VRF / VPN Instance Inter VLAN Routing

How to configure vpn-instance interface VLAN/ intervlan routing on an HPE Comware Switch!

I had a customer who uses VPN Instances on HPE Comware 5500-HI switches, and they needed the Comware switch to act as the default gateway, and enable intervlan routing between two vpn instances. A VPN Instance splits the routing table, the same was Cisco's implementation of VRF's - so this behavior is not enabled by default and you have to use MBGP (Multi protocol BGP).

Note that you cannot use static routing to achieve this.

Its compiled of three main things:

Interface VLAN's bound to a VPN Instance.
VPN Instance configuration, with route distinguisher (RD) BGP import and export communities
BGP configuration

I use a fairly straightforward setup, as follows:

Interface VLAN’s

interface Vlan-interface30

description Customer1

ip binding vpn-instance Customer1

ip address 172.16.30.3 255.255.255.0

interface Vlan-interface40

description Customer2

ip binding vpn-instance Customer2

ip address 172.16.40.3 255.255.255.0

VPN Instance Config

ip vpn-instance Customer1

route-distinguisher 64516:1

description Customer1

vpn-target 64516:1 64517:1 import-extcommunity

vpn-target 64516:1 export-extcommunity

ip vpn-instance Customer2

route-distinguisher 64517:1

description Customer2

vpn-target 64517:1 64516:1 import-extcommunity

vpn-target 64517:1 export-extcommunity

BGP Config

bgp 65001

ip vpn-instance Customer1

  address-family ipv4 unicast

   import-route direct

ip vpn-instance Customer2

  address-family ipv4 unicast

   import-route direct

Your routing tables will then look like:

disp ip routing-table vpn-instance Customer1

Destinations : 15       Routes : 15

Destination/Mask   Proto   Pre Cost        NextHop         Interface

...

172.16.30.0/24     Direct  0   0           172.16.30.3     Vlan30

172.16.30.0/32     Direct  0   0           172.16.30.3     Vlan30

172.16.30.3/32     Direct  0   0           127.0.0.1       InLoop0

172.16.30.255/32   Direct  0   0           172.16.30.3     Vlan30

172.16.40.0/24     BGP     130 0           172.16.40.3     Vlan40

172.16.40.3/32     BGP     130 0           127.0.0.1       InLoop0

224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0

224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

disp ip routing-table vpn-instance Customer2

Destinations : 15       Routes : 15

Destination/Mask   Proto   Pre Cost        NextHop         Interface

...

172.16.30.0/24     BGP     130 0           172.16.30.3     Vlan30

172.16.30.3/32     BGP     130 0           127.0.0.1       InLoop0

172.16.40.0/24     Direct  0   0           172.16.40.3     Vlan40

172.16.40.0/32     Direct  0   0           172.16.40.3     Vlan40

172.16.40.3/32     Direct  0   0           127.0.0.1       InLoop0

172.16.40.255/32   Direct  0   0           172.16.40.3     Vlan40

224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0

224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0

And you can now ping between your devices as though it was a normal intervlan router :)

Google Sites

Report abuse