I was reading through this example on Juniper's EVPN/VXLAN documentation and I can't understand why I need two different Route-Distinguishers and Route-Targets.
The RD & RT in the VRF instance is needed to distinguish between the VPNs.
[edit]
user@switch# set routing-instances VRF_1 instance-type vrf
user@switch# set routing-instances VRF_1 interface irb.1
user@switch# set routing-instances VRF_1 interface irb.2
user@switch# set routing-instances VRF_1 interface lo0.1
user@switch# set routing-instances VRF_1 route-distinguisher 192.168.0.11:1
user@switch# set routing-instances VRF_1 vrf-target target:1:1
But why do I need another RD & RT in the EVPN instance? Wouldn't the RD & RT defined above differentiate between the VPNs?
[edit]
user@switch# set switch-options vtep-source-interface lo0.0
user@switch# set switch-options route-distinguisher 192.168.0.11:5000
user@switch# set switch-options vrf-import LEAF-IN
user@switch# set switch-options vrf-import vrf-1-to-200
user@switch# set switch-options vrf-target target:9999:9999
Best Answer
I'll try to help where I can. I know next to nothing about Juniper, but the theory should be the same. Implementation should be the only difference.
So let's start with RD's. Each tenant has one VRF. Each VRF has a single Route Distinguisher.
If you're not familiar with RD's, they are a way to mark routes in the BGP database, to keep them unique. More information here: https://networkdirection.net/Leaking+Routes+with+MP-BGP
Sorry if I'm covering stuff you already know.. Please bear with me.
VRF's and RD's are local to each router. Route Targets however, are 'tags' that are used when sharing prefixes with neighbours. We 'export' prefixes (apply a tag to them) and 'import' learned prefixes into VRF's, if they have a particular tag set.
Now, back to your question.
It looks like the Juniper config is setting an RD and RT's on the VRF, and then another set of values in EVPN.
In the Cisco world, I use commands like 'rd auto' on both VRF and EVPN. This hides what you're seeing here.
To my understanding, it is because we're using BGP to carry layer-3 information (VRF) and layer-2 information (EVPN).
Consider this example. A tenant uses L3VNI 900003 (this is the VRF), and L2VNI 10572 (a layer-2 VNI).
Look at this output:
This shows that the L3VNI uses a different RD than the L2VNI.
The most confusing thing, in my opinion, is that BGP carries L3 and L2 information. They are separate, as they are different address families with different RD's, yet not-separate, as they are part of the same tenant.
I know it's a big read, and thanks for bearing with me.
I hope this makes sense. Let me know if you have further questions.