Re: How to filter route between VPN-Instance/BGP on the same switch?

ProsperBZH · ‎02-16-2018

Hello,

I work on a HP 5820 in Comware 5.
I created 2 Vpn-Instances. Each of them are associated with 2 Vlans (or in fact their Vlan-Interfaces).
In order to route between the Vpn-Instances, I simply configured BGP by creating 1 AS and bound the Vlan-interfaces to a Vpn-Instance.
To be clear:
#
ip vpn-instance VRF10
route-distinguisher 10:1
vpn-target 20:1 import-extcommunity
vpn-target 10:1 export-extcommunity
#
ip vpn-instance VRF20
route-distinguisher 20:1
vpn-target 10:1 import-extcommunity
vpn-target 20:1 export-extcommunity
#
interface Vlan-interface1
ip binding vpn-instance VRF10
ip address 1.1.1.1 255.0.0.0
#
interface Vlan-interface2
ip binding vpn-instance VRF10
ip address 2.2.2.2 255.0.0.0
#
interface Vlan-interface3
ip binding vpn-instance VRF20
ip address 3.3.3.3 255.0.0.0
#
interface Vlan-interface4
ip binding vpn-instance VRF20
ip address 4.4.4.4 255.0.0.0
#
bgp 100
#
ipv4-family vpn-instance VRF10
#
   import-route direct
#
ipv4-family vpn-instance VRF20
#
   import-route direct
#

It works fine, each Vpn-Instance learned the networks of the other one in its routing table.

But now, I don't want all the Vlan to be known. For example, Vlan 4 does not need to be "exported" to VRF10 routing table.
How can I do that? I read in documentation that "route-policy" is the solution, but I failed to succeed.
Does anyone ever do the same ?

Thanks.

IngoH · ‎12-03-2018

Haven't tested yet, but I assume following article is helpful;

How to route leake between vpn instances configuration example / https://community.hpe.com/t5/Comware-Based/How-to-route-leake-between-vpn-instances-configuration-example/td-p/6968623#.XAU8RtvwaHs

i.e.

Prefix-list for the networks you want to leake.

ip prefix-list v001 index 30 deny 10.50.25.248 30 BGP Peer

ip prefix-list v001 index 40 permit 10.50.24.0 24 Leake network

Route-Policy

route-policy v001-export permit node 10

if-match ip address prefix-list v001

apply extcommunity rt 1:1

VPN-Instance configuration.

ip vpn-instance v001

route-distinguisher 64514:1

import route-policy v136-export

vpn-target 64514:1 1:136 import-extcommunity

vpn-target 1:1 export-extcommunity

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: How to filter route between VPN-Instance/BGP on the same switch?

How to filter route between VPN-Instance/BGP on the same switch?

Re: How to filter route between VPN-Instance/BGP on the same switch?