The prefix limit command sets a limit on the maximum number of prefixes supported in the existing VPN instance address family, preventing the PE from importing excessive VPN route prefixes.
The undo prefix limit command restores the default setting.
By default, the maximum number of VPN route prefixes is not limited.
| Parameter | Description | Value |
|---|---|---|
| number | Specifies the maximum number of prefixes supported in the VPN instance address family. | The value is an integer, and the minimum value is 1. The maximum number is determined by the license file. |
| alert-percent | Specifies the proportion of the alarm threshold to the maximum number of prefixes. When the number of prefixes in theVPN instance address family exceeds number x alert-percent/100, alarms are displayed. The VPN route prefixes, however, can still join the VPN routing table. When the number of the prefixes exceeds the number, the subsequent prefixes are discarded. | The value is an integer ranging from 1 to 100. |
| route-unchanged | Indicates that the routing table remains unchanged.
By default, route-unchanged is not configured.
When the number of prefixes in the routing table is greater than the
value of the parameter number, routes are processed as follows:
|
- |
| simply-alert | Indicates that when the number of VPN route prefixes exceeds number, prefixes can still join the VPN routing table and alarms are displayed. On the device, however, the subsequent VPN route prefixes are discarded after the total number of the unicast prefixes of the private network and the public network reaches the upper limit. | - |
VPN instance view, VPN instance IPv4 address family view or VPN instance IPv6 address family view
Usage Scenario
If many useless route prefixes imported into a VPN instance constitute a large proportion of the route prefixes on a device, run the prefix limit command to set a limit on the maximum number of prefixes supported by the VPN instance. After the prefix limit command is run in the current VPN instance address family, if the number of route prefixes reaches the set limit, the system will generate an alarm to instruct the user to check the validity of route prefixes of the VPN instance.
The prefix limit command enables the system to display a message when the number of route prefixes added to the routing table of the VPN instance IPv6 address family exceeds the limit. If you run the prefix limit command to increase the maximum number of route prefixes in the VPN instance IPv6 address family or run the undo prefix limit command to cancel the limit, the system adds the excess route prefixes to the VPN IP routing table.
When the number of route prefixes exceeds the limit, direct routes and static routes can still be added to the routing table of the VPN instance IPv6 address family.
Prerequisites
The route-distinguisher command has been executed to set the RD of the VPN instance.
Precautions
The prefix limit command can prevent the routing table of the current VPN instance address family on a PE from importing too many route prefixes, but cannot prevent the PE from importing excessive route prefixes from other PEs. Therefore, configuring both the prefix limit and peer route-limit commands is recommended.
Do not run both the routing-table limit (the command restricts the number of routes) and prefix limit (the command restricts the number of route prefixes) commands in the current VPN instance address family. Configure either one of them based on your need.
# Configure the system to only generate alarms when the number of prefixes exceeds the maximum number 1000 in the VPN instance named vpn1.
<HUAWEI> system-view [HUAWEI] ip vpn-instance vpn1 [HUAWEI-vpn-instance-vpn1] ipv4-family [HUAWEI-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1 [HUAWEI-vpn-instance-vpn1-af-ipv4] prefix limit 1000 simply-alert