Comware

 View Only
Expand all | Collapse all

How to filter route between VPN-Instance/BGP on the same switch?

This thread has been viewed 4 times
  • 1.  How to filter route between VPN-Instance/BGP on the same switch?

    Posted Feb 16, 2018 11:13 AM

    Hello,

    I work on a HP 5820 in Comware 5.
    I created 2 Vpn-Instances. Each of them are associated with 2 Vlans (or in fact their Vlan-Interfaces).
    In order to route between the Vpn-Instances, I simply configured BGP by creating 1 AS and bound the Vlan-interfaces to a Vpn-Instance.
    To be clear:
    #
    ip vpn-instance VRF10
     route-distinguisher 10:1
     vpn-target 20:1 import-extcommunity
     vpn-target 10:1 export-extcommunity
    #
    ip vpn-instance VRF20
     route-distinguisher 20:1
     vpn-target 10:1 import-extcommunity
     vpn-target 20:1 export-extcommunity
    #
    interface Vlan-interface1
     ip binding vpn-instance VRF10
     ip address 1.1.1.1 255.0.0.0
    #
    interface Vlan-interface2
     ip binding vpn-instance VRF10
     ip address 2.2.2.2 255.0.0.0
    #
    interface Vlan-interface3
     ip binding vpn-instance VRF20
     ip address 3.3.3.3 255.0.0.0
    #
    interface Vlan-interface4
     ip binding vpn-instance VRF20
     ip address 4.4.4.4 255.0.0.0
    #
    bgp 100
     #
     ipv4-family vpn-instance VRF10
      #           
       import-route direct
     #
     ipv4-family vpn-instance VRF20
      #
       import-route direct
     #

    It works fine, each Vpn-Instance learned the networks of the other one in its routing table.

    But now, I don't want all the Vlan to be known. For example, Vlan 4 does not need to be "exported" to VRF10 routing table.
    How can I do that? I read in documentation that "route-policy" is the solution, but I failed to succeed.
    Does anyone ever do the same ?

    Thanks.



  • 2.  RE: How to filter route between VPN-Instance/BGP on the same switch?

    Posted Dec 03, 2018 09:37 AM

    Haven't tested yet, but I assume following article is helpful;

    How to route leake between vpn instances configuration example / https://community.hpe.com/t5/Comware-Based/How-to-route-leake-between-vpn-instances-configuration-example/td-p/6968623#.XAU8RtvwaHs 

    i.e.

    Prefix-list for the networks you want to leake.

    ip prefix-list v001 index 30 deny 10.50.25.248 30          BGP Peer

    ip prefix-list v001 index 40 permit 10.50.24.0 24          Leake network

    Route-Policy

    route-policy v001-export permit node 10

    if-match ip address prefix-list v001

    apply extcommunity rt 1:1

    VPN-Instance configuration.

    ip vpn-instance v001

    route-distinguisher 64514:1

    import route-policy v136-export

    vpn-target 64514:1 1:136 import-extcommunity

    vpn-target 1:1 export-extcommunity