The prefix limit command sets the maximum number of route prefixes allowed for a VPN instance IPv4 address family, preventing a PE from importing excessive VPN routes.
The undo prefix limit command restores the default configuration.
By default, the maximum number of VPN route prefixes allowed for a VPN instance IPv4 address family is not configured.
| Parameter | Description | Value |
|---|---|---|
| number |
Specifies the maximum number of route prefixes allowed for a VPN instance IPv4 address family. |
The value is an integer ranging from 1 to 4294967295. |
| alert-percent |
Specifies the proportion of the alarm threshold to the maximum number of route prefixes allowed for a VPN instance IPv4 address family. When the number of route prefixes in a VPN instance IPv4 address family exceeds number x alert-percent/100, the system generates an alarm. In this case, additional VPN routes can still be added to the routing table of the VPN instance IPv4 address family until the number of route prefixes of the VPN instance IPv4 address family reaches number. |
The value is an integer ranging from 1 to 100. |
| route-unchanged |
Indicates that the routing table remains unchanged. By default, route-unchanged is not configured. When the number of route prefixes in the routing table exceeds the limit specified by number parameter, routes are processed as follows:
|
- |
| simply-alert |
Indicates that when the number of VPN route prefixes exceeds number, VPN routes can still be added to the VPN routing table, but the system will generate an alarm. |
- |
Usage Scenario
If many useless route prefixes imported into a VPN instance constitute a large proportion of route prefixes on a device, run the prefix limit command to set a limit on the maximum number of prefixes supported by the VPN instance. After the prefix limit command is run in the IPv4 or IPv6 address family of the VPN instance, when the number of route prefixes exceeds number x alert-percent/100, the system generates alarm L3VPN_1.3.6.1.2.1.10.166.11.0.3 L3VPN_MIB_TRAP_MID_THRESH_EXCEED; when the number of route prefixes reaches number, the system generates alarm L3VPN_1.3.6.1.2.1.10.166.11.0.4 L3VPN_MIB_TRAP_THRESH_EXCEED; when the number of route prefixes falls to number or lower, the system generates clear alarm L3VPN_1.3.6.1.2.1.10.166.11.0.6 L3VPN_MIB_TRAP_THRESH_CLEARED; when the number of route prefixes falls to number * alert-percent/100 or lower, the system generates clear alarm L3VPN_1.3.6.1.4.1.2011.5.25.177.1.3.8 L3VPN_MIB_TRAP_MID_CLEARED.
Configuration Impact
After the command is run, the excess route prefixes in the IPv4 address family routing table of the VPN instance will be discarded.
If the number of route prefixes exceeds the set limit and the undo prefix limit command is run, the system will receive the route prefixes from routing tables generated by protocols to create a private network routing table.Precautions
The prefix limit command can prevent the IPv4 address family routing table of a VPN instance on a PE from importing too many route prefixes, but cannot prevent the PE from importing excessive route prefixes from other PEs. Therefore, configuring both the prefix limit and peer route-limit commands is recommended.
After the prefix limit simply-alert command is run, only an alarm is displayed when the number of route prefixes exceeds the upper limit. New route prefixes can still be added to the routing table.<HUAWEI> system-view [~HUAWEI] ip vpn-instance vpn1 [*HUAWEI-vpn-instance-vpn1] ipv4-family [*HUAWEI-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1 [*HUAWEI-vpn-instance-vpn1-af-ipv4] prefix limit 1000 simply-alert