Let's assume that I have fully working VXLAN fabric based on n9k switches and legacy network based on another switches. What are best practices of interconnecting them if I need only L3 connectivity between VXLAN and legacy networks? For simplicity let's take into consideration that legacy network supports BGP. One thing I am afraid about is how to prevent EVPN-generated host routes (/32 or /128) to leak to legacy network.
Config guide says that I should filter such routes based on prefix lengts https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/92x/vxlan-92x/configuration/guide/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-92x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_9x_chapter_0101.html#id_9...
But what if there are some /32 routes which are not generated by EVPN, but by some others things/redistributed from somewhere.
Maybe there are some other pitfalls which I do not know yet?
Those other host routes you need advertised - either permit them via prefix-list in route-map ahead of overall /32 deny, or add something like aggregate-address 10.x.x.x/24 summary-only that those host routes are a part of. Lots of options to handle this with BGP.