No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VPN Instance on a PE Device

Configuring a VPN Instance on a PE Device

Context

In a BGP/MPLS IP VPN application, each VPN has an instance to maintain forwarding information of the local VPN. Such an instance is called a VPN instance or VPN routing and forwarding table (VRF).

VPN instances isolate VPN routes from routes on the public network and isolate the routes of different VPN instances. VPN instances must be configured in all types of BGP/MPLS IP VPN networking.

Perform the following steps on each PE device.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ip vpn-instance vpn-instance-name

    A VPN instance is created, and its view is displayed.

    NOTE:

    A VPN instance name is case sensitive. For example, "vpn1" and "VPN1" are different VPN instances.

  3. (Optional) Run description description-information

    A description is configured for the VPN instance.

  4. Run ipv4-family

    The IPv4 address family is enabled for the VPN instance, and the VPN instance IPv4 address family view is displayed.

  5. Run route-distinguisher route-distinguisher

    An RD is configured for the VPN instance IPv4 address family.

    A VPN instance IPv4 address family takes effect only after being configured with an RD. The RDs of different VPN instances on a PE device must be different.

    NOTE:
    • After RDs are configured, they cannot be modified but can be deleted. When an RD is deleted, all configurations in the VPN instance IPv4 address family of the corresponding VPN instance will also be deleted.

    • If you configure an RD for the VPN instance IPv4 address family in the created VPN instance view, the VPN instance IPv4 address family is enabled and the VPN instance IPv4 address family is displayed.

  6. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity | evpn ]

    A VPN target is configured for the VPN instance IPv4 address family.

    A VPN target is a BGP extended community attribute. It is used to control the receiving and advertisement of VPN routing information. A maximum of eight VPN targets can be configured using the vpn-target command.

  7. (Optional) Run prefix limit number { alert-percent [ route-unchanged ] | simply-alert }

    The allowed maximum number of route prefixes is set for the VPN instance IPv4 address family.

    The configuration restricts the number of route prefixes imported from the CE devices and other PE devices into a VPN instance IPv4 address family on a PE device. This prevents the PE device from receiving too many route prefixes.

    NOTE:
    • If the prefix limit command is run, the system displays a prompt when the number of route prefixes added to the routing table of the VPN instance IPv4 address family exceeds the limit. After the prefix limit command is run to increase the allowed maximum number of route prefixes in a VPN instance IPv4 address family or the undo prefix limit command is run to cancel the limit, the system adds newly received route prefixes of various protocols to the private network IP routing table.

    • After the number of route prefixes exceeds the maximum limit, direct and static routes can still be added to the IPv4 address family routing table of VPN instances.

  8. (Optional) Configure a routing policy for the VPN instance.

    In addition to using VPN targets to control VPN route advertisement and reception, you can configure a routing policy for the VPN instance to better control VPN routes.
    • An import routing policy filters routes before they are imported into the VPN instance IPv4 address family.
    • An export routing policy filters routes before they are advertised to other PE devices.
    NOTE:

    Before applying a routing policy to a VPN instance, create the routing policy. For details about how to configure a routing policy, see Routing Policy Configuration in the CloudEngine 12800 and 12800E Series Switches Configuration Guide - IP Routing.

    Run either of the following commands as required:
    • To configure an import routing policy for the VPN instance IPv4 address family, run the import route-policy policy-name command.
    • To configure an export routing policy for the VPN instance IPv4 address family, run the export route-policy policy-name [ add-ert-first ] command.

  9. (Optional) Run apply-label { per-instance | per-route }

    A label distribution mode is configured in the VPN instance IPv4 address family.

    • The label per instance mode conserves label resources on the PE device and lowers the requirement for the PE device capacity. This mode is ideal if a large number of VPN routes on the PE exhaust MPLS label resources.
    • The label per route mode improves system security and allows downstream devices to load balance VPN traffic based on the inner labels of packets. This mode is ideal if only a small number of VPN routes exists on the PE device and MPLS label resources are sufficient.

    By default, the label distribution mode is label per instance.

  10. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14330

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next