Binding Interfaces to a VPN Instance

After an interface is bound to a VPN instance, the interface becomes a part of the VPN. Packets entering the interface will be forwarded based on the VRF table of the VPN.

Context

After a VPN instance is configured on a PE, an interface that belongs to the VPN must be bound to the VPN instance. Otherwise, the interface functions as a public network interface and cannot forward VPN data.

Procedure

Manually create a VPN instance.
1. Access the system view.
```
system-view
```
2. Access the view of the interface to be bound to a VPN instance.
```
interface interface-type interface-number
```
3. Bind the interface to the VPN instance.
```
ip binding vpn-instance vpn-instance-name
```
  - Using the ip binding vpn-instance command will delete layer-3 (including IPv4 and IPv6) configurations such as the IP address and routing protocol on the interface. Reconfigure them after using the ip binding vpn-instance command if needed.
  - An interface cannot be bound to a VPN instance that is not enabled with an address family.
  - If the IPv4 or IPv6 address family is disabled for a VPN instance, IPv4 or IPv6 configurations on the interface bound to the VPN instance will be cleared. If both the IPv4 and IPv6 address families are disabled for a VPN instance, the binding between the VPN instance and the interface will be removed.
4. Set an IP address for the interface.
```
ip address ip-address { mask | mask-length }
```
  Some layer-3 features such as route exchange between the PE and CE can be configured only after an IP address is configured for the VPN interface on the PE.
A VPN instance is automatically generated when a virtual system is created.
1. Access the system view.
```
system-view
```
2. Create a virtual system and access the virtual system management view.
```
vsys name vsys-name
```
3. Allocate an interface to the virtual system. The interface is automatically bound to the VPN instance generated for the virtual system.
```
assign interfaceinterface-type interface-number
```
4. In the root system, access the virtual system configuration view.
```
switch vsys vsys-name
```
5. Access the VPN instance interface view.
```
interface interface-type interface-number
```
6. Set the IP address of the interface.
```
ip address ip-address { mask | mask-length }
```
After an IP address is configured for the LAN interface, certain Layer-3 features can be configured between the PE and CE, such as route exchange between the PE and CE.