The prefix limit command sets a limit on the maximum number of prefixes supported in the existing VPN instance, preventing the PE from importing excessive VPN route prefixes.
The undo prefix limit command restores the maximum number of prefixes supported in the existing VPN instance to the default setting.
By default, the maximum number of VPN route prefixes is unlimited.
| Parameter | Description | Value |
|---|---|---|
| number | Specifies the maximum number of prefixes supported in a VPN instance. | The value is an integer ranging from:
|
| alert-percent | Specifies the proportion of the alarm threshold to the maximum number of prefixes. When the number of prefixes in a VPN instance exceeds (number x alert-percent)/100, alarms are displayed. The VPN route prefixes, however, can still join the VPN routing table. When the number of prefixes exceeds the number, the subsequent prefixes are discarded. | An integer ranging from 1 to 100. |
| route-unchanged | Indicates that the routing table remains unchanged.
By default, route-unchanged is not configured.
When the number of prefixes in the routing table is greater than the
value of the parameter number, routes are processed
as follows:
|
- |
| simply-alert | Indicates that when the number of VPN route prefixes exceeds number, prefixes can still join the VPN routing table and alarms are displayed. On the device, however, the subsequent VPN route prefixes are discarded after the total number of unicast prefixes of the private and public network reaches the upper limit specified in the License. | - |
VPN instance view, VPN instance IPv4 address family view or VPN instance IPv6 address family view
Usage Scenario
If many useless route prefixes imported into a VPN instance constitute a large proportion of the route prefixes on a device, run the prefix limit command to set a limit on the maximum number of prefixes supported by the VPN instance. After the prefix limit command is run in the IPv4 or IPv6 address family of the VPN instance, if the number of route prefixes reaches the set limit, the system will generate an alarm to instruct the user to check the validity of route prefixes of the VPN instance.
Pre-configuration Tasks
The route-distinguisher command is run to configure an RD for the VPN instance enabled with the IPv4 or IPv6 address family.
Configuration Impact
After the command is run, the excess route prefixes of the IPv4 or IPv6 address family of the VPN instance will be discarded.
Precautions
If you run the undo prefix limit command on a PE when the route prefixes of the IPv4 or IPv6 address family of a VPN instance on it exceeds the set limit, the PE will re-learn the route prefixes from the attached CE and remote PE.
The prefix limit command can prevent the routing table of the IPv4 or IPv6 address family of a VPN instance on a PE from importing too many route prefixes, but cannot prevent the PE from importing excessive route prefixes from other PEs. Therefore, configuring both the prefix limit and peer route-limit commands is recommended.
Do not run both the routing-table limit (the command restricts the number of routes) and prefix limit (the command restricts the number of route prefixes) commands in the IPv4 or IPv6 address family of a VPN instance. Configure either one of them based on your need.
# Configure the system to generate only alarms when the number of prefixes exceeds the maximum number of 1000 in the IPv4 address family of theVPN instance named vpn1.
<sysname> system-view
[sysname] ip vpn-instance vpn1
[sysname-vpn-instance-vpn1] ipv4-family
[sysname-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
[sysname-vpn-instance-vpn1-af-ipv4] prefix limit 1000 simply-alert