Configuring VPN instances
By configuring VPN instances on a PE, you isolate not only VPN routes from public network routes, but also routes between VPNs. This feature allows VPN instances to be used in network scenarios besides MPLS L3VPNs.
All VPN instance configurations are performed on PEs.
Creating a VPN instance
A VPN instance is associated with a site. It is a collection of the VPN membership and routing rules of its associated site. A VPN instance does not necessarily correspond to one VPN.
To create and configure a VPN instance:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a VPN instance and enter VPN instance view. | ip vpn-instance vpn-instance-name | By default, no VPN instance is created. |
3. Configure an RD for the VPN instance. | route-distinguisher route-distinguisher | By default, no RD is specified. |
4. (Optional.) Configure a description for the VPN instance. | description text | By default, no description is configured for a VPN instance. The description should contain the VPN instance's related information, such as its relationship with a certain VPN. |
5. (Optional.) Configure an ID for the VPN instance. | vpn-id vpn-id | By default, no ID is configured for a VPN instance. |
Associating a VPN instance with an interface
After creating and configuring a VPN instance, associate the VPN instance with the interface connected to the CE.
To associate a VPN instance with an interface:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Associate a VPN instance with the interface. | ip binding vpn-instance vpn-instance-name | By default, no VPN instance is associated with an interface. The ip binding vpn-instance command clears the IP address of the interface. Therefore, re-configure an IP address for the interface after configuring this command. |
Configuring route related attributes for a VPN instance
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter VPN instance view or IPv6 VPN view. |
| Configurations made in VPN instance view apply to both IPv4 VPN and IPv6 VPN. IPv6 VPN prefers the configurations in IPv6 VPN view over the configurations in VPN instance view. |
3. Configure route targets. | vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] | By default, no route targets are configured. |
4. Set the maximum number of active routes allowed. | routing-table limit number { warn-threshold | simply-alert } | By default, the number of active routes allowed for a VPN instance is not limited. Setting the maximum number of active routes for a VPN instance can prevent the PE from storing too many routes. |
5. Apply an import routing policy. | import route-policy route-policy | By default, all routes matching the import target attribute are accepted. Make sure the routing policy already exists. Otherwise, the device does not filter received routes. For information about routing policies, see Layer 3—IP Routing Configuration Guide. |
6. Apply an export routing policy. | export route-policy route-policy | By default, routes to be advertised are not filtered. Make sure the routing policy already exists. Otherwise, the device does not filter routes to be advertised. For information about routing policies, see Layer 3—IP Routing Configuration Guide. |
7. Apply a tunnel policy to the VPN instance. | tnl-policy tunnel-policy-name | By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, and CR-LSP tunnel. The specified tunnel policy must have been created. For information about tunnel policies, see "Configuring tunnel policies." |