VRF, Route Distinguisher, Route Target

VRF means Virtual Routing Forwarding and it allows you to create more than one routing tables inside one physical routers, hence creating many virtual routers. You can then assign specific interfaces to related VRFs.

The Route-Distinguisher (RD) & Route-Target (RT) are two different concepts that are both used in an MPLS VPN. The RD is used to keep all prefixes in the BGP table unique, and the RT is used to transfer routes between VRF’s/VPNS. Lets differentiate these terms.

In SP network there is common that PE routers are shared among many customers. These customers are differentiated by VRF so there are no conflict so far when they use overlapping private IP addressing. Where the problem arise is the common BGP routing table. Yes the BGP table is shared among the customer. Thats why we have to distinguish somehow these routes. For that we use Route-Distinguisher (RD).

An RD is a 64 bit value that gets prepended in front of the 32 bit IP address in order to make a globally unique 96 bit address.  On PE if we configure Customer A to use an RD of 1:1, and Customer B with an RD of 2:2, then in the BGP vpnv4 unicast table we will see the following entries:

  • 1:1:
  • 1:1:
  • 2:2:
  • 2:2:

So by pre-pending an RD in front of the route, we have created a globally unique set of BGP prefixes in the vpnv4 BGP table that can be shared between peers.

But in the other hand a route target is kind of like a little tag that is attached to a route. When PE routers are exchanging routes they dont know to which VRF which routes belongs. For that we use RT. If router wants to tag some routes, it uses RT export. If router is interesting in some routes it uses RT import. The RT value is attached in the RT field within the BGP extended community attribute as they are sent to other PE router.



  • is 64 bit prepended prefix, used to convert customer non-unique 32 bit IPv4 address into a unique 96 bit VPNv4.
  • The resulting address is a VPNv4 address
  • RD is locally significant to the router!
  • a VRF is not operational unless you configure a RD
  • each VRF in PE router must have unique RD number


  • is a 64 bit extended BGP community that is attached to a VPNv4 BGP route to indicate its membership
  • any number of RTs can be attached to single route
  • export RTs identifies the VPN membership, to which the VRF belongs to
  • export RTs are attached to a client route, when it is converted to a VPNv4 route
  • import RTs are used to select which VPNv4 routes are to be inserted into which VRF tables
  • VPNv4 routes are imported into VRF table only if at least one of the attached RT to the route matches at least one of the RT configured for VRF

The RD is used purely for the purpose of ensuring routes are unique per VPN.  So 10 different VPN’s could use, and each instance of this prefix would be globally unique. The route-target is used to identify a subset of routes within the BGP vpnv4 unicast table that should be used in a VRF for a particular customer.