Configuration Examples‎ > ‎HP / HPE‎ > ‎Comware v7‎ > ‎

Comware Policy Based Routing PBR within a VRF

There are a few minor changes you have to make to your configuration to allow PBR within a VPN instance (or VRF, same thing, different kit)

I will use the same concept & IP Addressing as my previous PBR posts.



The router in the picture above (.254) has a default gateway of 2.2.2.1. However, I want traffic sourced from the 192.168.10.0 to.

1. Only use the switches default gateway for any traffic to 10.0.0.0/8
2. Use 1.1.1.1 (the firewall) for any traffic to the internet.
3. To be done within a VRF / VPN Instance called Customer01

Configuration Steps

Create your VPN Instance / VRF

ip vpn-instance Customer01
 route-distinguisher 65005:1
 description Customer01

Create a PBR Node called CUSTOMER01-PBR, and match it on ACL 3001 - note the 'deny' statement.

policy-based-route CUSTOMER01-PBR deny node 10
 if-match acl 3001
quit

Create a PBR Node called CUSTOMER01-PBR, and match it on ACL 3002 - note the 'permit' statement, the new next hop, and the reference to the VPN instance!

policy-based-route CUSTOMER01-PBR permit node 11
 if-match acl 3002
 apply next-hop vpn-instance Customer01 1.1.1.1
 quit

Now create the ACL's - this first ACL matches on any internal traffic to 10.0.0.0/8 or 192.168.0.0/16

acl number 3001 name CUSTOMER01-PBR-INTERNAL-TRAFFIC
 rule permit ip source 192.168.10.0 0.0.0.255 destination 10.0.0.0 0.255.255.255 vpn-instance Customer01
 rule permit ip source 192.168.10.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 vpn-instance Customer01

Now the following ACL is a catch all for anything else.. ie the internet  this includes 172.16.0.0/12 - so make sure you don't need that network, or add it to ACL 3001

acl number 3002 name CUSTOMER01-PBR-EXTERNAL-TRAFFIC
 rule permit ip destination 0.0.0.0 255.255.255.255 vpn-instance Customer01

And here's where the magic happens, apply the PBR to the VLAN interface.

interface vlan 10
 ip binding vpn-instance Customer01 
 ip policy-based-route CUSTOMER01-PBR
 ip address 192.168.10.254
 description Customer01

Note: This is only supported in Comware 7, routing within a PBR is not supported in Comware 5