Associating a vpn instance with an interface – H3C Technologies H3C SecPath F1000-E User Manual

9

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a VPN instance and enter VPN
instance view

ip vpn-instance vpn-instance-name

Required

Configure an RD for the VPN instance

route-distinguisher route-distinguisher

Required

Configure a description for the VPN
instance

description text

Optional

Associating a VPN Instance with an Interface

After creating and configuring a VPN instance, you associate the VPN instance with the interface for

connecting CEs.
Follow these steps to associate a VPN instance with an interface:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter interface view

interface interface-type
interface-number

—

Associate the current interface with
the VPN instance

ip binding vpn-instance
vpn-instance-name

Required
No VPN instance is associated
with an interface by default.

NOTE:

When configured on an interface, the ip binding vpn-instance command clears the IP address of the
interface. Therefore, you must re-configure the IP address of the interface after configuring the command.

Configuring Route Related Attributes of a VPN Instance

The control process of VPN route advertisement is as follows:

•

When a VPN route learned from a CE gets redistributed into BGP, BGP associates it with a VPN
target extended community attribute list, which is usually the export target attribute of the VPN

instance associated with the CE.

•

The VPN instance determines which routes it can accept and redistribute according to the
import-extcommunity in the VPN target.

•

The VPN instance determines how to change the VPN targets attributes for routes to be redistributed
according to the export-extcommunity in the VPN target.