP permit 10
match ip address prefix-list PFX_LIST1_1
set ip next-hop 2.2.2.2
set extcommunity evpn rmac 5254.0090.433e
-
After applying the route map at the inbound level at BL1, the following are the route outputs for route 11.11.11.11/32.
bl1(config-router-neighbor-af)# show bgp l2 e 11.11.11.11
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 1.1.1.1:3
BGP routing table entry for [5]:[0]:[0]:[32]:[11.11.11.11]/224, version 81
Paths: (1 available, best #1)
Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 2 destination(s)
Imported paths list: evpn-tenant-0002 default
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
2.2.2.2 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003002
Extcommunity: RT:1:3003002 ENCAP:8 Router MAC:5254.0090.433e
Originator: 1.1.1.1 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 2.2.2.2:4
BGP routing table entry for [5]:[0]:[0]:[32]:[11.11.11.11]/224, version 79
Paths: (1 available, best #1)
Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 2 destination(s)
Imported paths list: evpn-tenant-0002 default
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
2.2.2.2 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003002
Extcommunity: RT:1:3003002 ENCAP:8 Router MAC:5254.0090.433e
Originator: 2.2.2.2 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 3.3.3.3:3 (L3VNI 3003002)
BGP routing table entry for [5]:[0]:[0]:[32]:[11.11.11.11]/224, version 82
Paths: (2 available, best #2)
Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Path type: internal, path is valid, not best reason: Router Id, no labeled nexthop
Imported from 2.2.2.2:4:[5]:[0]:[0]:[32]:[11.11.11.11]/224
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
2.2.2.2 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003002
Extcommunity: RT:1:3003002 ENCAP:8 Router MAC:5254.0090.433e
Originator: 2.2.2.2 Cluster list: 101.101.101.101
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported from 1.1.1.1:3:[5]:[0]:[0]:[32]:[11.11.11.11]/224
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
2.2.2.2 (metric 81) from 101.101.101.101 (101.101.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003002
Extcommunity: RT:1:3003002 ENCAP:8 Router MAC:5254.0090.433e
Originator: 1.1.1.1 Cluster list: 101.101.101.101
Path-id 1 not advertised to any peer
Route Distinguisher: 3.3.3.3:4 (L3VNI 3003003)
BGP routing table entry for [5]:[0]:[0]:[32]:[11.11.11.11]/224, version 24
Paths: (1 available, best #1)
Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn
Advertised path-id 1
Path type: local, path is valid, is best path, no labeled nexthop
Gateway IP: 0.0.0.0
AS-Path: 150 , path sourced external to AS
3.3.3.3 (metric 0) from 0.0.0.0 (3.3.3.3)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 3003003
Extcommunity: RT:1:3003003 ENCAP:8 Router MAC:5254.006a.435b
Originator: 1.1.1.1 Cluster list: 101.101.101.101
Path-id 1 advertised to peers:
101.101.101.101
bl1(config-router-neighbor-af)# show ip route 11.11.11.11
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
11.11.11.11/32, ubest/mbest: 1/0
*via 2.2.2.2, [200/0], 00:02:37, bgp-1, internal, tag 150 (evpn) segid: 3003
002 tunnelid: 0x2020202 encap: VXLAN
After the next hop and RMAC value are set using the route map, the traffic that was earlier directed through 1.1.1.1 is now
directed through 2.2.2.2.