Routing policies match on specific fields when EVPN routes are imported or exported. These matching fields (excluding route table evpn ip-prefix routes, unless explicitly mentioned), are:
communities, extended-communities, and large-communities
well-known communities (no-export | no-export-subconfed | no-advertise)
family EVPN
protocol BGP-VPN (this term also matches VPN-IPv4 and VPN-IPv6 routes)
prefix lists for routes type 2 when they contain an IP address, and for type 5
route tags that can be passed by EVPN to BGP from:
service>epipe/vpls>bgp-evpn>mpls/vxlan>default-route-tag (this route-tag can be matched on export only)
service>vpls>proxy-arp/nd>evpn-route-tag (this route tag can be matched on export only)
route table route-tags when exporting EVPN IP-prefix routes
EVPN type
BGP attributes that are applicable to EVPN routes (such as AS-path, local-preference, next-hop)
Additionally, the route tags can be used on export policies to match EVPN routes that belong to a service and BGP instance, routes that are created by the proxy-arp or proxy-nd application, or IP-Prefix routes that are added to the route table with a route tag.
EVPN can pass only one route tag to BGP to achieve matching on export policies. In case of a conflict, the default-route-tag has the least priority of the three potential tags added by EVPN.
For instance, if VPLS 10 is configured with proxy-arp>evpn-route-tag 20 and bgp-evpn>mpls>default-route-tag 10, all MAC/IP routes, which are generated by the proxy-arp application, uses route tag 20. Export policies can then use ‟from tag 20” to match all those routes. In this case, inclusive Multicast routes are matched by using ‟from tag 10”.