Thank you for your response.
The client route (subnet X) is in VRF A and I export it with a rt2:2.
In VRF B I import that rt and export the routes with a rt 3:3.

In VRF D and VRF E, I import the rt 3:3, the problem is that only in VRF D I get the subnet X of the client CE1 but not in VRF E.
Why could I import the subnet X with the rt 3:3 if its original rt is 2:2? Why was vrf D able to import subnet X from vrf B which had already been imported from VRF A? Normally this is not possible (loop prevention).

Regards

...

...

Hello,

For AF VPNv4, all PEs are clients of P (RR).
For IPv4 AF, only PE1 is a client of PE2 (RR), it does not make sense here but the architecture is a bit bigger.

Regards

Hello,

Thanks for your reply, I inferred exactly from the results.
What I found strange is that CE2 receives subnet X with an ext comm rt of 3:3, which indicates that VRF C changed the rt of the route that he learned from VRF A, so if VRF C changed the rt, why VRF E could not import it?

I will try to add some outputs

Regards

Subnet X : 172.16.0.0/16

PE1#show bgp vrf A 172.16.0.0
Paths: (1 available, best #1, table A)
192.168.5.2 (via vrf A) from 192.168.5.2 (172.16.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: RT:2:2

PE1#show bgp vrf B 172.16.0.0
Paths: (1 available, best #1, table B)
5, imported path from 2:2:172.16.0.0/16 (A)
192.168.5.2 (via vrf A) (via A) from 192.168.5.2 (172.16.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: RT:2:2



PE2#show bgp vrf C 172.16.0.0
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:3:3



PE2#show bgp vrf D 172.16.0.0
5, imported path from 3:3:172.16.0.0/16 (C)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:3:3

"By default, neighbors that are defined using the

neighbor remote-as 

command in router configuration mode exchange only unicast address prefixes. To exchange other address prefix types, such as multicast and VPNv4, neighbors must also be activated using the

neighbor activate

command in address family configuration mode, as shown. "

Did you use neighbor activate between Pe2 and Pe3 ?

Hi,

Only PE1 and PE2 have an iBGP (ipv4) session between VRF B and VRF C.
PE1, PE2 and PR3 have an MP-iBGP session via the RR (P).

I attached the simplified BGP and VRF configuration files.

Regards,

can I see the config of IGP inside the SP core ?

...

Thank you for your response.
Here is a diagram and the configurations of the PE and P routers.
The configuration has been adapted to simplify it as much as possible in order to have an answer to my question.

Regarding your comment:

vrf A needs to import the routes of vrf B (3:3) in order to have traffic in both directions.
vrf B and vrf C have the same rt 3:3 because in theory they are the 'same' vrf (that's why they have an iBGP session through a security infrastructure).

I repeat my big doubt: Why the client CE2 (or the vrf D of PE2) can import the subnet X (172.16.0.0.0/16) with a rt ext comm of 3:3? and why the vrf E of PE3 can't import it?

Regards

Hi @Andreseo90 ,

Prefixes imported in a VRF will not be exported to VPNv4. So the path from VPN A --> VPN B --> VPN C --> VPNv4 is not an option. The best way to propagate prefix X to VPN E would be to export RT 3:3 for VRF A, so that VRF E can import it directly.

Regards,