routing-table limit

Function

The routing-table limit command sets a limit on the maximum number of routes that the IPv4 or IPv6 address family of a VPN instance can support.

The undo routing-table limit command restores the maximum number of routes that the IPv4or IPv6 address family of a VPN instance can support to the default setting.

By default, there is no limit on the maximum number of routes that the IPv4 or IPv6 address family of a VPN instance can support, but the total number of private network and public network routes on a device cannot exceed the allowed maximum number of unicast routes.

Format

routing-table limit number { alert-percent | simply-alert }

undo routing-table limit

Parameters

Parameter	Description	Value
number	Specifies the maximum number of routes supported by a VPN instance IPv4 address family.	The value is an integer ranging from: In the VPN instance view and VPN instance IPv4 address family view, the value ranges from 1 to 500000 on the AntiDDoS8000. In the VPN instance IPv6 address family view, the value ranges from 1 to 100000 on the AntiDDoS8000.
alert-percent	Specifies the percentage of the maximum number of routes. When the maximum number of routes that join the VPN instance is up to the value (number*alert-percent)/100, the system prompts alarms. The VPN routes can be still added to the routing table, but after the number of routes reaches number, the subsequent routes are dropped.	An integer ranging from 1 to 100.
simply-alert	Indicates that when VPN routes exceed number, routes can still be added into the routing table, but the system prompts alarms. However, after the total number of VPN routes and network public routes reaches the unicast route limit specified in the License, the subsequent VPN routes are dropped.	-

Parameter

Description

Value

number

Specifies the maximum number of routes supported by a VPN instance IPv4 address family.

The value is an integer ranging from:

In the VPN instance view and VPN instance IPv4 address family view, the value ranges from 1 to 500000 on the AntiDDoS8000.
In the VPN instance IPv6 address family view, the value ranges from 1 to 100000 on the AntiDDoS8000.

alert-percent

Specifies the percentage of the maximum number of routes. When the maximum number of routes that join the VPN instance is up to the value (number*alert-percent)/100, the system prompts alarms. The VPN routes can be still added to the routing table, but after the number of routes reaches number, the subsequent routes are dropped.

An integer ranging from 1 to 100.

simply-alert

Indicates that when VPN routes exceed number, routes can still be added into the routing table, but the system prompts alarms. However, after the total number of VPN routes and network public routes reaches the unicast route limit specified in the License, the subsequent VPN routes are dropped.

Views

VPN instance view, VPN instance IPv4 address family view or VPN instance IPv6 address family view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If many useless routes imported into a VPN instance constitute a large proportion of the routes on a device, run the routing-table limit command to set a limit on the maximum number of routes supported by the VPN instance. After the routing-table limit command is run in the IPv4 or IPv6 address family of the VPN instance, if the number of routes of the VPN instance reaches the set limit, the system will generate an alarm to instruct the user to check the validity of routes of the VPN instance.

Configuration Impact

After the command is run, the excess routes of the IPv4 or IPv6 address family of the VPN instance will be discarded.

Follow-up Procedure

If the undo routing-table limit command is run to remove the limit on the number of routes, for the excess routes, the following operations are required:

If static routes failed to be added to the routing table, manually reconfigure these routes.
If the routes learned from CEs through the IGP multi-instance routing protocol failed to be added to the routing table, re-initiate the multi-instance process of the routing protocol on the PE.

If the remote cross routes learned using MP-IBGP and the BGP routes learned from CEs failed to be added to the routing table, the system automatically refreshes the routing table to add these routes.

Precautions

The routing-table limit command prevents the routing table of the IPv4 or IPv6 address family of a VPN instance on a PE from importing too many routes, but cannot prevent the PE from importing excessive routes from other PEs. Therefore, configuring both the routing-table limit and peer route-limit commands is recommended.

Do not run both the routing-table limit and prefix limit commands in the address family of a VPN instance. If both the commands are run and the configured maximum number of routes is equal to that of prefixes, the configured maximum number of routes takes effect first because routes of the system are not less than prefixes. To prevent many memory resources from being consumed by routes to be stored, run the routing-table limit command to limit the number of routes in the BGP VPN routing table.

Example

# Configure the maximum number of routes for the IPv4 address family of the VPN instance named vpn1 to vpn1000, and when VPN routes exceed number, routes can still be added into the routing table, but the system prompts alarms.

<sysname> system-view

[sysname] ip vpn-instance vpn1

[sysname-vpn-instance-vpn1] ipv4-family

[sysname-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1

[sysname-vpn-instance-vpn1-af-ipv4] routing-table limit 1000 simply-alert