After the target VRF learns routes that are leaked by the source VRF, the source VRF in turn can leak the
export target corresponding to the destination VRFs that have imported its routes. The source VRF learns
the export target corresponding to the destinations VRF using the ip route-import tag or ipv6
route-import tag command. This mechanism enables reverse communication between destination
VRF and the source VRF.
If the target VRF contains the same prefix (either sourced or Leaked route from some other VRF), then the
Leak for that particular prefix will fail and an error-log will be thrown. Manual intervention is required to
clear the unneeded prefixes. The source route will take priority over the leaked route and the leaked
route is deleted.
Consider a scenario where you have created four VRF tables VRF-red, VRF-blue, VRF-Green, and VRF-
shared. The VRF-shared table belongs to a particular service that should be made available only to VRF-
Red and VRF-Blue but not VRF-Green. For this purpose, routes corresponding VRF-Shared routes are
leaked to only VRF-Red and VRF-Blue. And for reply, routes corresponding to VRF-Red and VRF-Blue are
leaked to VRF-Shared.
For leaking the routes from VRF-Shared to VRF-Red and VRF-Blue, you can configure route-export tag
on VRF-shared (source VRF, who is exporting the routes); the same route-export tag value should be
configured on VRF-Red and VRF-blue as route-import tag (target VRF, that is importing the routes). For a
reply communication, VRF-red and VRF-blue are configured with two different route-export tags, one for
each, and those two values are configured as route-import tags on VRF-shared.
To configure route leaking, perform the following steps:
1. Configure VRF-shared using the following command:ip vrf vrf-sharedinterface
tengigabitethernet 1/4ip vrf forwarding vrf-sharedip address x.x.x.x
255.x.x.x
A non-default VRF named VRF-Shared is created and the interface 1/4 is assigned to this VRF.
2. Configure the export target in the source VRF:.ip route-export 1:1
3. Configure VRF-red.ip vrf vrf-red interface tengigabitethernet 1/11ip vrf
forwarding VRF-red ip address x.x.x.x 255.x.x.x
A non-default VRF named VRF-red is created and the interface 1/11 is assigned to this VRF.
4. Configure the import target in VRF-red.ip route-import 1:1
5. Configure the export target in VRF-red.ip route-export 2:2
6. Configure VRF-blue.ip vrf vrf-blue interface tengigabitethernet 1/12ip vrf
forwarding vrf-blue ip address x.x.x.x 255.x.x.x
A non-default VRF named VRF-blue is created and the interface 1/12 is assigned to it.
7. Configure the import target in VRF-blue.ip route-import 1:1
8. Configure the export target in VRF-blue.ip route-export 3:3
9. Configure VRF-green.ip vrf vrf-green interface tengigabitethernet 1/13ip vrf
forwarding VRF-green ip address x.x.x.x 255.x.x.x
A non-default VRF named VRF-green is created and the interface 1/13 is assigned to it.
10. Configure the import target in the source VRF VRF-Shared for reverse communication with VRF-red
and VRF-blue.ip vrf vrf-sharedip route—import 2:2ip route-import 3:3
The show run output for the above configuration is as follows:
ip vrf VRF-Red
ip route-export 2:2
ip route-import 1:1
Virtual Routing and Forwarding (VRF) 937