Configuring VPN instances

VPN instances isolate VPN routes from public network routes and routes among VPNs. This feature allows VPN instances to be used in network scenarios besides MPLS L3VPNs.

All VPN instance configurations are performed on PEs.

Creating a VPN instance

A VPN instance is a collection of the VPN membership and routing rules of its associated site. A VPN instance might not correspond to one VPN.

To create and configure a VPN instance:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create a VPN instance and enter VPN instance view.

ip vpn-instance vpn-instance-name

By default, no VPN instance is created.

3. Configure an RD for the VPN instance.

route-distinguisher route-distinguisher

By default, no RD is specified for a VPN instance.

4. (Optional.) Configure a description for the VPN instance.

description text

By default, no description is configured for a VPN instance.

5. (Optional.) Configure a VPN ID for the VPN instance.

vpn-id vpn-id

By default, no VPN ID is configured for a VPN instance.

Associating a VPN instance with an interface

After creating and configuring a VPN instance, associate the VPN instance with the interface connected to the CE.

To associate a VPN instance with an interface:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Associate a VPN instance with the interface.

ip binding vpn-instance vpn-instance-name

By default, no VPN instance is associated with an interface.

The ip binding vpn-instance command deletes the IP address of the current interface. You must re-configure an IP address for the interface after configuring the command.

Configuring route related attributes for a VPN instance

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter VPN instance view or IPv4 VPN view

  • Enter VPN instance view:ip vpn-instance vpn-instance-name

  • Enter IPv4 VPN view:

    1. ip vpn-instance vpn-instance-name

    2. address-family ipv4

Configurations made in VPN instance view apply to both IPv4 VPN and IPv6 VPN.

IPv4 VPN prefers the configurations in IPv4 VPN view over the configurations in VPN instance view.

3. Configure route targets.

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

By default, no route targets are configured.

4. Set the maximum number of active routes allowed.

routing-table limit number { warn-threshold | simply-alert }

By default, the number of active routes allowed for a VPN instance is not limited.

Setting the maximum number of active routes for a VPN instance can prevent the PE from learning too many routes.

5. Apply an import routing policy.

import route-policy route-policy

By default, all routes matching the import target attribute are accepted.

The specified routing policy must have been created.

For information about routing policies, see Layer 3—IP Routing Configuration Guide.

6. Apply an export routing policy.

export route-policy route-policy

By default, routes to be advertised are not filtered.

The specified routing policy must have been created.

For information about routing policies, see Layer 3—IP Routing Configuration Guide.

7. Apply a tunnel policy to the VPN instance.

tnl-policy tunnel-policy-name

By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, and CR-LSP tunnel.

The specified tunnel policy must have been created.

For information about tunnel policies, see "Configuring tunnel policies."