Blogs‎ > ‎

VRF / VPN Instance Inter VLAN Routing

How to configure vpn-instance interface VLAN/ intervlan routing on an HPE Comware Switch!

I had a customer who uses VPN Instances on HPE Comware 5500-HI switches, and they needed the Comware switch to act as the default gateway, and enable intervlan routing between two vpn instances.  A VPN Instance splits the routing table, the same was  Cisco's implementation of VRF's - so this behavior is not enabled by default and you have to use MBGP (Multi protocol BGP). 

Note that you cannot use static routing to achieve this.

Its compiled of three main things: 
  • Interface VLAN's bound to a VPN Instance.
  • VPN Instance configuration, with route distinguisher (RD) BGP import and export communities
  • BGP configuration

I use a fairly straightforward setup, as follows:

VPN Instances



 Interface VLAN’s

interface Vlan-interface30
description Customer1
ip binding vpn-instance Customer1
ip address 172.16.30.3 255.255.255.0

interface Vlan-interface40
description Customer2
ip binding vpn-instance Customer2
ip address 172.16.40.3 255.255.255.0

VPN Instance Config

ip vpn-instance Customer1
route-distinguisher 64516:1
description Customer1
vpn-target 64516:1 64517:1 import-extcommunity
vpn-target 64516:1 export-extcommunity

ip vpn-instance Customer2
route-distinguisher 64517:1
description Customer2
vpn-target 64517:1 64516:1 import-extcommunity
vpn-target 64517:1 export-extcommunity

BGP Config

bgp 65001

ip vpn-instance Customer1
  #
  address-family ipv4 unicast
   import-route direct
#
ip vpn-instance Customer2
  #
  address-family ipv4 unicast
   import-route direct
#

Your routing tables will then look like:

disp ip routing-table vpn-instance Customer1

Destinations : 15       Routes : 15

Destination/Mask   Proto   Pre Cost        NextHop         Interface
...
172.16.30.0/24     Direct  0   0           172.16.30.3     Vlan30
172.16.30.0/32     Direct  0   0           172.16.30.3     Vlan30
172.16.30.3/32     Direct  0   0           127.0.0.1       InLoop0
172.16.30.255/32   Direct  0   0           172.16.30.3     Vlan30
172.16.40.0/24     BGP     130 0           172.16.40.3     Vlan40
172.16.40.3/32     BGP     130 0           127.0.0.1       InLoop0
224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0
224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0
255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0


disp ip routing-table vpn-instance Customer2

Destinations : 15       Routes : 15

Destination/Mask   Proto   Pre Cost        NextHop         Interface
...
172.16.30.0/24     BGP     130 0           172.16.30.3     Vlan30
172.16.30.3/32     BGP     130 0           127.0.0.1       InLoop0
172.16.40.0/24     Direct  0   0           172.16.40.3     Vlan40
172.16.40.0/32     Direct  0   0           172.16.40.3     Vlan40
172.16.40.3/32     Direct  0   0           127.0.0.1       InLoop0
172.16.40.255/32   Direct  0   0           172.16.40.3     Vlan40
224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0
224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0


And you can now ping between your devices as though it was a normal intervlan router :)


Disqus comments for Google Sites