Hello Sudip,
Sorry for the delay, let me answer your question.
To understand this, you need to think about the difference between the control plane and data plane.
Control plane:
A VRF helps to differentiate the routing table but this only works on the local router. We don’t exchange VRF information between routers. Imagine we have a PE router with a VRF called “red” and a VRF called “blue”.
In each VRF, we have network 5.5.5.5/32. Thanks to our VRFs, we can have the same network in two different VRFs.
Now we want to advertise both networks to another PE router. We do this with MP-BGP. How can the PE router on the other end differentiate between those two 5.5.5.5/32 networks? It can’t since the network address is exactly the same and we don’t exchange VRF information. To make each network unique, we add an RD:
Thanks to a different RD, our two 5.5.5.5/32 networks are now two unique VPN routes.
Before we continue with the data plane, take a look at the MP-BGP table and the next hop. Here’s an example of a PE1 router:
PE1#show bgp vpnv4 unicast vrf RED
BGP table version is 4, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf RED)
*> 5.5.5.5/32 192.168.45.5 0 0 5 i
In order for PE1 to get to 5.5.5.5/32, the next hop IP address is 192.168.45.5. That’s a PE2 router.
All VPN routes that a PE router learns, the PE router on the other side will be the next hop.
Data plane
Now let’s look at the actual forwarding of traffic. Take a look at this picture:
The destination in this picture is 192.168.2.2, it’s behind CE4. The CE1 router will send a regular IP packet.
Your CE router sends a regular IP packet, the PE1 router receives it. It checks its MP-BGP table and sees that PE2 is the destination. A transport label is added and the packet is forwarded to the P router.
The P router checks its label bindings, sees that PE2 is the destination for transport label X. Because of PHP, it removes the label and forwards the IP packet to PE2.
PE2 now receives a regular IP packet with destination 192.168.2.2. What is PE2 supposed to do with this IP packet? The RD doesn’t help here, there isn’t any RD information in the IP packet. PE2 has no idea what to do this with packet…
To fix this, we add a second label…the VPN label:
PE1 adds the VPN label, PE2 receives an IP packet that still has the VPN label attached. When PE2 sees the VPN label, it knows that it’s for VRF RED. How does it know this? Because we configure this with a route-target. The VPN label is removed, and the IP packet is forwarded into the correct VRF.
Conclusion
The RD is to turn prefixes into unique VPN routes, which are advertised through MP-BGP. This helps the control plane. The VPN label is needed because otherwise, the data plane on a PE router doesn’t know where to forward the IP packet to. Adding the VPN label allows the PE router to do a lookup for the VPN label and figure out which VRF to forward the packet to. The VPN label is attached to a VRF because of route targets.
I hope this helps but if not, let me know!
Rene