I check you can really add two export to one prefix and it will list in Extended-Comm 

Let me go through the config as per my understanding - where is the fault in my logic ?

1: Both VRF Customer_A and VRF Customer_B export their routes to Shared_VRF using RT 65000:1234, and Shared_VRF is importing them both. At the end of the day, Shared_VRF will contain all the routes from both customers, right ?

2: Then Shared_VRF exports all of its routes (those that were imported from Customer_A and also from Customer_B) using RT 65000:300, which is then imported into both Customer_A and Customer_B VRF.

So what is preventing Customer_A to learn the prefixes of Customer_B via the import from Shared_VRF ? Where is the filtering mechanism, I can't understand.

Hi @franklaszlo ,

1: Correct

2: routes imported into a VRF can't be exported back to VPNv4.

> Customer_A to learn the prefixes of Customer_B

These two VRFs will not learn each other routes, unless they are specifically configured to import/export from each other. 

Regards,

Hi,

simple because, imported route will not have export

route-target

if it is locally exported.

Take simple router with VRF A,B and SHARED. One loopback interface per VRF A,B (loopback1, loopback2). Export them with different RT (1000:1,1000:2) and import (1000:1,1000:2) on SHARED. Plus, add export RT (1000:1000) on SHARED and import RT (1000:1000) on A, B.

If you check

show bgp vpnv4 unicast vrf SHARED {loopback1 or 2} 

you will not see 1000:1000 RT on local device for SHARED VRF, that's why A,B don't import each other's prefixes.

Router#sh bgp vpnv4 unicast vrf A 1.1.1.1/32  >> Lo1 in VRF A
BGP routing table entry for 1000:1:1.1.1.1/32, version 2
Paths: (1 available, best #1, table A)
Not advertised to any peer
Refresh Epoch 1
Local
0.0.0.0 from 0.0.0.0 (100.100.100.100)
Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best
Extended Community: RT:1000:1
mpls labels in/out 20/nolabel(A)
rx pathid: 0, tx pathid: 0x0




BGP routing table entry for 1000:1000:1.1.1.1/32, version 5
Paths: (1 available, best #1, table SHARED)
Not advertised to any peer
Refresh Epoch 1
Local, imported path from 1000:1:1.1.1.1/32 (A)
0.0.0.0 (via A) from 0.0.0.0 (100.100.100.100)
Origin IGP, metric 0, localpref 100, weight 32768, valid, external, best
Extended Community: RT:1000:1 > there is not 1000:1000 as addition
mpls labels in/out nolabel/nolabel(SHARED)
rx pathid: 0, tx pathid: 0x0

but shared VRF do that, it import/export the route. 
I never use

route-target

both in VRF leaking but I will check and share result here. 
thanks 

Hi @MHM Cisco World ,

A VRF route is only imported and exported once.

Regards,

sorry so I can not use

route-target

both in shared VRF ?
what I understand from the link @franklaszlo  shared that he use different import value to not make route direct exchange between VRF but via shared VRF. 

Hi @MHM,

Sorry I had misread the question. I just updated the post as follow:

1- 100:1 and 100:2 are just used to match routes that will be imported in the VRF. These route targets exported communities will not appear on exported routes.

Thanks for pointing that out.

Regards,

You are welcome,
Yes I was misread his Q too.
thanks for all support.

Many thanks  @Harold Ritter and @MHM Cisco World for all your effort with this topic, much appreciated.

My base understanding is, that route targets are extended community values that are set on routes when exported and sent in BGP updates together with the route, right ? So I assume, this RT community value is set when route is exported, or not ?

@Harold Ritter 

"100:1 and 100:2 are just used to match routes that will be imported in the VRF"

I understand that when specifying

route-target import 100:1,

it literally means the following (please correct if mistaken) : check all VPNV4 routes in VPNV4 BGP table, and import only the routes to the VRF routing table that has their extended community RT set to - or containing - 100:1. Is this not the case ? If yes, then it assumes that the routes do have their RT 100:1 set on export, does it not ?

"These route targets exported communities will not appear on exported routes."

If export community does not appear on routes, how does the far end router match on it ? If I configure

route-target export 100:3

then I believe this community value must be set on the routes in routing updates, otherwise I really don't understand how is it possible to filter them  at remote ?

I think @MHM Cisco World testing above just showcased this: