MPLS BPG (VPNV4) route-map

Is there a way to remove, or alter, prefixes that oritinate in the iBGP of the ISP, and pass ones that originate outside the AS?


  1. Deny or alter  BGP attibutes of any default route originating in the ISP's netowrk
  2. Permit default routes that originate outside the ISP's AS, and advertise it to the CEs


(ce1) ---- [PE1]-----{MPLS Cloud}------[PE2]------ (ce2)

VRFs          RD

CE1 - ce1   65001:1
CE2 - ce2   65100:1


I typed up a prefix-list, as-path list and a route-map that will target any default route that originates internal to my "ISP's" AS, but I cannot seem to figure out how to apply them in an MPLS VPN environment.

ip prefix-list deny-def-int seq 5 permit
ip as-path access-list 1 permit ^$
route-map deny-def-int deny 5
 match ip address prefix-list deny-def-int
 match as-path 1
route-map deny-def-int permit 10


I want to prevent the default route from being injected in to my vrf BGP tables or alter their attributes to make the the less preferred:

pe1#sh ip bgp vpnv4 vrf ce1
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65001:1 (default for vrf cusA)
*>i0.0.0.0            0    100      0 i

pe2#sh ip bgp vpnv4 vrf ce2
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65100:1 (default for vrf callc)
*>                  0         32768 i

Here is the test vrf injecting it into an extranet that my other vrfs are importing:

 address-family ipv4 vrf test
 no auto-summary
 no synchronization

pe2#sh run | sec ip route
ip route vrf test Null0



  • Have you tried MPLS export and import maps?

  • I have not, can you brief me on it?

  • use an import-map that denies the default route: 


    ip vrf TEST

     rd xxx:xxx

     route-target import xxx:xxx

     route-target export xxx:xxx

     import-map STOP_DEFAULT


    route-map STOP_DEFAULT deny 10 

     match ip address prefix-list DEFAULT


    route-map STOP_DEFAULT permit 100


    ip prefix-list DEFAULT permit 


    Obviously you want to keep your current "route-target import" statement alone. Just add the Import-map to deny the default.. As long as the default has an extended-community that matches your "route-target import", you should be good to go. 



  • Hi knownasthatguy,

    import map is pretty simple method to control the importing routes into VRF table (route-target import imports all route by default).  I recommend following config to your scenario:

    ip extcommunity-list standard  CE1 permit rt 65000:1
    ip prefix-list DEFAULT seq 10 permit

    route-map DENY_DEFAULT deny 10
     match ip address prefix-list DEFAULT
     match extcommunity CE1
    route-map DENY_DEFAULT permit 20

    ip vrf CE1
     rd 65001:1
     import ipv4 unicast map DENY_DEFAULT
     route-target export 65001:1
     route-target import 65000:1

  • All,
    Thanks for the input.  I do remember import/export route-maps (now that I read the Cisco PDF) can be used in VRF statements.  I recall coming across them studying for my CCIP.  I was able to acheive my objectives.  The as-path list, prefix-list, and route-map work perfectly.

    Thank you for your input.

Sign In or Register to comment.