< Home

(Optional) Storing VPN Instance Information on the ASBR

An ASBR that also functions as a PE must store VPN instance information.

Context

In inter-AS VPN Option B scenarios, if ASBRs also function as PEs, the ASBRs must manage VPN routes. Therefore, the ASBRs must have VPN instances configured.

VPN instance configurations including the following:

  1. Create a VPN instance and configure an RD and VPN target for the VPN instance.

  2. (Optional) Configure the maximum number of routes allowed by the VPN instance IPv4 address family.

    By default, there is no limit on the number of routes allowed by the VPN instance IPv4 address family. To prevent a large number of routes from being imported to a VPN instance, configure the maximum number of routes allowed by this VPN instance.

  3. (Optional) Configure the maximum number of route prefixes allowed by the VPN instance IPv4 address family.

    By default, there is no limit on the number of route prefixes allowed by the VPN instance IPv4 address family. To prevent a large number of route prefixes from being imported to a VPN instance, configure the maximum number of route prefixes allowed by this VPN instance.

  4. (Optional) Configure the interval for the system to generate logs after the number of routes exceeds the limit.

    By default, the system generates logs at an interval of 5s after the number of routes exceeds the limit. If the number of routes or prefixes in the VPN instance IPv4 address family reaches the maximum, the system will generate logs at intervals (defaulting to 5s). To prevent logs from being displayed frequently, adjust the interval of log generation.

  5. (Optional) Configure an export or import routing policy for the VPN instance IPv4 address family.

    In addition to using a VPN target to control VPN route sending and receiving, an export or import routing policy can be configured to better control VPN route sending and receiving. An import routing policy filters routes imported to the VPN instance IPv4 address family. An export routing policy filters routes before they are advertised to other peers.

Configuring either the maximum number of routes or route prefixes allowed by the VPN instance IPv4 address family is recommended.

Perform the following steps on the ASBR:

Procedure

  1. Create a VPN instance and configure an RD and VPN target for the VPN instance.
    1. Access the system view. 

      system-view

    2. Create a VPN instance and access its view. 

      ip vpn-instance vpn-instance-name

      If an ASBR must send and receive IPv4 routes of a VPN, create a VPN instance corresponding to the VPN on the ASBR. VPN instances do not need to be created on an ASBR that does not send or receive IPv4 routes of the corresponding VPNs.

    3. Enable the IPv4 address family for the VPN instance and access the VPN instance IPv4 address family view. 

      ipv4-family

    4. Configure an RD for the VPN instance IPv4 address family. 

      route-distinguisher route-distinguisher

    5. Configure a VPN target for the VPN instance IPv4 address family. 

      vpn-target vpn-target &<1-8> import-extcommunity

      In inter-AS VPN Option B networking, the VPN targets of VPN instances on the ASBR and PE in the same AS must match; the VPN targets of the VPN instance IPv4 address family on the PEs in different ASs must also match.

  2. (Optional) Configure the maximum number of routes allowed by the VPN instance IPv4 address family.
    1. Access the system view. 

      system-view

    2. Create a VPN instance and access its view. 

      ip vpn-instance vpn-instance-name

      If an ASBR must send and receive IPv4 routes of a VPN, create a VPN instance corresponding to the VPN on the ASBR. VPN instances do not need to be created on an ASBR that does not send or receive IPv4 routes of the corresponding VPNs.

    3. Enable the IPv4 address family for the VPN instance and access the VPN instance IPv4 address family view. 

      ipv4-family

    4. Set the maximum number of routes allowed by the VPN instance IPv4 address family. 

      routing-table limit number { alert-percent | simply-alert }

      After the routing-table limit command is run, if the number of routes allowed by the VPN instance IPv4 address family reaches the set limit, the system will generate a log and an alarm to instruct the users to check the validity of routes of the VPN instance. After the routing-table limit command is run to increase the maximum number of routes allowed by the VPN instance IPv4 address family or the undo routing-table limit command is run to delete the configured limit, reconfigure the excess routes that fail to be added to the routing table.

  3. (Optional) Configure the maximum number of route prefixes allowed by the VPN instance IPv4 address family.
    1. Access the system view. 

      system-view

    2. Create a VPN instance and access its view. 

      ip vpn-instance vpn-instance-name

      If an ASBR must send and receive IPv4 routes of a VPN, create a VPN instance corresponding to the VPN on the ASBR. VPN instances do not need to be created on an ASBR that does not send or receive IPv4 routes of the corresponding VPNs.

    3. Enable the IPv4 address family for the VPN instance and access the VPN instance IPv4 address family view. 

      ipv4-family

    4. Set the maximum number of route prefixes allowed by the VPN instance IPv4 address family. 

      prefix limit number { alert-percent [ route-unchanged ] | simply-alert }

      After the prefix limit command is run, if the number of route prefixes allowed by the VPN instance IPv4 address family reaches the set limit, the system will generate a log and an alarm to instruct the users to check the validity of routes of the VPN instance. After the prefix limit command is run to increase the maximum number of route prefixes allowed by the VPN instance IPv4 address family or the undo prefix limit command is run to delete the configured limit, the system receives routes from the routing table of each protocol again for the excess route prefixes to construct the IPv4 routing table of the VPN instance.

      After the number of route prefixes exceeds the configured limit, direct and static routes can still be added to the routing table of the VPN instance IPv4 address family.

  4. (Optional) Configure the interval for the system to generate logs after the number of routes exceeds the limit.
    1. Access the system view. 

      system-view

    2. Create a VPN instance and access its view. 

      ip vpn-instance vpn-instance-name

      If an ASBR must send and receive IPv4 routes of a VPN, create a VPN instance corresponding to the VPN on the ASBR. VPN instances do not need to be created on an ASBR that does not send or receive IPv4 routes of the corresponding VPNs.

    3. Enable the IPv4 address family for the VPN instance and access the VPN instance IPv4 address family view. 

      ipv4-family

    4. Set the interval for the system to generate logs after the number of routes exceeds the limit. 

      limit-log-interval interval

  5. (Optional) Configure an export or import routing policy for the VPN instance IPv4 address family.
    1. Access the system view. 

      system-view

    2. Create a VPN instance and access its view. 

      ip vpn-instance vpn-instance-name

      If an ASBR must send and receive IPv4 routes of a VPN, create a VPN instance corresponding to the VPN on the ASBR. VPN instances do not need to be created on an ASBR that does not send or receive IPv4 routes of the corresponding VPNs.

    3. Enable the IPv4 address family for the VPN instance and access the VPN instance IPv4 address family view. 

      ipv4-family

    4. Configure an export or import routing policy for the VPN instance IPv4 address family.

      • To configure an export routing policy for the VPN instance IPv4 address family, run the export route-policy policy-name command.

      • To configure an import routing policy for the VPN instance IPv4 address family, run the import route-policy policy-name command.

Parent Topic: Configuring Inter-AS VPN Option B
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >