Complete MPLS L3VPN Route Target Import Export Configuration Guide | Cisco VRF Route Leaking Lab

Complete MPLS L3VPN Route-Target Import Export Configuration Guide

In this complete educational tutorial, we will deeply understand how Route-Target import and export work inside MPLS Layer 3 VPN environments using Cisco IOS devices. This article explains every configuration step in detail and helps network engineers understand the complete logic behind VRF route leaking, MP-BGP VPNv4 routing, and inter-VRF communication.

🎯 What You Will Learn

• What MPLS L3VPN is
• Understanding VRF concepts
• Route Distinguisher vs Route Target
• How MP-BGP distributes VPN routes
• Selective route leaking between VRFs
• Cisco IOS Route-Target import/export configuration
• VRF route leaking mathematics and logic
• Troubleshooting commands
• Real-world enterprise use cases

Table of Contents

• 1. Introduction to MPLS L3VPN
• 2. Understanding VRFs
• 3. Route Distinguisher Explained
• 4. Route Target Explained
• 5. MPLS VPN Mathematics
• 6. Network Topology
• 7. Task 1 Configuration
• 8. Task 2 Configuration
• 9. Task 3 Configuration
• 10. Task 4 Configuration
• 11. Task 5 Configuration
• 12. Task 6 Configuration
• 13. Verification Commands
• 14. Troubleshooting
• 15. Best Practices
• 16. Related Articles

1. Introduction to MPLS L3VPN

MPLS stands for Multiprotocol Label Switching. MPLS is one of the most important technologies used by Internet Service Providers and large enterprise networks.

MPLS Layer 3 VPN allows multiple customers to use the same provider backbone while keeping routing tables isolated from each other.

The isolation happens using Virtual Routing and Forwarding instances, commonly known as VRFs.

MPLS Forwarding Logic

The forwarding decision in MPLS can be represented mathematically as:

$$ F(packet)=Label\\ Lookup + LFIB\\ Decision $$

Where:

• \(F(packet)\) = Forwarding operation
• LFIB = Label Forwarding Information Base
• Labels replace long routing lookups

2. Understanding VRFs

VRF stands for Virtual Routing and Forwarding.

A VRF creates multiple independent routing tables inside the same router.

This means different customers can use overlapping IP addresses without conflicts.

VRF Isolation Formula

$$ CustomerA\\ RouteTable \neq CustomerB\\ RouteTable $$

Even if both customers use:

$$ 10.1.1.0/24 $$

The routes remain isolated because they belong to different VRFs.

3. Route Distinguisher Explained

Route Distinguishers make IPv4 prefixes globally unique inside MPLS VPN networks.

Without Route Distinguishers, overlapping customer routes could not exist.

RD Formula

$$ VPNv4\\ Prefix = RD + IPv4\\ Prefix $$

Example:

$$ 100:1 + 10.5.5.0/24 $$

Result:

$$ 100:1:10.5.5.0/24 $$

4. Route Target Explained

Route Targets control route import and export policies between VRFs.

Route Targets are BGP extended communities.

They determine which VRF receives which VPN routes.

Route Target Logic

$$ Imported\\ Routes = Matching\\ Route\\ Targets $$

If:

$$ Export\\ RT = 1000:99 $$

And:

$$ Import\\ RT = 1000:99 $$

Then route exchange becomes possible.

5. Network Topology

                 MPLS CLOUD

        +-----------------------+
        |                       |
      R1 PE ---------------- PE R4
        |                       |
   Cust-A / Cust-B        Cust-A / Cust-B

In this lab:

• R1 and R4 are Provider Edge routers
• Cust-A and Cust-B are VRFs
• Selective route leaking is implemented
• Only specific routes are exchanged

6. Task 1 - Configure Route Target Export on R1 for Cust-A

We need to export route 10.5.5.0/24 from Cust-A VRF using Route Target 1000:99.

Code Example

set extcommunity rt 1000:99

This command attaches a BGP extended community Route Target to matching routes.

R1

access-list 55 permit 10.5.5.0 0.0.0.255

route-map EM-CustA permit 10
 match ip address 55
 set extcommunity rt 1000:99

Detailed Explanation

The access-list identifies the route that should receive the Route Target.

The route-map applies policy logic.

The command:

set extcommunity rt 1000:99

adds the Route Target attribute.

Only matching routes receive the RT.

Expected CLI Output

R1#show route-map

route-map EM-CustA, permit, sequence 10
 Match clauses:
   ip address (access-lists): 55
 Set clauses:
   extcommunity rt 1000:99

Policy Matching Mathematics

$$ Route\\ Match = \begin{cases} TRUE, & \text{if ACL permits route} \\\\ FALSE, & \text{otherwise} \end{cases} $$

Only routes evaluating TRUE receive the Route Target.

7. Task 2 - Configure Route Target Export on R1 for Cust-B

Now we configure Cust-B VRF on R1.

The goal is to export 10.6.6.0/24 using RT 1000:99.

Code Example

route-map EM-CustB permit 10

R1

access-list 66 permit 10.6.6.0 0.0.0.255

route-map EM-CustB permit 10
 match ip address 66
 set extcommunity rt 1000:99

Why Use Route Maps?

Route maps allow granular control.

Instead of exporting all routes, only selected prefixes are exported.

This improves:

• Security
• Traffic engineering
• Policy control
• Scalability

8. Task 3 - Apply Export Maps and Import Route Targets on R1

Now we apply export maps inside VRF definitions.

R1

vrf definition Cust-A
 address-family ipv4
  export map EM-CustA
  route-target import 1000:99
 !

vrf definition Cust-B
 address-family ipv4
  export map EM-CustB
  route-target import 1000:99
 !

Configuration Breakdown

Export maps define which routes receive Route Targets.

Import Route Targets define which VPN routes enter the VRF.

Because both VRFs import 1000:99:

• Cust-A learns selected Cust-B routes
• Cust-B learns selected Cust-A routes

Inter-VRF Route Exchange Formula

$$ Exchange = Export\\ RT \cap Import\\ RT $$

Where:

$$ 1000:99 \cap 1000:99 = TRUE $$

Therefore:

$$ Route\\ Exchange = Allowed $$

9. Task 4 - Configure Route Target Export on R4 for Cust-A

R4 must export route 10.8.8.0/24 from Cust-A using Route Target 1000:99.

R4

access-list 88 permit 10.8.8.0 0.0.0.255

route-map EM-CustA permit 10
 match ip address 88
 set extcommunity rt 1000:99

Operational Logic

This configuration ensures:

• 10.8.8.0/24 receives RT 1000:99
• Other VRFs importing 1000:99 can learn this route
• Selective leaking is maintained

10. Task 5 - Configure Route Target Export on R4 for Cust-B

R4

access-list 77 permit 10.7.7.0 0.0.0.255

route-map EM-CustB permit 10
 match ip address 77
 set extcommunity rt 1000:99

Selective Route Leaking Concept

Only selected routes participate in inter-VRF communication.

This design is common in:

• Shared services networks
• Firewall zones
• Enterprise MPLS deployments
• Managed service provider environments

11. Task 6 - Apply Export Maps and Import Route Targets on R4

R4

vrf definition Cust-A
 address-family ipv4
  export map EM-CustA
  route-target import 1000:99
 !

vrf definition Cust-B
 address-family ipv4
  export map EM-CustB
  route-target import 1000:99
 !

Deep Technical Explanation

When MP-BGP advertises VPNv4 routes:

• Route Distinguishers ensure uniqueness
• Route Targets control membership
• Import RT decides VRF visibility

This creates scalable multi-tenant networking.

VPN Route Distribution Formula

$$ VPNv4\\ Route = RD + IPv4\\ Prefix + RT $$

Example:

$$ 100:1:10.5.5.0/24 + RT\\ 1000:99 $$

12. Verification Commands

Verify VRF Configuration

show vrf

Verify Route Targets

show bgp vpnv4 unicast all

Verify Imported Routes

show ip route vrf Cust-A
show ip route vrf Cust-B

Sample Verification Output

R1#show ip route vrf Cust-A

B   10.6.6.0/24 [200/0]
     via 192.168.1.1

B   10.7.7.0/24 [200/0]
     via 192.168.1.2

13. Troubleshooting MPLS Route Leaking

Common Issues

Problem	Cause	Solution
Routes not imported	RT mismatch	Verify import/export RT
Route-map not working	ACL mismatch	Check access-list
VPNv4 routes missing	MP-BGP issue	Verify BGP neighbors
VRF route absent	No export map	Apply export map

BGP Path Selection Simplified

$$ Best\\ Path = Highest\\ Preference + Lowest\\ Cost $$

BGP uses multiple attributes during VPNv4 route selection.

14. Best Practices

• Use consistent RT numbering schemes
• Document VRF policies carefully
• Avoid unnecessary route leaking
• Use route maps for granular control
• Verify VPNv4 advertisements regularly
• Monitor MP-BGP stability
• Use descriptive VRF names
• Apply filtering wherever possible

💡 Key Takeaways

• Route Distinguishers create uniqueness
• Route Targets control route sharing
• Import/export policies enable selective leaking
• VRFs isolate customer routing tables
• MP-BGP distributes VPNv4 routes
• Route maps provide policy-based filtering

15. Advanced MPLS Mathematics

VPN Scalability Formula

$$ Total\\ VPNs = PE\\ Routers \times VRFs $$

If:

$$ PE = 50 $$

And:

$$ VRFs = 100 $$

Then:

$$ Total\\ VPN\\ Instances = 5000 $$

Route Import Decision Function

$$ Import(Route)= \begin{cases} 1, & RT_{route}=RT_{vrf} \\\\ 0, & otherwise \end{cases} $$

Traffic Engineering Concept

$$ Latency = \frac{Distance}{Propagation\\ Speed} $$

MPLS Traffic Engineering optimizes:

• Latency
• Bandwidth
• Path selection
• QoS

16. Related Networking Articles

• Cisco Nexus VRRP Configuration Guide
• Cisco Nexus EIGRP and HSRP
• Complete Cisco Nexus VXLAN EVPN
• Complete Cisco Nexus BGP Authentication
• Complete Cisco Nexus OSPF
• Complete Cisco Nexus EIGRP
• Complete Cisco Nexus Static Routing Lab
• Complete Cisco Nexus VLAN Trunking

Final Conclusion

This complete MPLS L3VPN Route Target Import Export tutorial demonstrated how selective VRF route leaking works using Route Targets and route maps on Cisco IOS routers.

We covered:

• VRF fundamentals
• Route Distinguishers
• Route Targets
• MP-BGP VPNv4
• Selective route leaking
• Cisco IOS configuration
• Verification commands
• Troubleshooting
• Mathematical logic

Understanding Route Target import/export policies is essential for mastering MPLS VPN architectures in enterprise and service provider networks.