Configuring an EVPN Route-Policy

An EVPN route-policy can be configured to control EVPN route receiving and advertisement.

Context

An EVPN route-policy is used to match specified EVPN route information or some attributes in EVPN route information and to change these attributes as required. In addition, an EVPN route-policy can be deployed to control the routing table size, thereby conserving system resources.

A route-policy can consist of multiple nodes, and each node can comprise the following clauses:

if-match clause

Defines the matching rules that EVPN routes meet. The matching objects are some attributes of the EVPN routes.
apply clause

Specifies actions. Specifically, configuration commands are run after a route satisfies the matching rules specified by the if-match clauses. The apply clauses can change some attributes of EVPN routes.

After a route-policy is created, apply the route-policy to EVPN or L3VPN to make it take effect.

Procedure

Create a route-policy.
1. Run system-view
  The system view is displayed.
2. Run route-policy route-policy-name { permit | deny } node node
  A route-policy node is created, and the route-policy view is displayed.
3. Run commit
  The configuration is committed.

Configure filter criteria (if-match clause).

Filter Criteria	Configuration Procedure
Filtering by VNI	Run the system-view command to enter the system view. Run the filter-list vni vni-list-name command to create a VNI list and enter its view. Run the vni vni-id command to configure a VNI ID. Run the quit command to return to the system view. Run the route-policy route-policy-name { permit \| deny } node node to enter the route-policy view. Configure matching rules based on VNI lists: Run the if-match l2vni [ l2vni-name ] command to configure a matching rule based on a Layer 2 VNI list. Run the if-match l3vni [ l3vni-name ] command to configure a matching rule based on a Layer 3 VNI list. Run the commit command to commit the configuration.
Filtering by MPLS label	Run the system-view command to enter the system view. Run the route-policy route-policy-name { permit \| deny } node node to enter the route-policy view. Run the if-match { mpls-label \| mpls-label2 } ^* command to configure a matching rule based on an MPLS label. Run the commit command to commit the configuration.
Filtering by route type	Run the system-view command to enter the system view. Run the route-policy route-policy-name { permit \| deny } node node to enter the route-policy view. Run the if-match route-type evpn { ad \| es \| inclusive \| join \| leave \| mac \| prefix \| smet } ^* command to configure a matching rule based on a route type. Run the commit command to commit the configuration.
Filtering by Ethernet tag	Run the system-view command to enter the system view. Run the filter-list eth-tag eth-tag-list command to create an Ethernet tag list. Run the eth-tag ethtag-value command to configure an Ethernet tag of the Ethernet tag list. Run the quit command to return to the system view. Run the route-policy route-policy-name { permit \| deny } node node to enter the route-policy view. Run the if-match eth-tag-list eth-tag-list-name command to configure a matching rule based on the Ethernet tag. Run the commit command to commit the configuration.
Filtering by MAC address	Run the system-view command to enter the system view. Run the filter-list mac mac-list-name command to create a MAC address list. Run the mac mac-address command to configure MAC addresses in the MAC address list. Run the quit command to return to the system view. Run the route-policy route-policy-name { permit \| deny } node node to enter the route-policy view. Run the if-match mac-list mac-list-name command to configure a matching rule based on the MAC address list. Run the commit command to commit the configuration.
Filtering by encapsulation extended community attribute	Run the system-view command to enter the system view. Configure a filter for encapsulation extended community attributes. Run the ip extcommunity-list encapsulation basic encapsulation-name [ index index-value ] { permit \| deny } { encap-value } & <1-16> command to create a filter for basic encapsulation extended community attributes. Run the ip extcommunity-list encapsulation advanced encapsulation-name [ index index-value ] { permit \| deny } encap-value regular command to create a filter for advanced encapsulation extended community attributes. NOTE: In an EVPN VXLAN scenario, EVPN routes carry the VXLAN-encapsulated extended community attributes. You can set encap-value to 0:8 to filter the EVPN routes in this scenario. In an EVPN MPLS scenario, a device may receive EVPN routes that carry MPLS-encapsulated extended community attributes. To filter these EVPN routes, set encap-value to 0:10. Run the route-policy route-policy-name { permit \| deny } node node to enter the route-policy view. Run the if-match extcommunity-list encapsulation encapsulation-name command to configure a matching rule based on the extended community attribute filter. Run the commit command to commit the configuration.

Configure an apply clause.
(Optional) Configuring an apply Clause helps you add or modify the attributes of EVPN routes.

Apply a route-policy.

Usage Scenario	Configuration Procedure
Control route receiving and advertisement between BGP EVPN peers.	Run the system-view command to enter the system view. Run the bgp { as-number-plain \| as-number-dot } command to enter the BGP view. Run the l2vpn-family evpn command to enter the BGP-EVPN address family view. Run the peer { group-name \| ipv4-address } route-policy route-policy-name { import \| export } command to configure a route-policy for the routes received from the BGP EVPN peer (group) or advertised to the BGP EVPN peer (group). Run the commit command to commit the configuration.
Control the routes sent by an EVPN instance through EVPN or the routes received by an EVPN instance through BGP EVPN.	Run the system-view command to enter the system view. Enter the EVPN instance view. Run the evpn vpn-instance vpn-instance-name vpws command to create a VPWS EVPN instance and enter the VPWS EVPN instance view. Run the evpn vpn-instance vpn-instance-name bd-mode command to create a BD EVPN instance and enter the BD EVPN instance view. Run the route-distinguisher route-distinguisher command to set an RD for the EVPN instance Run the import route-policy policy-name command to associate the EVPN instance with an import route-policy and apply the route-policy to the routes imported to the EVPN instance. Run the export route-policy policy-name command to associate the EVPN instance with an export route-policy and apply the route-policy to the routes exported from the EVPN instance. Run the commit command to commit the configuration.
Control the routes sent by an L3VPN instance through EVPN or the routes received by an L3VPN instance through BGP EVPN.	Run the system-view command to enter the system view. Run the ip vpn-instance vpn-instance-name command to create a VPN instance and enter the view of this VPN instance. Run the ipv4-family or ipv6-family command to enter the IPv4 or IPv6 address family view of the VPN instance. Run the route-distinguisher route-distinguisher command to set an RD for the VPN instance. Run the import route-policy policy-name evpn command to associate the IPv6 address family of the VPN instance with an import route-policy to filter the IPv6 address family routes imported from the VPN instance through EVPN. Run the export route-policy policy-name evpn command to associate the IPv6 address family of the VPN instance with an export route-policy to filter the IPv6 address family routes that are exported from the VPN instance and advertised to EVPN. Run the commit command to commit the configuration.

Result

Run the display bgp evpn all routing-table command to check the EVPN route information after the EVPN route-policy is applied.
Run the display ip routing-table vpn-instance vpn-instance-name or display ipv6 routing-table vpn-instance vpn-instance-name command to check the VPN IP route information after the EVPN route-policy is applied.