7/26/2021 MPLS VPN Extranet Route Leaking

Get Full Access to our 731 Cisco Lessons Now Start $1 Trial

Search … 

You are here: Home » MPLS

MPLS VPN Extranet Route Leaking 

MPLS supports intranet and extranet VPNs: Course Contents

MPLS Intranet VPN: this is a VPN where we connect the headquarters, remote MPLS

sites, branch offices, etc. from a single company.

 Unit 1: Introduction
MPLS Extranet VPN: this is a VPN where we extend connectivity from a company
 Unit 2: LDP (Label Distribution Protocol)
to other parties like customers, suppliers, or partners.
 Unit 3: MPLS VPN

Let me show you a quick example to explain this: VRFs (Virtual Routing and Forwarding)

MPLS L3 VPN Explained

MPLS L3 VPN Configuration

MPLS L3 VPN BGP Allow AS in

MPLS L3 VPN BGP AS Override

MPLS L3 VPN PE-CE RIP

MPLS L3 VPN PE-CE EIGRP

MPLS L3 VPN PE-CE OSPF

MPLS L3 VPN PE-CE OSPF Default Route

MPLS L3 VPN PE-CE OSPF Global Default

Route

MPLS L3 VPN PE-CE OSPF Sham Link

VRF Lite Route Leaking

MPLS VPN Extranet Route Leaking

In the topology above, we have a simple MPLS VPN PE-CE topology from a provider that
MPLS VPN VRF Export Map
has two customers:
MPLS VPN VRF Import Map

Customer Red MPLS over FlexVPN

Customer Blue  Unit 4: MPLS L2 Encapsulation

 Unit 5: IPv6 MPLS

Each customer has two sites. On our PE routers, we use the following configuration for
our VRFs:

PE1#show run | begin ip vrf

ip vrf BLUE

rd 2:2

route-target export 2:2

route-target import 2:2

ip vrf RED

rd 1:1

route-target export 1:1

route-target import 1:1

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 1/11
7/26/2021 MPLS VPN Extranet Route Leaking

PE2#show run | begin ip vrf

Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
ip vrf BLUE

rd 2:2

route-target export 2:2

route-target import 2:2

ip vrf RED

rd 1:1

route-target export 1:1

route-target import 1:1

Here’s what you see above:

VRF RED uses route-target 1:1 to import and export its routes.
VRF BLUE uses route-target 2:2 to import and export its routes.

With the configuration above, both customers are only able to communicate with their
own sites. It’s impossible to send traffic from RED to BLUE or vice versa. This is what we
call an MPLS intranet VPN.

Does this mean it’s impossible for customers RED and BLUE to communicate with each
other at all?

This is no problem at all…the only thing we have to do is leak some routes from one VRF
to another. This allows the different sites to learn about each others’ routes and they will
be able to communicate with each other. This is called an MPLS VPN Extranet (Route
Leaking).

1. Configuration
Let’s see how this works. To demonstrate this, I will use the topology I just showed you
and we will leak some routes between customer site RED-CE1 and BLUE-CE2. Here it is:

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 2/11
7/26/2021 MPLS VPN Extranet Route Leaking

Get Full Access to our 731 Cisco Lessons Now Start $1 Trial

This is a basic MPLS VPN PE CE setup with two VRFs. We use OSPF as the PE-CE routing
protocol.

Configurations
Want to take a look for yourself? Here you will find the startup configuration of each
device.

B-CE1
hostname BLUE-CE1

ip cef

interface Loopback0

ip address 2.2.2.2 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.23.2 255.255.255.0

router ospf 1

network 2.2.2.2 0.0.0.0 area 0

network 192.168.23.0 0.0.0.255 area 0

end

B-CE2

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 3/11
7/26/2021 MPLS VPN Extranet Route Leaking

hostname BLUE-CE2

Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
!

ip cef

interface Loopback0

ip address 7.7.7.7 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.57.7 255.255.255.0

router ospf 1

network 7.7.7.7 0.0.0.0 area 0

network 192.168.57.0 0.0.0.255 area 0

end

P
hostname P

ip cef

interface Loopback0

ip address 4.4.4.4 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.34.4 255.255.255.0

mpls ip

interface GigabitEthernet0/2

ip address 192.168.45.4 255.255.255.0

mpls ip

router ospf 345

network 4.4.4.4 0.0.0.0 area 0

network 192.168.34.0 0.0.0.255 area 0

network 192.168.45.0 0.0.0.255 area 0

end

PE1

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 4/11
7/26/2021 MPLS VPN Extranet Route Leaking

hostname PE1

Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
!

ip vrf BLUE

rd 2:2

route-target export 2:2

route-target import 2:2

ip vrf RED

rd 1:1

route-target export 1:1

route-target import 1:1

ip cef

interface Loopback0

ip address 3.3.3.3 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.34.3 255.255.255.0

mpls ip

interface GigabitEthernet0/2

ip vrf forwarding RED

ip address 192.168.13.3 255.255.255.0

interface GigabitEthernet0/3

ip vrf forwarding BLUE

ip address 192.168.23.3 255.255.255.0

router ospf 1 vrf RED

redistribute bgp 345 subnets

network 192.168.13.0 0.0.0.255 area 0

router ospf 2 vrf BLUE

redistribute bgp 345 subnets

network 192.168.23.0 0.0.0.255 area 0

router ospf 345

network 3.3.3.3 0.0.0.0 area 0

network 192.168.34.0 0.0.0.255 area 0

router bgp 345

bgp log-neighbor-changes

neighbor 5.5.5.5 remote-as 345

neighbor 5.5.5.5 update-source Loopback0

address-family ipv4

no neighbor 5.5.5.5 activate

exit-address-family

address-family vpnv4

neighbor 5.5.5.5 activate

neighbor 5.5.5.5 send-community extended

exit-address-family

address-family ipv4 vrf BLUE

redistribute ospf 2

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 5/11
7/26/2021 MPLS VPN Extranet Route Leaking

exit-address-family

!
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
address-family ipv4 vrf RED

redistribute ospf 1

exit-address-family

end

PE2

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 6/11
7/26/2021 MPLS VPN Extranet Route Leaking

hostname PE2

Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
!

ip vrf BLUE

rd 2:2

route-target export 2:2

route-target import 2:2

ip vrf RED

rd 1:1

route-target export 1:1

route-target import 1:1

ip cef

interface Loopback0

ip address 5.5.5.5 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.45.5 255.255.255.0

mpls ip

interface GigabitEthernet0/2

ip vrf forwarding RED

ip address 192.168.56.5 255.255.255.0

interface GigabitEthernet0/3

ip vrf forwarding BLUE

ip address 192.168.57.5 255.255.255.0

router ospf 1 vrf RED

redistribute bgp 345 subnets

network 192.168.56.0 0.0.0.255 area 0

router ospf 2 vrf BLUE

redistribute bgp 345 subnets

network 192.168.57.0 0.0.0.255 area 0

router ospf 345

network 5.5.5.5 0.0.0.0 area 0

network 192.168.45.0 0.0.0.255 area 0

router bgp 345

bgp log-neighbor-changes

neighbor 3.3.3.3 remote-as 345

neighbor 3.3.3.3 update-source Loopback0

address-family ipv4

no neighbor 3.3.3.3 activate

exit-address-family

address-family vpnv4

neighbor 3.3.3.3 activate

neighbor 3.3.3.3 send-community extended

exit-address-family

address-family ipv4 vrf BLUE

redistribute ospf 2

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 7/11
7/26/2021 MPLS VPN Extranet Route Leaking

exit-address-family

!
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
address-family ipv4 vrf RED

redistribute ospf 1

exit-address-family

end

R-CE1
hostname RED-CE1

ip cef

interface Loopback0

ip address 1.1.1.1 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.13.1 255.255.255.0

router ospf 1

network 1.1.1.1 0.0.0.0 area 0

network 192.168.13.0 0.0.0.255 area 0

end

R-CE2
hostname RED-CE2

ip cef

interface Loopback0

ip address 6.6.6.6 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.56.6 255.255.255.0

router ospf 1

network 6.6.6.6 0.0.0.0 area 0

network 192.168.56.0 0.0.0.255 area 0

end

Right now, we have an intranet VPN so each customer only sees their own routes. Here
are customer RED’s routes:

RED-CE1#show ip route ospf

6.0.0.0/32 is subnetted, 1 subnets

O IA 6.6.6.6 [110/3] via 192.168.13.3, 00:16:14, GigabitEthernet0/1

O IA 192.168.56.0/24 [110/2] via 192.168.13.3, 00:16:14,

GigabitEthernet0/1

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 8/11
7/26/2021 MPLS VPN Extranet Route Leaking

RED-CE2#show ip route ospf

Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
1.0.0.0/32 is subnetted, 1 subnets

O IA 1.1.1.1 [110/3] via 192.168.56.5, 00:16:37, GigabitEthernet0/1

O IA 192.168.13.0/24 [110/2] via 192.168.56.5, 00:16:37,

GigabitEthernet0/1

And here we have customer BLUE’s routes:

BLUE-CE1#show ip route ospf

7.0.0.0/32 is subnetted, 1 subnets

O IA 7.7.7.7 [110/3] via 192.168.23.3, 00:16:52, GigabitEthernet0/1

O IA 192.168.57.0/24 [110/2] via 192.168.23.3, 00:16:52,

GigabitEthernet0/1

BLUE-CE2#show ip route ospf

2.0.0.0/32 is subnetted, 1 subnets

O IA 2.2.2.2 [110/3] via 192.168.57.5, 00:17:10, GigabitEthernet0/1

O IA 192.168.23.0/24 [110/2] via 192.168.57.5, 00:17:10,

GigabitEthernet0/1

If I want to let RED-CE1 and BLUE-CE2 talk with each other, I’ll have to export and import
some routes. I’ll use a new route-target (1:2) for this. Let’s do this step-by-step…first, let’s
export the routes from VRF RED on PE1:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

 Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
 Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
 Full Access to our 731 Lessons. More Lessons Added Every Week!
 Content created by Rene Molenaar (CCIE #41726)

Give Membership a try - it's just $1 ►

491 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!

You may cancel your monthly membership at any time.

No Questions Asked!

« Previous Lesson

VRF Lite Route Leaking

Next Lesson
MPLS VPN VRF Export Map »
 Tags: VRF

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 9/11
7/26/2021 MPLS VPN Extranet Route Leaking

Forum Replies Get Full Access to our 731 Cisco Lessons Now Start $1 Trial

Zaman.rubd

Hi Rene,

If I want to Communicate RED-CE1 to BLUE-CE1 and RED-CE2 to BLUE-CE2 then have to configure like the way you described in your lesson
https://networklessons.com/cisco/ccie-routing-switching-written/vrf-lite-route-leaking/ . Right ???

Br//zaman

ccnp.manami

It helps.

Thank you Laz.

ccnp.manami

Hi Rene,

I was trying the below scenario,

https://cdn-forum.networklessons.com/uploads/default/original/2X/f/f461d09029207462e305f35d88567c5a58a72669.png

Scope of Work,

PART1

======

CE1 - will be accessing “ip https” service on AS8

CE11 - will be accessing “Internet” on AS88

PART2

======

CE1 - Also can access “Internet”

CE11 - also can access “ip https” service

Can’t able to configure the below properly:

===============================

1. MP-iBGP inside Service provider network with 2 RR

2. Can’t enable only VPNv4 inside MPLS Network
3. Can’t configure “Route Leaking”
... Continue reading in our forum

lagapides

Hello Manami

https://cdn-forum.networklessons.com/letter_avatar_proxy/v4/letter/c/c89c15/40.png

ccnp.manami:
what is MP-iBGP? Is this similar to normal BGP Route Reflector setup? If not where is that differ?

Regular BGP supports IPv4 unicast prefixes. MP-BGP is multi-protocol BGP, and it is an implementation of BGP that supports multiple protocols such as
IPv4 unicast, IPv4 multicast, IPv6 unicast, and IPv6 multicast.

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 10/11
7/26/2021 MPLS VPN Extranet Route Leaking

It is also used extensively with MPLS VPN in order to be able to share information from VRFs and VPNv4 routes. MP-BGP in simple terms inc
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
... Continue reading in our forum

ccnp.manami

This will help. Thanks Laz.

 18 more replies! Ask a question or join the discussion by visiting our Community Forum

© 2013 - 2021 NetworkLessons.com Disclaimer Privacy Policy Support About

https://networklessons.com/mpls/mpls-vpn-extranet-route-leaking 11/11