Configuring VPN instances
VPN instances isolate VPN routes from public network routes and routes among VPNs. This feature allows VPN instances to be used in network scenarios in addition to MPLS L3VPNs.
All VPN instance configurations are performed on PEs or MCEs.
Creating a VPN instance
A VPN instance is a collection of the VPN membership and routing rules of its associated site. A VPN instance might correspond to more than one VPN.
To create and configure a VPN instance:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a VPN instance and enter VPN instance view. | ip vpn-instance vpn-instance-name | By default, no VPN instances exist. |
3. Configure an RD for the VPN instance. | route-distinguisher route-distinguisher | By default, no RD is configured for a VPN instance. |
4. (Optional.) Configure a description for the VPN instance. | description text | By default, no description is configured for a VPN instance. |
5. (Optional.) Configure a VPN ID for the VPN instance. | vpn-id vpn-id | By default, no VPN ID is configured for a VPN instance. |
6. (Optional.) Configure an SNMP context for the VPN instance. | snmp context-name context-name | By default, no SNMP context is configured. |
Associating a VPN instance with an interface
After creating and configuring a VPN instance, associate the VPN instance with the interface connected to the CE.
To associate a VPN instance with an interface:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Associate a VPN instance with the interface. | ip binding vpn-instance vpn-instance-name | By default, an interface is not associated with a VPN instance and belongs to the public network. The ip binding vpn-instance command deletes the IP address of the current interface. You must reconfigure an IP address for the interface after configuring the command. |
Configuring route related attributes for a VPN instance
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter VPN instance view or IPv4 VPN view |
| Configurations made in VPN instance view apply to both IPv4 VPN and IPv6 VPN. IPv4 VPN prefers the configurations in IPv4 VPN view over the configurations in VPN instance view. |
3. Configure route targets. | vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] | By default, no route targets are configured. |
4. Set the maximum number of active routes. | routing-table limit number { warn-threshold | simply-alert } | By default, the number of active routes in a VPN instance is not limited. Setting the maximum number of active routes for a VPN instance can prevent the PE from learning too many routes. |
5. Apply an import routing policy. | import route-policy route-policy | By default, all routes matching the import target attribute are accepted. The specified routing policy must have been created. For information about routing policies, see Layer 3—IP Routing Configuration Guide. |
6. Apply an export routing policy. | export route-policy route-policy | By default, routes to be advertised are not filtered. The specified routing policy must have been created. For information about routing policies, see Layer 3—IP Routing Configuration Guide. |
7. Apply a tunnel policy to the VPN instance. | tnl-policy tunnel-policy-name | By default, only one tunnel is selected (no load balancing). The LSP tunnel takes precedence over the CR-LSP tunnel. The specified tunnel policy must have been created. For information about tunnel policies, see "Configuring tunnel policies." |