Country/Region

How to config route leak between vpn-instance for H3C Switch

2023-12-29 10:48:31 Published
  • 0 Followed
  • 0Collected ,2615Browsed
Liangjinbao

Problem Description

 How to config route leak between vpn-instance for H3C S6850

Diagram

 

Requirement

  1. Devices in ASN65003 must be access resource from ASN 65001, 65002, S6805
  2. Routes from ASN 65003 must import into vpn-a, vpn-b and vpn-c
  1. ASN 65001 will not have route from ASN65002 and S6805
  1. ASN 65002 will not have route from ASN65001 and S6805

  1. S6805 will not have route from ASN65001 and ASN650


Some of VRF (VPN-Instance) routes leak on other vendor

Arista: https://www.arista.com/en/um-eos/eos-inter-vrf-local-route-leaking

Cisco: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/216541-vrf-configuration-examples-on-ios-xe.html

Solution

https://www.h3c.com/en/d_202303/1790665_294551_0.htm

 

Configuring route replication

Configuring the public instance

About this task

Configure the public instance to enable the mutual access between public network and private network users.

Restrictions and guidelines

In an MPLS L3VPN network, for the public network and the VPN network to communicate with each other through route target matching, perform the following tasks:

·     Configure matching route targets for the public instance and VPN instance.

·     Use the route-replicate enable command in BGP instance view to enable mutual BGP route replication between the public and VPN instances.

Procedure

1.     Enter system view.

system-view

2.     Enter public instance view.

ip public-instance

3.     Configure an RD for the public instance.

route-distinguisher route-distinguisher

By default, no RD is configured for the public instance.

4.     Configure a route target for the public instance.

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

By default, no route target is configured for the public instance.

5.     Enter public instance IPv4 address family view.

address-family ipv4

6.     Configure a route target for the public instance IPv4 address family.

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

By default, no route target is configured for the IPv4 address family of the public instance.

7.     Apply an import routing policy to the public instance.

import route-policy route-policy

By default, all routes matching the import target attribute are accepted.

8.     Apply an export routing policy to the public instance.

export route-policy route-policy

By default, routes to be advertised are not filtered.

Configuring route replication between public/VPN instances

About this task

In a BGP/MPLS L3VPN network, only VPN instances that have matching route targets can communicate with each other.

The route replication feature provides the following functions:

·     Enables a VPN instance to communicate with the public network or other VPN instances by replicating routes from the public instance or other VPN instances.

·     Enables the public network to communicate with a VPN instance by replicating routes from the VPN instance to the public instance.

In an intelligent traffic control network, traffic of different tenants is assigned to different VPNs. To enable the tenants to communicate with the public network, configure this feature to replicate routes from the public instance to the VPN instances.

VLINK direct routes are generated based on ARP entries learned by interfaces. The route-replicate from vpn-instance protocol direct and route-replicate from public protocol direct commands replicate VLINK direct routes, but the VLINK direct routes cannot be added to the FIB, causing traffic forwarding failures. To address this issue, you can specify the vlink-direct keyword to replicate VLINK direct routes and add the VLINK direct routes to the FIB.

Configuring a VPN instance to replicate routes from the public instance or another VPN instance

1.     Enter system view.

system-view

2.     Enter VPN instance view.

ip vpn-instance vpn-instance-name

3.     Enter VPN instance IPv4 address family view.

address-family ipv4

4.     Replicate routes from the public instance or other VPN instances.

route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp as-number | direct | static | { isis | ospf | rip } process-id | vlink-direct } [ advertise ] [ route-policy route-policy-name ]

By default, a VPN instance cannot replicate routes from the public instance or other VPN instances.

Replicating routes from a VPN instance to the public instance

1.     Enter system view.

system-view

2.     Enter public instance view.

ip public-instance

3.     Enter public instance IPv4 address family view.

address-family ipv4

4.     Replicate routes from a VPN instance to the public instance.

route-replicate from vpn-instance vpn-instance-name protocol { bgp as-number | direct | static | { isis | ospf | rip } process-id | vlink-direct } [ advertise ] [ route-policy route-policy-name ]

By default, the public instance cannot replicate routes from VPN instances.

 


Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted