Let's say PE1 & PE2 are multihomed to SiteA, and PE3 & PE4 are multihomed to SiteB.
Create your origin communities - these will be used in addition to the vrf "target" communities. I would configure these communities on all PE routers.
[edit]
jparks# show policy-options
/*-----snip-----*/
community site-a-origin members origin:65000:100;
community site-b-origin members origin:65000:200;
community vpn-cust-a members target:65000:555;
Create your VRF-export policies on PE1 and PE2 to advertise SiteA prefixes into the MPLS cloud (bgp.l3vpn.0) tagging the prefixes with the VRF target community and the SiteA origin community.
[edit]
jparks# show policy-options policy-statement vrf-cust-a-export
term 1 {
from protocol bgp;
then {
community add vpn-cust-a;
community add site-a-origin;
accept;
}
}
Create the VRF import policy to accept routes back into the VRF. This is the configuration on the PE1 and PE2. (There are a couple of ways to do this - I'm illustrating one)
[edit]
jparks# show policy-options policy-statement vrf-cust-a-import
term reject-site-a {
from {
protocol bgp;
community site-a-origin;
}
then reject;
}
term accept-other-sites {
from {
protocol bgp;
community vpn-cust-a;
}
then accept;
}
You could reject the "origin" community on the PE-CE eBGP session too.
Change the relevant information on PE3 & PE4 to achieve the same results.
As far as using Tags, that would be more for IGP on the PE to CE link. At that point, I think I would use Domain-ID for OSPF. Check out the Sybex JNCIE-M Book/PDF at page 727. The book is available on the Juniper Web site in the books section.