< Home

Creating a VPN Instance

This section describes how to configure a VPN instance to manage VPN routes.

Context

Configure the VPN instance on each Spoke-PE and Hub-PE.

Every Spoke-PE is configured with a VPN instance, while each Hub-PE is configured with the following two VPN instances:

  • VPN-in: receives and maintains all the VPNv4 routes advertised by all the Spoke-PEs.

  • VPN-out: maintains the routes of all the Hub stations and Spoke stations and advertises those routes to all the Spoke-PEs.

Different VPN instances on a device have different names, RDs, and description.

Procedure

  1. Access the system view. 

    system-view

  2. Create a VPN instance and access the VPN instance view. 

    ip vpn-instance vpn-instance-name

    The name of the VPN instance is case sensitive. For example, vpn1 and VPN1 are considered different VPN instances.

  3. (Optional) Configure description for the VPN instance. 

    description description-information

    Similar to a host name or an interface description, the VPN instance description helps users memorize the VPN instance. Configuring a proper description is recommended for later query.

  4. Enable the IPv4 address family for the VPN instance and access the VPN instance IPv4 address family view. 

    ipv4-family

  5. Configure an RD for the VPN instance. 

    route-distinguisher route-distinguisher

    A VPN instance takes effect only after the RD is configured. Before configuring the RD, configure only the description about the VPN instance.

  6. (Optional) Allocate the label based on VPN instance IPv4 address family. 

    apply-label per-instance

    In this way, all the routes of a VPN instance IPv4 address family share the same label.

  7. (Optional) Set the maximum number of routes of the VPN instance IPv4 address family. 

    routing-table limit number { alert-percent | simply-alert }

    You can define the maximum number of routes for a VPN instance IPv4 address family to avoid importing excessive routes. The maximum number of routes supported by a PE device varies with the products.

    If the routing-table limit command is run to increase the maximum number of routes supported in a VPN instance IPv4 address family or the undo routing-table limit command is run to remove the limit on the routing table, for excess routes, the following operations are required:

    • For the excessive static routes, reconfigure them manually.

    • For the excessive routes learned from CEs through the IGP multi-instance routing protocol, re-initiate the multi-instance process of the routing protocol on the PE.

    • For the remote cross routes learned through the MP-IBGP and the BGP routes learned from CEs, the system automatically refreshes them.

  8. (Optional) Set the maximum number of prefixes of the VPN instance IPv4 address family. 

    prefix limit number { alert-percent [ route-unchanged ] | simply-alert }

    You can define the maximum number of prefixes for a VPN instance IPv4 address family to avoid importing excessive prefixes.

  9. (Optional) Set the frequency of displaying logs when the number of routes exceeds the threshold. 

    limit-log-interval interval

    If the routes or prefixes in the IPv4 address family of a VPN instance reach the maximum, the system will generate logs at intervals (defaulting to 5 seconds). To prevent logs from being displayed frequently, run the limit-log-interval command to prolong the interval of log generation.

Parent Topic: Configuring Hub and Spoke
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >