BGP and EVPN route selection for EVPN routes

When two or more EVPN routes are received at a PE, BGP route selection typically takes place when the route key or the routes are equal. When the route key is different, but the PE has to make a selection (for instance, the same MAC is advertised in two routes with different RDs), BGP hands over the routes to EVPN and the EVPN application performs the selection.

EVPN and BGP selection criteria are described below:

EVPN route selection for MAC routes

When two or more routes are received with the same mac-length/mac but different route key, BGP hands the routes over to EVPN. EVPN selects the route based on the following tiebreaking order:
1. Conditional static MACs (local protected MACs)
2. Auto-learned protected MACs (locally learned MACs on SAPs or mesh or spoke SDPs because of the configuration of auto-learn-mac-protect)
3. EVPN ES PBR MACs (see ES PBR MAC routes below)
4. EVPN static MACs (remote protected MACs)
5. Data plane learned MACs (regular learning on SAPs or SDP bindings) and EVPN MACs with higher SEQ numbers. Learned MACs and EVPN MACs are considered equal if they have the same SEQ number.
6. EVPN MACs with higher SEQ number
7. EVPN E-tree root MACs
8. EVPN non-RT-5 MACs (this tie-breaking rule is only observed if the selection algorithm is comparing received MAC routes and internal MAC routes derived from the MACs in IP-Prefix routes, for example, RT-5 MACs)
9. Lowest IP (next-hop IP of the EVPN NLRI)
10. Lowest Ethernet tag (that is zero for MPLS and may be different from zero for VXLAN)
11. Lowest RD
12. Lowest BGP instance (this tie-breaking rule is only considered if the above rules fail to select a unique MAC and the service has two BGP instances of the same encapsulation)
ES PBR MAC routes

When a PBR filter with a forward action to an ESI and SF-IP (Service Function IP) exists, a MAC route is created by the system. This MAC route is compared to other MAC routes received from BGP.
- When ARP resolves (it can be static, EVPN, or dynamic) for a SF-IP and the system has an AD EVI route for the ESI, a ‟MAC route” is created by ES PBR with the <MAC Address = ARPed MAC Address, VTEP = AD EVI VTEP, VNI = AD EVI VNI, RD = ES PBR RD (special RD), Static = 1> and installed in EVPN.
- This MAC route does not add anything (back) to ARP; however, it goes through the MAC route selection in EVPN and triggers the FDB addition if it is the best route.
- In terms of priority, this route's priority is lower than local static but higher than remote EVPN static (number 2 in the tiebreaking order above).
- If there are two competing ES PBR MAC routes, then the selection goes through the rest of checks (Lowest IP > Lowest RD).
EVPN route selection for IP-prefix and IPv6-prefix routes

See Route selection across EVPN-IFL and other owners in the VPRN service.
BGP route selection

The BGP route selection for MAC routes with the same route-key follows the following priority order:
1. EVPN static MACs (remote protected MACs).
2. EVPN MACs with higher sequence number.
3. Regular BGP selection (local-pref, aigp metric, shortest as-path, lowest IP).
Regular BGP selection is followed for the rest of the EVPN routes.

Note: In case BGP has to run an actual selection and a specified (otherwise valid) EVPN route 'loses' to another EVPN route, the non-selected route is displayed by the show router BGP routes evpn x detail command with a tie-breaker reason.

Note: Protected MACs do not overwrite EVPN static MACs; in other words, if a MAC is in the FDB and protected because being received with the sticky/static bit set in a BGP EVPN update and a frame is received with the source MAC on an object configured with auto-learn-mac-protect, that frame is dropped because of the implicit restrict-protected-src discard-frame. The reverse is not true; when a MAC is learned and protected using auto-learn-mac-protect, its information is not overwritten with the contents of a BGP update containing the same MAC address.