| Policy Tool      | Used For                 | | ---------------- | ------------------------ | | Prefix-list      | Fast prefix filtering    | | Route-map        | Conditional policy logic | | ACL              | Legacy filtering         | | BGP Community    | Route tagging            | | AS-Path filter   | Loop & transit control   | | Route tag        | Redistribution safety    | | PBR              | Traffic steering         | | Distribute-list  | Basic filtering          | | Policy-statement | Modern policy framework  | | RPKI             | Route security           | ...

  RD- VTEP-IP:EVI instance ID RT- ASNNUMVER: VNI-ID Ex: for vlan based EVPN model VRF  VLAN  VNI    RD RT VRF-1    10     10100 10.1.1.11:10100    65001:10100 VRF-1 20 10200   10.1.1.11:10200 65001:10200 VRF-1 30 10300 10.1.1.11:10300 65001:10300 VRF-2 40 10400 10.1.1.11:10400 65001:10400 VRF-2 50 10500 10.1.1.11:10500 65001:10500 VRF-2 60 10600 10.1.1.11:10600 65001:10600

  Case-1: Traffic Egress from dual homed end-host  1.It may land on DF or non-DF based on hashing algorithm 2. For traffic from end-host to EVPN core DF,non-DF will not play any role 3. in case BUM lands on Leaf-1 it should flood to all the VTEPs participating on that vlan(vlan-10 in this case) 4.It may use head-end replication or underlay multicast (PIM) 5.all other VTEPS receive the BUM traffic (including Leaf-2 in this case) 6.reason for Leaf-2 to receive this - there should be other hosts on the same vlan (host-2) 7.now leaf-2 apply split-horizon rule. check the source VTEP ip and get to know its part of same ESI. and it wont forward to ESI-10 interface 8.But it can still forward to Host-2 Case-2: Traffic Ingress for dual-home server 1.Host-3 sends BUM traffic 2.Either head-end replication or underlay multicast 3.only DF will forward to the ESI segment 

  Transport-level keepalive NETCONF over SSH (most common)  Uses SSH keepalive NETCONF over TLS  Uses TLS keepalive / TCP keepalive NETCONF over TCP  Relies on TCP keepalive Application-level “soft keepalive” (common practice)**Although not mandated, many clients periodically send lightweight RPCs : Hello-Message Exchange 'Capabilities' base:1.0 base:1.1 candidate -Enables candidate → commit workflow, Safer than editing running directly writable-running -Allows editing running directly confirmed-commit   - Auto-rollback if device becomes unreachable rollback-on-error  - Roll back changes if any error occurs in <edit-config> lock  -Prevents concurrent config edits xpath  - Filtering & Query Critical for large YANG models notification - Enables event subscriptions validate - Validate config before commit 1️.Standard NETCONF Datastores (RFC 6241) These are the core datastores defined by NETCONF. 🔹 running Active configura...

 root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep suse ems               edgecloud-suse-adapter-58f584bbd7-h96nf                           1/1     Running     0             27m   10.233.67.198    ems203-w1   <none>           <none> ems               edgecloud-suse-adapter-58f584bbd7-q9p52                           1/1     Running     0             28m   10.233.98.86     ems203-w7   <none>           <none> ems               edgecloud-sus...

  root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep ems203-w2 ems               edgecloud-suse-adapter-df5d6d78b-m5zc2                            1/1     Running     0             13m     10.233.101.222   ems203-w2   <none>           <none> ems               ems-a10nsp-accounting-89c69b796-rpb9k                             1/1     Running     0             4m28s   10.233.101.224   ems203-w2   <none>           <none> root@ems203-w2:/home/labadmin# ip r default via 172.27.7...