< Home

Configuring VPN Instances on PEs

Context

In BGP/MPLS IPv6 VPN application, each VPN has an instance to maintain forwarding information of the local VPN. Such an instance is called a VPN instance or a VPN routing and forwarding (VRF) table.

VPN instances isolate VPN routes from routes on the public network and isolate the routes of different VPN instances. IPv6 VPN instances must be configured in all types of BGP/MPLS IPv6 VPN networking.

Perform the following steps on the PEs:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6

    IPv6 packet forwarding is enabled.

  3. Run ip vpn-instance vpn-instance-name

    A VPN instance is created, and its view is displayed.

    A VPN instance name is case sensitive. For example, "vpn1" and "VPN1" are different VPN instances.

  4. (Optional) Run description description-information

    The description is configured for the VPN instance.

  5. (Optional) Run service-id service-id

    A service ID is created for the VPN instance.

    A service ID is unique on a device for distinguishing VPN services on the network.

  6. Run ipv6-family

    The IPv6 address family is enabled for the VPN instance, and the VPN instance IPv6 address family view is displayed.

    VPN instances support both the IPv4 and IPv6 address families. Configurations in a VPN instance can be performed only after an address family is enabled for the VPN instance IPv6 address family based on the advertised route and forwarding data type.

  7. Run route-distinguisher route-distinguisher

    An RD is configured for the VPN instance IPv6 address family.

    A VPN instance IPv6 address family takes effect only after being configured with an RD. The RDs of different VPN instances on a PE must be different.

    An RD can be modified or deleted only after the VPN instance is deleted or the VPN instance IPv6 address family is disabled.

  8. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

    A VPN target is configured for the VPN instance IPv6 address family.

    A VPN target is a BGP extended community attribute. It is used to control the receiving and advertisement of VPN routing information. A maximum of eight VPN targets can be configured using the vpn-target command.

  9. (Optional) Restrict the number of routes in a VRF.

    The configuration restricts the number of routes or route prefixes imported from the CEs and peer PEs into a VPN instance on a PE. It is recommended that you use only one of the following commands.

    By default, the number of routes in a VRF is not limited as long as the total number of routes does not exceed the maximum number of unicast routes supported by the PE.

    • Run routing-table limit number { alert-percent | simply-alert }

      The maximum number of routes is set for the VPN instance IPv6 address family.

    • Run prefix limit number { alert-percent [ route-unchanged ] | simply-alert }

      The allowed maximum number of route prefixes is set for the VPN instance IPv6 address family.

  10. (Optional) Configure a routing policy for the VPN instance.

    In addition to using VPN targets to control VPN route advertisement and reception, you can configure a routing policy for the VPN instance to better control VPN routes.
    • An import routing policy filters routes before they are imported into the VPN instance IPv6 address family.
    • An export routing policy filters routes before they are advertised to other PEs.

    Create a routing policy before applying it to a VPN instance.

    Run the following commands as required:
    • Run import route-policy policy-name

      An import routing policy is configured for the VPN instance IPv6 address family.

    • Run export route-policy policy-name

      An export routing policy is configured for the VPN instance IPv6 address family.

  11. (Optional) Run one of the following commands to configure the label allocation mode in the VPN instance IPv6 address family.

    • Run apply-label per-instance

      MPLS label allocation based on the VPN instance IPv6 address family (known as label per instance) is configured. One label is assigned to all the routes of the VPN instance IPv6 address family.

      When a large number of VPN routes on the PE exhausts MPLS label resources, the label per instance mode saves label resources on the PE and lowers the requirement for the PE capacity.

    • Run apply-label per-route

      MPLS label allocation based on each route (known as label per route) is configured. The VPN instance address family assigns a unique label to each route to be sent to the peer PE.

      When only a small number of VPN routes exist on the PE and MPLS label resources are sufficient, the label per route mode improves system security. In this way, downstream devices can load balance VPN traffic based on the inner labels of packets.

    By default, label per instance is used.

  12. (Optional) Run limit-log-interval interval

    The interval for logging the event when the number of routes exceeds the threshold is set for the VPN instance IPv6 address family.

    The default value is 5 seconds.

Parent Topic: Configuring Basic BGP/MPLS IPv6 VPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >