route-target import & export

D@1984 · ‎12-17-2024

Hi,

I'm studying for ENARSI and working on MPLS currently. I'm trying to understand how the whole rd, route-target import and export works. So lets say we have a topology with 3 * PE routers connecting to different sites ( i.e red and blue),then are below correct?

1-we have a unique rd for each VRF on all PE routers that connects to remote sites. i.e red: 1:1 blue:2:2 on the relevant PE routers.

2- if route-target import for blue vrf is 1:2, then the rt export on all PE routers has to be 1:2. or can rt be unique for each remote site? so basically we would have same config for blue vrf on all PEs, unless I need route-leaking:

ip vrf blue	
 rd 1:1	
 route-target export 1:2
 route-target import 1:2

Thanks

MHM Cisco World · ‎12-17-2024

You can use same rt export/import in all PE for one vrf.

MHM

MHM Cisco World · ‎12-17-2024

MHM Cisco World · ‎12-18-2024

For lab it ok to use same RT' usually I use RT both.

For real network RT is different depending on topolgy you have.

Just want to make you notice that.

MHM

Harold Ritter · ‎12-17-2024

Hi D@1984 ,

You are correct about the RT.

For the RD, it is strongly recommended to use a different RD per VRF per PE.

For example PE1 (with lo0 ip address 192.168.100.1) would have the RD set to 192.168.100.1:1 for VRF 1, 192.168.100.1:2 for VRF 2, etc.

PE2 (with lo0 ip address 192.168.100.2) would have the RD set to 192.168.100.2:1 for VRF1, 192.168.100.2:2 for VRF2, etc.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

D@1984 · ‎12-17-2024

thanks for the reply, what's the reason for different rd recommendation for the same VRF at different PEs? Also I'm confused now Lets say pe1 has 1:1 rd for vrf 1 and pe2 has rd 2:1 for vrf 1. If I'm right, the whole point of rd is so PEs now which vrf the route belongs to. when pe1 tag the prefix with rd 1:1 and advertise it to pe2, how pe2 can tell that this route belongs to vrf 1 (if rd for vrf 1 on pe2 is 2:1).

Thanks

Harold Ritter · ‎12-17-2024

Hi D@1984 ,

There are two main reasons for the unique RD per VRF per PE.

1. It makes it easy to identify the originating PE by looking at the RD.

2. It provides load balancing in case two or more PEs advertises the same prefix. Bear in mind that a VPNv4/VPNv6 prefixes is made of the RD + ipv4/ipv6 prefix. If you use the same RD on all the PEs (for the same VRF), two PEs connected to the same dual connected CE and therefore advertising the same prefixes would advertise exactly the same prefixes to the route reflector. The route reflector would receive both prefixes, select the best path and advertise it to the other PEs in the network. This would prevent the other PEs from load balancing between the two advertising PEs, as they only receive the best path as selected by the RR(s).

> If I'm right, the whole point of rd is so PEs now which vrf the route belongs to.

The role of the RD is to make prefixes unique (at least between VRFs). It is the role of the RT to determine which VRF(s) the route belong to (via the import process).

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

D@1984 · ‎12-18-2024

thanks, it makes sense now.

AshSe · ‎12-18-2024

Hello D@1984

Great question! MPLS Layer 3 VPNs (L3VPNs) can be a bit tricky to understand at first, but once you break it down, the concepts of Route Distinguisher (RD) and Route Target (RT) become much clearer. Let’s address your points and clarify how RD and RT work in your scenario.

1. Route Distinguisher (RD)

You are correct that RDs must be unique per VRF on each PE router. The RD is used to make routes globally unique in the MPLS backbone. It is not used for route filtering or control; its sole purpose is to distinguish overlapping IP address spaces (e.g., if two customers use the same subnet, like 192.168.1.0/24).

For example:

On PE1, the red VRF might have an RD of 1:1, and the blue VRF might have an RD of 2:2.
On PE2, the red VRF might have an RD of 1:2, and the blue VRF might have an RD of 2:3.

The RD does not need to match across PE routers. It only needs to be unique per VRF on each PE router. The RD is prepended to the IPv4 route to create a VPNv4 route (e.g., 1:1:192.168.1.0/24), which ensures uniqueness in the MPLS core.

2. Route Target (RT)

The RT is used for route filtering and control. It determines which routes are imported into or exported from a VRF. RTs are carried as BGP extended community attributes and are used to control the distribution of routes between VRFs.

RT Export

When a PE router advertises routes from a VRF, it tags those routes with the RT specified in the route-target export statement.
Other PE routers use the RT to decide whether to import those routes into their VRFs.

RT Import

The route-target import statement specifies which RTs a VRF will accept (import) into its routing table.

Your Question: Can RTs be unique for each remote site?

Yes, RTs can be unique for each remote site, but they don’t have to be. It depends on your design requirements.

If all blue VRFs across all PE routers need to share the same routes, then you can use the same RT for all blue VRFs (e.g., route-target export 1:2 and route-target import 1:2 on all PEs).
If you want to isolate routes for different sites (e.g., blue VRF on PE1 should not see blueVRF routes from PE2), you can use unique RTs for each site. For example:
- On PE1: route-target export 1:2 and route-target import 1:2
- On PE2: route-target export 1:3 and route-target import 1:3

In this case, the blue VRFs on PE1 and PE2 would not share routes unless you explicitly configure additional RTs for route leaking.

Your Configuration Example

Let’s analyze your configuration:

ip vrf blue

rd 1:1

route-target export 1:2

route-target import 1:2

This configuration means:

The RD for the blue VRF on this PE is 1:1.
Routes from the blue VRF on this PE will be tagged with RT 1:2 when advertised via BGP.
This PE will import any routes tagged with RT 1:2 into the blue VRF.

If you use the same configuration on all PE routers, all blue VRFs will share routes because they are all exporting and importing RT 1:2.

When Would You Need Route Leaking?

Route leaking is required when you want to share routes between VRFs (e.g., between red and blue VRFs). To achieve this, you would configure additional RTs. For example:

ip vrf red

rd 1:1

route-target export 1:1

route-target import 1:1

route-target import 1:2 ! Import routes from blue VRF

ip vrf blue

rd 1:2

route-target export 1:2

route-target import 1:2

route-target import 1:1 ! Import routes from red VRF

In this case, the red and blue VRFs will share routes because they are importing each other’s RTs.

Summary

RD: Unique per VRF on each PE router. It ensures route uniqueness in the MPLS core.
RT: Used for route filtering and control. It determines which routes are imported/exported between VRFs.
RT Design:
- Use the same RT for all VRFs of the same customer if they need to share routes.
- Use unique RTs for each site if you want to isolate routes.
Route Leaking: Use additional RTs to share routes between VRFs.

Let me know if you have more questions or need further clarification!

Hope This Helps!!!

AshSe

Forum Tips:

Insert photos/images inline - don't attach.

Always mark helpful and correct answers, it helps others find what they need.
For a prompt reply, kindly tag @name. An email will be automatically sent to the member.