MPLS VPN VRF Export Map

When you use the route-target export command for a VRF, it adds the same route-target to all VPN routes. With an export map, you can use the power of a route-map to decide which VPN routes should get exported and what route-targets to use.

Let’s look at an example. Consider the following topology:

Mpls Vpn Pe Ce Two Loopbacks

We have a simple MPLS VPN PE CE topology with a single customer that has two sites. Each site has a router with two loopback interfaces. Take a look at the VRF configuration of PE1 and PE2:

PE1#show running-config | begin ip vrf  
ip vrf CUSTOMER
 rd 1:1
 route-target export 1:1
 route-target import 2:2
PE2#show running-config | begin ip vrf 
ip vrf CUSTOMER
 rd 1:1
 route-target export 2:2
 route-target import 1:1

VPN routes on PE1 are exported with RT 1:1 and PE2 exports its VPN routes with RT 2:2.

With the route-target export command, all VPN routes are exported. There is no way to filter anything. This means that CE1 and CE2 will learn about each other’s routes that they advertise:

CE1#show ip route ospf

      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/3] via 192.168.12.2, 00:09:03, GigabitEthernet0/1
      55.0.0.0/32 is subnetted, 1 subnets
O IA     55.55.55.55 [110/3] via 192.168.12.2, 00:00:02, GigabitEthernet0/1
O IA  192.168.45.0/24 [110/2] via 192.168.12.2, 00:09:03, GigabitEthernet0/1
CE2#show ip route ospf

      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/3] via 192.168.45.4, 00:09:31, GigabitEthernet0/1
      11.0.0.0/32 is subnetted, 1 subnets
O IA     11.11.11.11 [110/3] via 192.168.45.4, 00:00:45, GigabitEthernet0/1
O IA  192.168.12.0/24 [110/2] via 192.168.45.4, 00:09:31, GigabitEthernet0/1

We can see the RT that was added. For example, here’s PE1:

PE1#show ip bgp vpnv4 all 1.1.1.1/32 | include Extended
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000020200
PE1#show ip bgp vpnv4 all 11.11.11.11/32 | include Extended
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000020200
PE1#show ip bgp vpnv4 all 192.168.12.0/24 | include Extended
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000020200

What if I want to filter some of these VPN routes? Or use a different route-target for some of them? That’s what we have export maps for…

Configuration

I will use the topology from above to demonstrate the export map. If you want to follow along, you can use my configurations:

Configurations

Want to take a look for yourself? Here you will find the configuration of each device.

CE1

hostname CE1
!
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip address 11.11.11.11 255.255.255.255
!
interface GigabitEthernet0/1
 ip address 192.168.12.1 255.255.255.0
!
router ospf 1
 network 1.1.1.1 0.0.0.0 area 0
 network 11.11.11.11 0.0.0.0 area 0
 network 192.168.12.0 0.0.0.255 area 0
!
end

CE2

hostname CE2
!
ip cef
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 55.55.55.55 255.255.255.255
!
interface GigabitEthernet0/1
 ip address 192.168.45.5 255.255.255.0
!
router ospf 1
 network 5.5.5.5 0.0.0.0 area 0
 network 55.55.55.55 0.0.0.0 area 0
 network 192.168.45.0 0.0.0.255 area 0
!
end

P

hostname P
!
ip cef
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/1
 ip address 192.168.23.3 255.255.255.0
 mpls ip
!
interface GigabitEthernet0/2
 ip address 192.168.34.3 255.255.255.0
 mpls ip
!
router ospf 1
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.23.0 0.0.0.255 area 0
 network 192.168.34.0 0.0.0.255 area 0
!
end

PE1

hostname PE1
!
ip vrf CUSTOMER
 rd 1:1
 route-target export 1:1
 route-target import 2:2
!
ip cef
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/1
 ip vrf forwarding CUSTOMER
 ip address 192.168.12.2 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.23.2 255.255.255.0
!
router ospf 2 vrf CUSTOMER
 redistribute bgp 234 subnets
 network 192.168.12.0 0.0.0.255 area 0
!
router ospf 1
 mpls ldp autoconfig
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.23.0 0.0.0.255 area 0
!
router bgp 234
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 234
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family ipv4
  no neighbor 4.4.4.4 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  redistribute ospf 2
 exit-address-family
!
end

PE2

hostname PE2
!
ip vrf CUSTOMER
 rd 1:1
 route-target export 2:2
 route-target import 1:1
!
ip cef
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface GigabitEthernet0/1
 ip vrf forwarding CUSTOMER
 ip address 192.168.45.4 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.34.4 255.255.255.0
!
router ospf 2 vrf CUSTOMER
 redistribute bgp 234 subnets
 network 192.168.45.0 0.0.0.255 area 0
!
router ospf 1
 mpls ldp autoconfig
 network 4.4.4.4 0.0.0.0 area 0
 network 192.168.34.0 0.0.0.255 area 0
!
router bgp 234
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 234
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  no neighbor 2.2.2.2 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  redistribute ospf 2
 exit-address-family
!
end

Empty Export Map

Let’s start with a simple example. I will create a new route-map that permits everything and sets the route-target to 3:3:

PE1(config)#route-map EXPORT_MAP permit 10
PE1(config-route-map)#set extcommunity rt 3:3

You activate it under the VRF configuration with the export map command:

PE1(config)#ip vrf CUSTOMER
PE1(config-vrf)#export map EXPORT_MAP

Let’s look at the result:

PE1#show ip bgp vpnv4 all 1.1.1.1/32 | include Extended    
      Extended Community: RT:3:3 OSPF DOMAIN ID:0x0005:0x000000020200
PE1#show ip bgp vpnv4 all 11.11.11.11/32 | include Extended
      Extended Community: RT:3:3 OSPF DOMAIN ID:0x0005:0x000000020200
PE1#show ip bgp vpnv4 all 192.168.12.0/24 | include Extended
      Extended Community: RT:3:3 OSPF DOMAIN ID:0x0005:0x000000020200

As you can see above, it overwrites the RT that is set with the route-target export command. All routes now have an RT of 3:3.

Export Map with Prefix-list

The output we just saw might not be what we are looking for. Let’s try something else. What if we only want to set the RT to 3:3 for the 1.1.1.1/32 prefix from CE1?

We can do this with an access-list or prefix-list. I’ll use a prefix-list:

PE1(config)#ip prefix-list CE1_L0 permit 1.1.1.1/32
PE1(config)#route-map EXPORT_MAP permit 10
PE1(config-route-map)#match ip address prefix-list CE1_L0

Here’s what the VPN routes now look like on PE1:

PE1#show ip bgp vpnv4 all 1.1.1.1/32 | include Extended
      Extended Community: RT:3:3 OSPF DOMAIN ID:0x0005:0x000000020200
PE1#show ip bgp vpnv4 all 11.11.11.11/32 | include Extended
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000020200
PE1#show ip bgp vpnv4 all 192.168.12.0/24 | include Extended
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000020200

This is looking better. 1.1.1.1/32 has the RT of 3:3 and all other VPN routes still have RT 1:1 that was set with the route-target export command.

Because of the new RT, CE2 no longer has 1.1.1.1/32:

CE2#show ip route 1.1.1.1 
% Network not in table

If we want CE2 to have this route, we’ll have to import the new RT on PE2:

PE2(config)#ip vrf CUSTOMER
PE2(config-vrf)#route-target import 3:3

Now it’s back:

CE2#show ip route 1.1.1.1
Routing entry for 1.1.1.1/32
  Known via "ospf 1", distance 110, metric 3, type inter area
  Last update from 192.168.45.4 on GigabitEthernet0/1, 00:00:21 ago
  Routing Descriptor Blocks:
  * 192.168.45.4, from 192.168.45.4, 00:00:21 ago, via GigabitEthernet0/1
      Route metric is 3, traffic share count is 1

Export Map Additive

In the previous two examples, the export map has overwritten our RT. It’s also possible to add an additional RT. You only have to add the additive parameter in your route-map:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

515 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Hi Alfredo,

    Are your London and Italy sites only advertising their own prefixes?

    If you want your users from CE2 to be able to reach London in case CE-1 is down then you should advertise the prefixes from London from OSPF into BGP on Italy so that CE3 can learn them. You could use conditional advertising or use some of the BGP attributes so that this path is not preferred as long as CE-1 is up and running.

    Rene

  2. Hi Rene,

    I tried to redistributed the route into the OSPF in CE1 router, and the PE1 did received the route as E2 route. But the other PE2 not received the VPNV4 route from PE1 and also can not advertised it to CE2. Any idea how to fix this?

    Davis

  3. Hi Davis,

    There’s a lot of things that could be wrong. Here’s a simple checklist you can use:

    Here’s what you should check and in what order:

    1. Make sure your PE/P routers have established LDP neighbor adjacencies using loopback interfaces as the transport addresses.

    2. Make sure the VRF is created on both PE routers.

    3. Make sure you use the correct RD for each VRF.

    4. Make sure you have the correct import/export route-targets.

    5. Check if you see routes in the VRF routing table on the PE routers.

    6. Check if you have an IBGP neighbor adjacency between the PE route

    ... Continue reading in our forum

  4. On CE routers why can’t I see MPLS label in traceroute result?

    CE1#trace 5.5.5.5
    
    Type escape sequence to abort.
    Tracing the route to 5.5.5.5
    
      1 192.168.12.2 8 msec 16 msec 20 msec
      2 192.168.23.3 36 msec 52 msec 64 msec
      3 192.168.45.4 28 msec 24 msec 40 msec
      4 192.168.45.5 64 msec 68 msec 64 msec

  5. Hello Andrew

    The OSPF domain ID is used as a BGP Extended Community Attribute. It’s primary use is indeed with MPLS VPNs. I am not familiar with any other uses of this particular attribute.

    I hope this has been helpful!

    Laz

45 more replies! Ask a question or join the discussion by visiting our Community Forum