• EVPN routes are not being imported into the NSX Tier-0 VRF routing table despite BGP peering sessions being established
• VRF experiences connectivity issues with missing default routes or specific network prefixes
• BGP EVPN routes are received from external peers but fail to appear in the VRF forwarding table
• Error messages may indicate route target community mismatches during route import process

Steps to validate:

• Check if routes are received but not imported: get bgp l2vpn evpn
• Verify VRF routing table for missing routes: vrf <vrf-id> then get route
• Check BGP session status: get bgp neighbor summary

VMware NSX

Route Target (RT) mismatch between the external BGP peer's export configuration and NSX Tier-0 VRF import configuration. EVPN routes are imported into VRFs based on matching Route Target extended communities. When the RT value exported by the external BGP peer does not match the RT value configured for import on the NSX Tier-0 VRF, routes are received via BGP but discarded during the import process.

1. Verify BGP neighbor and session status 
   • Check BGP peering status: get bgp neighbor summary
   • Confirm neighbor state shows Established for the relevant peer
   • Check EVPN route filters: get bgp l2vpn evpn route-filter
2. Isolate the Route Target mismatch
   • View received EVPN routes and their Route Target communities: get bgp l2vpn evpn
   • Note the Route-Target values in the BGP update messages
   • Check VRF routing table: vrf <vrf-id> then get route
   • Confirm the expected routes are missing from the forwarding table
3. Compare Route Target configurations External router verification:
   • Check the BGP configuration for the VRF and l2vpn evpn address family
   • Verify the route-target export value configured on the physical device
   NSX Tier-0 VRF verification:
   • In NSX Policy Manager, navigate to the Tier-0 Gateway configuration
   • Review the specific VRF's EVPN settings
   • Check the Route Target Import value
4. Correct the Route Target mismatch
   Option A - Update external router configuration:
   • Modify the route-target export command on the external BGP peer
   • Ensure the export RT matches the import RT configured in NSX
   Option B - Update NSX import configuration:
   • Modify the Route Target Import setting in the NSX Tier-0 VRF
   • Ensure the import RT matches the export RT from the external router
5. Validate the resolution
   • Verify routes are imported into the VRF: vrf <vrf-id> then get route
   • Test end-to-end connectivity between NSX segments and external networks using ping or traceroute

If the error persists after following these steps, contact Broadcom Support for further assistance.

Please provide the following information when opening a support request:

• NSX support bundle from affected Tier-0 Gateway
• BGP configuration from external peer device
• Output of get bgp l2vpn evpn command
• VRF routing table output before and after configuration changes

• Overview of BGP EVPN
• Creating and managing Broadcom support cases
• Uploading files to cases on the Broadcom Support Portal