Overlapping MPLS VPN

The same topology used for basic MPLS-VPN is used here.


Now with some conditions;

R0,R6 are customer “one”

R1 and R7 are customer “two”

Only R1 of of customer “two” can communicate with only R6 of customer “one”.

Here, we just need to add appropriate route-tag for R6 routes to appear in R1.

on PE: R5

R5(config)#ip vrf one
R5(config-vrf)#route-target export 13:13

Export VRF “one” routes with 13:13. Import this tag to VRF “two” on another PE router, R2;

R2(config)#ip vrf two

R2(config-vrf)#route-target import 13:13  <<

Now, R1 can see R6s’ routes alone in routing table.

R1 Routing table:

R [120/6] via, 00:00:26, FastEthernet0/1

R [120/6] via, 00:00:26, FastEthernet0/1

R1#show ip route

Routing entry for

Known via “rip”, distance 120, metric 6

Redistributing via rip

Last update from on FastEthernet0/1, 00:00:15 ago

Routing Descriptor Blocks:

*, from, 00:00:15 ago, via FastEthernet0/1

Route metric is 6, traffic share count is 1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 0 percent (0/2)


The reason why the ping fails is,  R6 routes are available in R1 routing table. But, we need to establish two way communication. Hence, we need to make R1 routes available to R6.

R2(config)#ip vrf two

R2(config-vrf)#route-target export 14:14  <<< can use 13:13 as well


R5(config)#ip vrf one

R5(config-vrf)#route-target import 14:14



Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 100 percent (5/5), round-trip min/avg/max = 20/51/136 ms


We can also use “export map <route-map>” command to fine tune which prefix should advertise with RTs.

R5#show route-map

route-map test, permit, sequence 10

Match clauses:

ip address (access-lists): 1

Set clauses:

extended community RT:11:11 RT:13:13

Policy routing matches: 0 packets, 0 bytes

R5#show run | sec vrf

ip vrf one

rd 1:1

export map test

This entry was posted in mpls and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s