Using an IP Extcommunity Variable with Route Map

In the diagram below, the VRF named "VPN1" on PE 1 is set to import routes with RT 100:14, 100:20 and 100:80. The VRF named "VPN1" on PE 4 is configured to export routes with RT 100:20 and 100:14. The VRF named "VPN2" on PE 4 is configured to export routes with RT 100:6 and 100:20. A route-map is configured from a BGP neighbor command on PE 1 to not install all routes from PE 4 with RT 100:6. This blocks all routes from VPN2 being sent to PE 1.

Click to expand in new window
IP Extcommunity and route-map usage

The following example shows the configuration commands required on the PE 1 router for the example shown in the diagram above. In this example, the route-map ExcludeRoute has an extcommunity value that references the extcommunity 20. The ip extcommunity-list command specifies that routes with RT 100:6 are to be denied. The neighbor route-map command exports the ExcludeRoute route-map to the BGP neighbor PE 4. Consequently, PE 4 blocks the export or route-target 100:6 to PE 1. This blocks all routes from VPN2 on PE 4 from being sent to PE 1.

      device(config)# router bgp
device(config-bgp)# local-as 100
device(config-bgp)# neighbor remote-as 100
device(config-bgp)# address-family vpnv4 unicast
device(config-bgp-vpnv4u)# neighbor activate
device(config-bgp-vpnv4u)# neighbor route-map in ExcludeRoute
device(config-bgp-vpnv4u)# neighbor send-community extended
device(config-bgp-vpnv4u)# exit

device(config)# route-map ExcludeRoute permit 10
device(config-routemap ExcludeRoute)# match extcommunity 20
device(config-routemap ExcludeRoute)# exit

device(config)# ip extcommunity-list 20 deny RT 100:6
device(config)# vrf VPN1
device(config-vrf-vpn1)# rd 1:1
device(config-vrf-vpn1)# route-target import 100:20
device(config-vrf-vpn1)# route-target import 100:80
device(config-vrf-vpn1)# route-target import 100:14
device(config-vrf-vpn1)# exit-vrf