Hello, Consider the following evpn topology:
PE3 | CE1 — PE1 — (ae2) -- PE2 — CE2 CE1 = 10.0.0.2/24 CE2 = 10.0.0.3/24 PE1 and PE2 both have a evpn routing-instance configured. Both have the same ip-adress configured on the irb (default gw) and same mac-address. Traffic towards CE2 flows via PE3 -> PE1 -> PE2 -> CE2 PE1 has a evpn route towards CE2: PE1# 10.0.0.3/32 *[EVPN/7] 1d 23:14:48 > to 10.10.10.2 via ae2.0, Push 301472 The prefix for CE2 on PE2: PE2# 10.0.0.3/32 *[EVPN/7] 1d 23:14:50 > via irb.100 The IRB interface on PE2 has a output filter set interfaces irb unit 100 family inet filter output COUNT-AND-ACCEPT filter COUNT-AND-ACCEPT term count-and-accept then count COUNT-AND-ACCEPT then accept The filter is not matching packets, it seems that packets entering via an EVPN route from PE1, bypass the IRB output filter on PE2 (no filter lookup) All evpn routes reside in inet.0, no separate l3-vpn vrf. Any insight is appreciated. Thanks, Bob _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp