Router and NE80E1 belong to AS64001; NE40-2 and NE80E-2 belong to AS64002. Router and NE40 wor as PE, and NE80E as ASBR-PE. Option B is selected for VPN communication. One hundred VPN instances are deployed in total. RT is 3012: i(i is a variable from 1 to 100), and the private routes used by each VPN are the same.
Since the Router works as the egress of Internet, the routes inside VPN are also of Internet. NE40-2 is not able to learn the Internet route, and it is not necessary. NE40-2 only needs to advertise the private network route to Router, and each VPN of NE40-2 is configured with default route to Internet. Configure NE80E1 with BGP extcommunity-filter to match VPN RT, and apply it in route-policy, as follows:
ip extcommunity-filter 1 permit rt 3012:i
route-policy 1 deny node 10
if-match extcommunity-filter 1
route-policy 1 permit node 20
peer 10.0.1.2 route-policy 1 export // 10.0.1.0 is the network segment of directly-connected interfaces between NE80E1 and NE80E2.
It is suggested to configure VPN route directly on PE (Router) so as to reduce the number of prefixes for private network routers on ASBR(NE80E1).