Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Setup VPN instance route leaking with Comware v7

advertisement 
Configuration guide
Setup VPN instance route leaking
with Comware v7
Table of contents
Introduction............................................................................................................................................................................2
Topology ............................................................................................................................................................................2
Configuration steps...............................................................................................................................................................3
Step 1: VPN instance configuration on core ..................................................................................................................3
Step 2: Configure IP addresses and loopback interfaces on core ..............................................................................4
Step 3: Configure IP addresses and loopback interface on customer A ....................................................................5
Step 4: Configure IP addresses and loopback interface on customer B ....................................................................5
Step 5: Configure OSPF routing between the devices..................................................................................................6
Step 6: Configure BGP peering between the customer devices and core .................................................................7
Step 7: Setup VPN instance route leaking .................................................................................................................. 10
Configuration guide | Setup VPN instance route leaking with Comware v7
Introduction
The document provides a configuration example for VPN route leaking with Comware v7. In some circumstances, it is
desired to allow routing between VPN instances. This can be achieved through configuring BGP. In the configuration
example, VPN instance separation is established between two customers. Both customers share access to a third VPN
instance, for example to allow common Internet access.
VPN instance customer A and VPN instance customer B are customer instances that are logically separated and these
instances cannot communicate with each other, they have their own routing tables. VPN shared is a common instance
containing resources that are accessible by the customer instances. BGP is used for configuring the route leaking between
the customer instances and the common VPN instance.
Topology
Figure 1. Configuration example of VPN instances
VPN: Customer A
OSPF
172.16.1.1/32
VPN: Customer A
BGP
172.16.10.1/32
Lo5
Lo0
VPN: Customer B
OSPF
172.16.2.1/32
Core
Lo1
VPN: Customer B
BGP
172.16.20.1/32
VPN: Shared
172.16.3.1/32
Lo6
Lo2
1.1.1.1/32
Lo10
BGP 65000
G0/0/2
10.1.1.1/24
G0/0/3
10.1.2.1/24
Customer A
1.1.1.2/32
Lo10
172.16.1.2/32
2
Customer B
G0/0/2
10.1.1.2/24
Lo0
BGP 65001
G0/0/2
10.1.2.2/24
BGP 65002
1.1.1.3/32
Lo10
Lo0
172.16.2.3/32
Configuration guide | Setup VPN instance route leaking with Comware v7
Configuration steps
Step 1: VPN instance configuration on core
[hp]sysname CORE
[CORE]ip vpn-instance CustomerA
[CORE-vpn-instance-CustomerA]route-distinguisher 10:1
[CORE-vpn-instance-CustomerA]vpn-target 10:1
IVT Assignment result:
VPN-Target assignment is successful
EVT Assignment result:
VPN-Target assignment is successful
[CORE-vpn-instance-CustomerA]description Customer-A
[CORE-vpn-instance-CustomerA]quit
[CORE]ip vpn-instance CustomerB
[CORE-vpn-instance-CustomerB]route-distinguisher 20:1
[CORE-vpn-instance-CustomerB]vpn-target 20:1
IVT Assignment result:
VPN-Target assignment is successful
EVT Assignment result:
VPN-Target assignment is successful
[CORE-vpn-instance-CustomerB]description Customer-B
[CORE-vpn-instance-CustomerB]quit
[CORE]ip vpn-instance Shared
[CORE-vpn-instance-Shared]route-distinguisher 30:1
[CORE-vpn-instance-Shared]vpn-target 30:1
IVT Assignment result:
VPN-Target assignment is successful
EVT Assignment result:
VPN-Target assignment is successful
[CORE-vpn-instance-Shared]description Shared
[CORE-vpn-instance-Shared]quit
[CORE]
3
Configuration guide | Setup VPN instance route leaking with Comware v7
Step 2: Configure IP addresses and loopback interfaces on core
[CORE]interface loopback 0
[CORE-loopback0]ip binding vpn-instance CustomerA
[CORE-loopback0]ip address 172.16.1.1 32
[CORE-loopback0]description BGP-peer-lb-OSPF-CustomerA
[CORE-loopback0]quit
[CORE]interface loopback 5
[CORE-loopback5]ip binding vpn-instance CustomerA
[CORE-loopback5]ip address 172.16.10.1 32
[CORE-loopback5]description BGP-ip-CustomerA
[CORE-loopback5]quit
[CORE]interface loopback 1
[CORE-loopback1]ip binding vpn-instance CustomerB
[CORE-loopback1]ip address 172.16.2.1 32
[CORE-loopback1]description BGP-peer-lb-OSPF-CustomerB
[CORE-loopback1]quit
[CORE]interface loopback 6
[CORE-loopback6]ip binding vpn-instance CustomerB
[CORE-loopback6]ip address 172.16.20.1 32
[CORE-loopback6]description BGP-ip-CustomerB
[CORE-loopback6]quit
[CORE]interface loopback 2
[CORE-loopback2]ip binding vpn-instance Shared
[CORE-loopback2]ip address 172.16.3.1 32
[CORE-loopback2]description Shared-IP
[CORE-loopback2]quit
[CORE]interface loopback 10
[CORE-loopback10]ip address 1.1.1.1 32
[CORE-loopback10]description Router-ID
[CORE-loopback10]quit
[CORE]interface gigabitEthernet 0/0/2
[CORE-GigabitEthernet0/0/2]ip binding vpn-instance CustomerA
[CORE-GigabitEthernet0/0/2]ip address 10.1.1.1 24
[CORE-GigabitEthernet0/0/2]undo shutdown
[CORE-GigabitEthernet0/0/2]interface gigabitEthernet 0/0/3
[CORE-GigabitEthernet0/0/3]ip binding vpn-instance CustomerB
[CORE-GigabitEthernet0/0/3]ip address 10.1.2.1 24
[CORE-GigabitEthernet0/0/3]undo shutdown
[CORE-GigabitEthernet0/0/3]quit
[CORE]
4
Configuration guide | Setup VPN instance route leaking with Comware v7
Step 3: Configure IP addresses and loopback interface on customer A
[hp]sysname CustomerA
[CustomerA]interface loopback 0
[CustomerA-loopback0]ip address 172.16.1.2 32
[CustomerA-loopback0]quit
[CustomerA]interface loopback 10
[CustomerA-loopback10]description routerID
[CustomerA-loopback10]ip address 1.1.1.2 32
[CustomerA-loopback10]quit
[CustomerA]interface gigabitEthernet 0/0/2
[CustomerA-GigabitEthernet0/0/2]ip address 10.1.1.2 24
[CustomerA-GigabitEthernet0/0/2]undo shutdown
[CustomerA-GigabitEthernet0/0/2]quit
[CustomerA]
Step 4: Configure IP addresses and loopback interface on customer B
[hp]sysname CustomerB
[CustomerB]interface loopback 0
[CustomerB-loopback0]ip address 172.16.2.3 32
[CustomerB-loopback0]quit
[CustomerB]interface loopback 10
[CustomerB-loopback10]description routerID
[CustomerB-loopback10]ip address 1.1.1.3 32
[CustomerB-loopback10]quit
[CustomerB]interface gigabitEthernet 0/0/2
[CustomerB-GigabitEthernet0/0/2]ip address 10.1.2.2 24
[CustomerB-GigabitEthernet0/0/2]quit
[CustomerB]
5
Configuration guide | Setup VPN instance route leaking with Comware v7
Step 5: Configure OSPF routing between the devices
This is to allow for BGP peering on the loopback interfaces. Although it is also possible to establish BGP peering on physical
IP addresses or use static routing to reach the loopback interfaces, it is a common practice to use an IGP in case a route to a
destination peer might become unreachable through a primary path.
On customer A:
[CustomerA]router id 1.1.1.2
[CustomerA]ospf
[CustomerA-ospf-1]area 0
[CustomerA-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[CustomerA-ospf-1-area-0.0.0.0]network 172.16.1.2 0.0.0.0
On customer B:
[CustomerB]router id 1.1.1.3
[CustomerB]ospf
[CustomerB-ospf-1]area 0
[CustomerB-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255
[CustomerB-ospf-1-area-0.0.0.0]network 172.16.2.3 0.0.0.0
On core:
[CORE]ospf 10 router-id 172.16.1.1
[CORE-ospf-10]area 0
[CORE-ospf-10-area-0.0.0.0]network
[CORE-ospf-10-area-0.0.0.0]network
[CORE-ospf-10-area-0.0.0.0]quit
[CORE-ospf-10]quit
[CORE]ospf 20 router-id 172.16.2.1
[CORE-ospf-20]area 0
[CORE-ospf-20-area-0.0.0.0]network
[CORE-ospf-20-area-0.0.0.0]network
[CORE-ospf-20-area-0.0.0.0]quit
[CORE-ospf-20]quit
[CORE]
vpn-instance CustomerA
10.1.1.0 0.0.0.255
172.16.1.1 0.0.0.0
vpn-instance CustomerB
10.1.2.0 0.0.0.255
172.16.2.1 0.0.0.0
Before continuing to the next step, verify whether the OSPF routing tables contain the appropriate routing information.
From the customer A and customer B devices, ping to the loopback interfaces of the core should be possible. From
customer A, a ping to 172.16.1.1 should be successful. From customer B, a ping to 172.16.2.1 should be successful.
[CustomerA]display ospf routing-table
OSPF Process 1 with Router ID 1.1.1.2
Routing Tables
Routing for Network
Destination
Cost
172.16.1.1/32
1
172.16.1.2/32
0
10.1.1.0/24
1
Total Nets: 3
Intra Area: 3
6
Type
Stub
Stub
Transit
Inter Area: 0
ASE: 0
NextHop
10.1.1.1
172.16.1.2
10.1.1.2
NSSA: 0
AdvRouter
172.16.1.1
1.1.1.2
172.16.1.1
Area
0.0.0.0
0.0.0.0
0.0.0.0
Configuration guide | Setup VPN instance route leaking with Comware v7
Step 6: Configure BGP peering between the customer devices and core
On core, peering has to be established using the “ip vpn-instance” functionality in the BGP context.
On customer A:
[CustomerA]bgp 65001
[CustomerA-bgp]router-id 1.1.1.2
[CustomerA-bgp]peer 172.16.1.1 as-number 65000
[CustomerA-bgp]peer 172.16.1.1 connect-interface LoopBack0
[CustomerA-bgp]address-family ipv4 unicast
[CustomerA-bgp-ipv4]peer 172.16.1.1 enable
On customer B:
[CustomerB]bgp 65002
[CustomerB-bgp]router-id 1.1.1.3
[CustomerB-bgp]peer 172.16.2.1 as-number 65000
[CustomerB-bgp]peer 172.16.2.1 connect-interface LoopBack0
[CustomerB-bgp]address-family ipv4 unicast
[CustomerB-bgp-ipv4]peer 172.16.2.1 enable
On core:
[CORE]bgp 65000
[CORE-bgp]router-id 1.1.1.1
[CORE-bgp]ip vpn-instance CustomerA
[CORE-bgp-CustomerA]peer 172.16.1.2 as-number 65001
[CORE-bgp-CustomerA]peer 172.16.1.2 connect-interface LoopBack0
[CORE-bgp-CustomerA]address-family ipv4 unicast
[CORE-bgp-ipv4-CustomerA]import-route ospf 10
[CORE-bgp-ipv4-CustomerA]network 172.16.10.1 255.255.255.255
[CORE-bgp-ipv4-CustomerA]peer 172.16.1.2 enable
[CORE-bgp-ipv4-CustomerA]ip vpn-instance CustomerB
[CORE-bgp-CustomerB]peer 172.16.2.3 as-number 65002
[CORE-bgp-CustomerB]peer 172.16.2.3 connect-interface LoopBack1
[CORE-bgp-CustomerB]address-family ipv4 unicast
[CORE-bgp-ipv4-CustomerB]import-route ospf 20
[CORE-bgp-ipv4-CustomerB]network 172.16.20.1 255.255.255.255
[CORE-bgp-ipv4-CustomerB]peer 172.16.2.3 enable
[CORE-bgp-ipv4-CustomerB]ip vpn-instance Shared
[CORE-bgp-Shared]address-family ipv4 unicast
[CORE-bgp-ipv4-Shared]network 172.16.3.1 255.255.255.255
Before continuing, verify whether the BGP peer relationships have been established.
[CORE]display bgp peer ipv4 vpn-instance CustomerA
BGP local router ID: 1.1.1.1
Local AS number: 65000
Total number of peers: 1
Peer
172.16.1.2
AS
65001
MsgRcvd
257
Peers in established state: 1
MsgSent
247
OutQ
0
PrefRcv
0
Up/Down
03:15:50
State
Established
7
Configuration guide | Setup VPN instance route leaking with Comware v7
[CORE]display bgp peer ipv4 vpn-instance CustomerB
BGP local router ID: 1.1.1.1
Local AS number: 65000
Total number of peers: 1
Peer
172.16.2.3
AS
65002
MsgRcvd
258
Peers in established state: 1
MsgSent
258
OutQ
0
PrefRcv
0
Up/Down
03:15:29
State
Established
Also, ensure that OSPF and BGP routing is working by verifying the routing tables of the VPN instances and try to ping the
loopback interfaces of the remote device. It should not be possible to reach the IP address in the shared VPN-instance on
the core because route-leaking has not been configured yet.
[CORE]display ip routing-table vpn-instance CustomerA
Destinations : 15
Destination/Mask
0.0.0.0/32
10.1.1.0/24
10.1.1.0/32
10.1.1.1/32
10.1.1.255/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.1.1/32
172.16.1.2/32
172.16.10.1/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
Routes : 15
Proto
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
Direct
Direct
Direct
Direct
Pre
0
0
0
0
0
0
0
0
0
0
10
0
0
0
0
Cost
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
NextHop
127.0.0.1
10.1.1.1
10.1.1.1
127.0.0.1
10.1.1.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.1.2
127.0.0.1
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
GE0/1/2
GE0/1/2
InLoop0
GE0/1/2
InLoop0
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/2
InLoop0
NULL0
NULL0
InLoop0
[CORE]display ip routing-table vpn-instance CustomerB
Destinations : 15
Destination/Mask
0.0.0.0/32
10.1.2.0/24
10.1.2.0/32
10.1.2.1/32
10.1.2.255/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.2.1/32
172.16.2.3/32
172.16.20.1/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
8
Routes : 15
Proto
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
Direct
Direct
Direct
Direct
Pre
0
0
0
0
0
0
0
0
0
0
10
0
0
0
0
Cost
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
NextHop
127.0.0.1
10.1.2.1
10.1.2.1
127.0.0.1
10.1.2.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.2.2
127.0.0.1
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
GE0/1/1
GE0/1/1
InLoop0
GE0/1/1
InLoop0
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/1
InLoop0
NULL0
NULL0
InLoop0
Configuration guide | Setup VPN instance route leaking with Comware v7
The routing tables of the edge devices do not show the route entry of the Shared VPN instance as can be seen below.
[CustomerA]display ip routing-table
Destinations : 20
Destination/Mask
0.0.0.0/32
1.1.1.2/32
10.1.1.0/24
10.1.1.0/32
10.1.1.2/32
10.1.1.255/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.1.1/32
172.16.1.2/32
172.16.10.1/32
192.168.0.0/24
192.168.0.0/32
192.168.0.51/32
192.168.0.255/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
Routes : 20
Proto
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
Direct
BGP
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Pre
0
0
0
0
0
0
0
0
0
0
10
0
255
0
0
0
0
0
0
0
Cost
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
NextHop
127.0.0.1
127.0.0.1
10.1.1.2
10.1.1.2
127.0.0.1
10.1.1.2
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.1.1
127.0.0.1
172.16.1.1
192.168.0.51
192.168.0.51
127.0.0.1
192.168.0.51
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
InLoop0
GE0/1/1
GE0/1/1
InLoop0
GE0/1/1
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/1
InLoop0
GE0/1/1
Vlan1
Vlan1
InLoop0
Vlan1
NULL0
NULL0
InLoop0
NextHop
127.0.0.1
127.0.0.1
10.1.2.2
10.1.2.2
127.0.0.1
10.1.2.2
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.2.1
127.0.0.1
172.16.2.1
192.168.0.52
192.168.0.52
127.0.0.1
192.168.0.52
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
InLoop0
GE0/1/1
GE0/1/1
InLoop0
GE0/1/1
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/1
InLoop0
GE0/1/1
Vlan1
Vlan1
InLoop0
Vlan1
NULL0
NULL0
InLoop0
[CustomerB]display ip routing-table
Destinations : 20
Destination/Mask
0.0.0.0/32
1.1.1.3/32
10.1.2.0/24
10.1.2.0/32
10.1.2.2/32
10.1.2.255/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.2.1/32
172.16.2.3/32
172.16.20.1/32
192.168.0.0/24
192.168.0.0/32
192.168.0.52/32
192.168.0.255/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
Routes : 20
Proto
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
Direct
BGP
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Pre
0
0
0
0
0
0
0
0
0
0
10
0
255
0
0
0
0
0
0
0
Cost
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
9
Configuration guide | Setup VPN instance route leaking with Comware v7
Step 7: Setup VPN instance route leaking
Allow routing between VPN instance customer A and VPN instance shared, and allow routing between VPN instance
customer B and VPN instance shared
[CORE]ip vpn-instance Shared
[CORE-vpn-instance-Shared]vpn-target 10:1
IVT Assignment result:
VPN-Target assignment is successful
EVT Assignment result:
VPN-Target assignment is successful
[CORE-vpn-instance-Shared]vpn-target 20:1
IVT Assignment result:
VPN-Target assignment is successful
EVT Assignment result:
VPN-Target assignment is successful
Verify the IP routing tables again. This should show the routing information from VPN-instance Shared.
[CORE]display ip routing-table vpn-instance CustomerA
Destinations : 15
Destination/Mask
0.0.0.0/32
10.1.1.0/24
10.1.1.0/32
10.1.1.1/32
10.1.1.255/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.1.1/32
172.16.1.2/32
172.16.3.1/32
172.16.10.1/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
10
Routes : 15
Proto
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
BGP
Direct
Direct
Direct
Direct
Pre
0
0
0
0
0
0
0
0
0
0
10
130
0
0
0
0
Cost
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
NextHop
127.0.0.1
10.1.1.1
10.1.1.1
127.0.0.1
10.1.1.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.1.2
127.0.0.1
127.0.0.1
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
GE0/1/2
GE0/1/2
InLoop0
GE0/1/2
InLoop0
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/2
InLoop0
InLoop0
NULL0
NULL0
InLoop0
Configuration guide | Setup VPN instance route leaking with Comware v7
[CORE]display ip routing-table vpn-instance CustomerB
Destinations : 15
Destination/Mask
0.0.0.0/32
10.1.2.0/24
10.1.2.0/32
10.1.2.1/32
10.1.2.255/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.2.1/32
172.16.2.3/32
172.16.3.1/32
172.16.20.1/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
Routes : 15
Proto
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
BGP
Direct
Direct
Direct
Direct
Pre
0
0
0
0
0
0
0
0
0
0
10
130
0
0
0
0
Cost
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
NextHop
127.0.0.1
10.1.2.1
10.1.2.1
127.0.0.1
10.1.2.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.2.2
127.0.0.1
127.0.0.1
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
GE0/1/1
GE0/1/1
InLoop0
GE0/1/1
InLoop0
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/1
InLoop0
InLoop0
NULL0
NULL0
InLoop0
[CORE]display ip routing-table vpn-instance Shared
Destinations : 13
Destination/Mask
0.0.0.0/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.1.2/32
172.16.2.3/32
172.16.3.1/32
172.16.10.1/32
172.16.20.1/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
Routes : 13
Proto
Direct
Direct
Direct
Direct
Direct
BGP
BGP
Direct
BGP
BGP
Direct
Direct
Direct
Pre
0
0
0
0
0
130
130
0
130
130
0
0
0
Cost
0
0
0
0
0
2
2
0
0
0
0
0
0
NextHop
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.1.2
10.1.2.2
127.0.0.1
127.0.0.1
127.0.0.1
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/2
GE0/1/1
InLoop0
InLoop0
InLoop0
NULL0
NULL0
InLoop0
11
Configuration guide | Setup VPN instance route leaking with Comware v7
[CustomerA]display ip routing-table
Destinations : 20
Destination/Mask
0.0.0.0/32
1.1.1.2/32
10.1.1.0/24
10.1.1.0/32
10.1.1.2/32
10.1.1.255/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.1.1/32
172.16.1.2/32
172.16.3.1/32
172.16.10.1/32
192.168.0.0/24
192.168.0.0/32
192.168.0.51/32
192.168.0.255/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
Routes : 20
Proto
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
Direct
BGP
BGP
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Pre
0
0
0
0
0
0
0
0
0
0
10
0
255
255
0
0
0
0
0
0
0
Cost
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
NextHop
127.0.0.1
127.0.0.1
10.1.1.2
10.1.1.2
127.0.0.1
10.1.1.2
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.1.1
127.0.0.1
172.16.1.1
172.16.1.1
192.168.0.51
192.168.0.51
127.0.0.1
192.168.0.51
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
InLoop0
GE0/1/1
GE0/1/1
InLoop0
GE0/1/1
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/1
InLoop0
GE0/1/1
GE0/1/1
Vlan1
Vlan1
InLoop0
Vlan1
NULL0
NULL0
InLoop0
NextHop
127.0.0.1
127.0.0.1
10.1.2.2
10.1.2.2
127.0.0.1
10.1.2.2
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
10.1.2.1
127.0.0.1
172.16.2.1
172.16.2.1
192.168.0.52
192.168.0.52
127.0.0.1
192.168.0.52
0.0.0.0
0.0.0.0
127.0.0.1
Interface
InLoop0
InLoop0
GE0/1/1
GE0/1/1
InLoop0
GE0/1/1
InLoop0
InLoop0
InLoop0
InLoop0
GE0/1/1
InLoop0
GE0/1/1
GE0/1/1
Vlan1
Vlan1
InLoop0
Vlan1
NULL0
NULL0
InLoop0
[CustomerB]display ip routing-table
Destinations : 20
Destination/Mask
0.0.0.0/32
1.1.1.3/32
10.1.2.0/24
10.1.2.0/32
10.1.2.2/32
10.1.2.255/32
127.0.0.0/8
127.0.0.0/32
127.0.0.1/32
127.255.255.255/32
172.16.2.1/32
172.16.2.3/32
172.16.3.1/32
172.16.20.1/32
192.168.0.0/24
192.168.0.0/32
192.168.0.52/32
192.168.0.255/32
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
Routes : 20
Proto
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Direct
OSPF
Direct
BGP
BGP
Direct
Direct
Direct
Direct
Direct
Direct
Direct
Pre
0
0
0
0
0
0
0
0
0
0
10
0
255
255
0
0
0
0
0
0
0
Cost
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
Issue a ping from the edge devices to the loopback interface of VPN shared on core (172.16.1.3).
Because the destination IP address requires that the source address is reachable from the destination, it is required to
provide a reachable source address. This is identified by using the “–a” option when issuing the ping.
12
Configuration guide | Setup VPN instance route leaking with Comware v7
From customer A:
[CustomerA]ping –a 172.16.1.2
172.16.3.1
PING 172.16.3.1 (172.16.3.1) from 172.16.1.2: 56 data bytes, press CTRL_C to break
56 bytes from 172.16.3.1: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 172.16.3.1: icmp_seq=1 ttl=255 time=1.000 ms
56 bytes from 172.16.3.1: icmp_seq=2 ttl=255 time=0.000 ms
56 bytes from 172.16.3.1: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 172.16.3.1: icmp_seq=4 ttl=255 time=0.000 ms
--- 172.16.3.1 ping statistics --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms
From customer B:
[PE]ping –a 172.16.2.3 172.16.3.1
PING 172.16.3.1 (172.16.3.1) from 172.16.2.3: 56 data bytes, press CTRL_C to break
56 bytes from 172.16.3.1: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 172.16.3.1: icmp_seq=1 ttl=255 time=0.000 ms
56 bytes from 172.16.3.1: icmp_seq=2 ttl=255 time=0.000 ms
56 bytes from 172.16.3.1: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 172.16.3.1: icmp_seq=4 ttl=255 time=1.000 ms
--- 172.16.3.1 ping statistics --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms
A ping between customer A and customer B should not be possible.
[CustomerA]ping –a 172.16.1.2 172.16.2.3
(between edge devices)
PING 172.16.2.3 (172.16.2.3) from 172.16.1.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 172.16.2.3 ping statistics --5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
On core, interfaces have been configured to be a member of either customer A or customer B. These IP addresses should
also not be reachable between both VPN instances.
[CustomerA]ping –a 172.16.1.2 172.16.20.1
[CustomerB]ping –a 172.16.2.3 172.16.10.1
(not successful)
(not successful)
When interfaces are member of a VPN instance, these should be reachable.
[CustomerA]ping –a 172.16.1.2 172.16.10.1
[CustomerB]ping –a 172.16.2.3 172.16.20.1
(successful)
(successful)
Learn more at
hp.com/networking
Sign up for updates
hp.com/go/getupdated
Share with colleagues
Rate this document
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for
HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as
constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
4AA5-9271ENW, June 2015
Related documents
Peplink SpeedFusion
Peplink SpeedFusion
remote_access_applications
remote_access_applications
Download
advertisement