No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Routing Policies

Configuring Routing Policies

This section describes how to configure routing policies.

Filter Configuration

Filters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extended community filter, and RD filter. This section describes the configuration of IP prefix list, AS_Path filter, community filter, extended community filter, and RD filter. For details about ACL configuration, see "ACL Configuration" in the CX11x&CX31x&CX91x Series Switch Modules -Configuration Guide - Security.

Pre-configuration Tasks

Before configuring filters, complete the following task:

  • Configuring routing protocols

Configuration Process

Configure the filters in any sequence based on the network requirements.

Configuring an IP Prefix List

Context

To control the advertising and receiving of routes based on the destination address, configure an IP prefix list.

If an IP prefix list is not used together with the if-match clauses in a routing policy, you must set at least one node to the permit mode in the IP prefix list. If no node is set to the permit mode, all routes are filtered out.

Procedure

  1. Configure an IPv4 prefix list.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address mask-length [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

      An IPv4 prefix list is configured.

    3. Run:

      commit

      The configuration is committed.

  2. Configure an IPv6 prefix list.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      ip ipv6-prefix ipv6-prefix-name [ index index-number ] { permit | deny } ipv6-address prefix-length [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

      An IPv6 prefix list is configured.

    3. Run:

      commit

      The configuration is committed.

Checking the Configuration
  • Run the display ip ip-prefix [ ip-prefix-name ] command to check information about the IPv4 prefix list.

  • Run the display ip ipv6-prefix [ ipv6-prefix-name ] command to check information about the IPv6 prefix list.

Configuring an AS_Path Filter

Context

An AS_Path filter is used to filter routes based on the AS_Path attributes of BGP routes. If you do not want to receive routes of a specified AS number, configure an AS_Path filter based on the AS number. On a complex network, multiple ACLs or IP prefix lists must be configured to filter BGP routes, which is complicated. Configuring an AS_Path filter simplifies the configuration.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    ip as-path-filter { as-path-filter-number | as-path-filter-name } [ index index-number ] { permit | deny } regular-expression

    An AS_Path filter is configured.

    In the preceding command, regular-expression the regular expression that the AS_Path filter uses to define a matching rule. For details about a regular expression, see "CLI Overview" in the CX11x&CX31x&CX91x Seriesswitch modules - Configuration Guide - Basic Configuration.

  3. Run:

    commit

    The configuration is committed.

Checking the Configuration
  • Run the display ip as-path-filter [ as-path-filter-number | as-path-filter-name ] command to check information about a configured AS_Path filter.

Configuring a Community Filter

Context

The community attribute identifies routes with the same characteristics without considering a few IP prefixes and numerous AS numbers. Configuring community filters and community attributes simplifies route management when it is inconvenient to use IP prefix list or AS_Path filter. For example, a company branch needs to receive only routes from its headquarters and branches in adjacent countries. In this case, you can configure different community attributes for the branches. Routes in this branch can then be managed based on community attributes, without considering a few IP prefixes and numerous AS numbers of routes in different countries.

Community filters are classified into basic and advanced community filters. Compared with a basic community filter, an advanced community filter supports regular expressions and is more flexible.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    ip community-filter

    A community filter is configured.

    • To configure a basic community filter, run the ip community-filter { basic comm-filter-name | basic-comm-filter-num } [ index index-number ] { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20> command.

    • To configure an advanced community filter, run the ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ index index-number ] { permit | deny } regular-expression command.

    In the preceding command, regular-expression indicates that the AS_Path filter uses a regular expression to define matching rules. For details about a regular expression, see "CLI Overview" in the CX11x&CX31x&CX91x Seriesswitch modules - Configuration Guide - Basic Configuration.

  3. Run:

    commit

    The configuration is committed.

Checking the Configuration
  • Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num | comm-filter-name ] command to check information about a configured community filter.

Configuring an Extended Community Filter

Context

You can use an extended community filter when using the route target (RT) attribute to filter routes in a VPN scenario.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } [ index index-number ] { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16>

    or

    ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } [ index index-number ] { deny | permit } regular-expression

    An extended community filter is configured.

  3. Run:

    ip extcommunity-list soo basic basic-extcomm-filter-name [ index index-number ] { permit | deny } { site-of-origin } &<1-16>

    or

    ip extcommunity-list soo advance advanced-extcomm-filter-name [ index index-number ] { permit | deny } regular-expression

    An SoO extended community filter is configured.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Run the display ip extcommunity-filter [ basic-extcomm-filter-num | advanced-extcomm-filter-num | extcomm-filter-name ] command to check information about a configured extended community filter.

Run the display ip extcommunity-list soo [ extcomm-filter-name ] command to check information about a configured SoO extended community filter.

Configuring an RD Filter

Context

You can use an RD filter when using the RD attribute to filter routes in a VPN.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    ip rd-filter rd-filter-number { deny | permit } route-distinguisher &<1-10>

    An RD filter is configured.

  3. Run:

    commit

    The configuration is committed.

Checking the Configuration
  • Run the display ip rd-filter [ rd-filter-number ] command to check information about a configured RD filter.

Configuring a Routing Policy

Each node of a routing policy can comprise a set of if-match and apply clauses.

Pre-configuration Tasks

Before configuring a routing policy, complete the following task:

  • Configuring routing protocols

Configuration Process

Before configuring the if-match and apply clauses, you must configure a routing policy. You can configure the if-match and apply clauses in any sequence based on the network requirements.

Creating a Routing Policy

Context

A routing policy can consist of multiple matching rules and actions.

You must set at least one node to the permit mode in a routing policy; otherwise, all routes are filtered out.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    route-policy route-policy-name { permit | deny } node node

    A routing policy is created, and the routing policy view is displayed.

    A routing policy starts route selection from the lowest node ID. If a route matches a node in the routing policy, the system does not match it with other nodes. If a route fails to match all the nodes in the routing policy, the route is filtered out.

  3. (Optional) Run:

    description text

    The description of the routing policy is configured.

  4. Run:

    commit

    The configuration is submitted.

(Optional) Configuring an if-match Clause

Context

An if-match clause defines matching rules related to route filters and attributes in a routing policy.

If no if-match clause is configured for a node in a routing policy, all routes match in this node. If one or more if-match clauses are configured in a node, the relationship between the clauses is "AND". This means that routes match this node only when they match all the if-match clauses in this node. When multiple if-match as-path-filter, if-match community-filter, if-match extcommunity-filter, if-match interface, or if-match route-type clauses are configured, the relationship between the clauses is "OR". The relationship of the five clauses is "AND", and the relationship between the five clauses and other clauses is also "AND". If multiple if-match as-path-filter clauses are configured in a node, the relationship of these clauses is "OR", and the relationship between these clauses and other if-match clauses is "AND".

NOTE:

If an if-match clause defines a filter that is not configured, all routes match this if-match clause by default.

The if-match acl and if-match ip-prefix commands cannot be used together in the same node. When both the commands are used in a node, the later configured one overrides the previous one.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    route-policy route-policy-name { permit | deny } node node

    The routing policy view is displayed.

  3. Configure if-match clauses in any sequence for a routing policy based on the network requirements.

    • Run:

      if-match acl { acl-number | acl-name }

      An if-match clause is configured to match the basic ACL.

    • Run:

      if-match as-path-filter  as-path-filter-number &<1-16>

      An if-match clause is configured to match AS_Path filters.

    • Run either of the following commands as required to configure an if-match clause based on community filters:
      • if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-comm-filter-num } &<1-16>
      • if-match community-filter comm-filter-name [ whole-match ]
    • Run:

      if-match extcommunity-filter { { basic-extcomm-filter-num | adv-extcomm-filter-num } &<1-16> | extcomm-filter-name }

      An if-match clause is configured to match extended community filters.

    • Run:

      if-match extcommunity-list soo extcomm-filter-name

      An if-match clause is configured to match SoO extended community filters.

    • Run:

      if-match cost cost

      An if-match clause is configured to match the route cost of routes.

    • Run:

      if-match interface { interface-type interface-number } &<1-16>

      An if-match clause is configured to match the outbound interface of routes.

    • Run:

      if-match ip { next-hop | route-source } { acl { acl-number | acl-name } | ip-prefix ip-prefix-name }

      An if-match clause is configured to match the next hop or source address of IPv4 routes.

    • Run:

      if-match ipv6 { address | next-hop | route-source } { acl { acl-number | acl-name } | prefix-list ipv6-prefix-name }

      An if-match clause is configured to match the destination address, next hop, or source address of IPv6 routes.

    • Run:

      if-match ip-prefix ip-prefix-name

      An if-match clause is configured to match the IP prefix list.

    • Run:

      if-match rd-filter rd-filter-number

      An if-match clause is configured to match the RD filter.

    • Run any of the following command as required to match the type of route:
      • Run:

        if-match route-type { external-type1 | external-type1or2 | external-type2 | internal | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 }

        An if-match clause is configured to match a specified type of OSPF routes.

      • Run:

        if-match route-type { is-is-level-1 | is-is-level-2 } 

        An if-match clause is configured to match a specified type of IS-IS routes.

    • Run:

      if-match tag tag

      An if-match clause is configured to match the tag of routes.

  4. Run:

    commit

    The configuration is submitted.

(Optional) Configuring an apply Clause

Context

An apply clause specifies the action of setting attributes for routes matching a routing policy node. If a node is not configured with an apply clause, the node only filters routs. If one or more apply clauses are configured in a node, all the apply clauses are applied to routes that match the node.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    route-policy route-policy-name { permit | deny } node node

    The route-policy view is displayed.

  3. Run any of the following commands as required to configure apply clauses, the commands are not listed in sequence. A node can have multiple or no apply clauses.

    • Run:

      apply as-path { { as-number-plain | as-number-dot } &<1-10> { additive | overwrite | delete } | none overwrite }

      An apply clause is configured to change the AS_Path attribute of BGP routes.

    • Run:

      apply comm-filter { basic-comm-filter-number | adv-comm-filter-number | comm-filter-name } delete

      An apply clause is configured to delete the specified community attribute of BGP routes.

      NOTE:

      To delete the community attributes, you can run the ip community-filter command several times to configure community attributes one by one, and apply the routing policy containing the apply comm-filter delete command to delete these community attributes. If multiple community attributes are specified in one community filter, none of them can be deleted.

    • Run:

      apply community none

      An apply clause is configured to delete all community attributes of BGP routes.

    • Run:

      apply community { community-number | aa:nn | internet | no-advertise | no-export | no-export-subconfed } &<1-32> [ additive ]

      An apply clause is configured to set the community attributes of BGP routes.

    • Run:

      apply cost { [ apply-type ] cost | inherit }

      The route cost is set.

    • Run the following command as required to set the cost type of a route:

      • Run:

        apply cost-type { external | internal }

        The IS-IS cost type is set.

      • Run:

        apply cost-type { type-1 | type-2 }

        The OSPF cost type is set.

    • Run:

      apply dampening half-life-reach reuse suppress ceiling

      The dampening parameters of EBGP routes are set.

    • Run:

      apply extcommunity { rt { as-number:nn | ipv4-address:nn } } &<1-16> [ additive ]

      An extended community attribute (route-target) of BGP is set.

    • Run:

      apply extcommunity soo { site-of-origin } &<1-16> additive

      An SoO extended community attribute of BGP is set.

    • Run:

      apply ip-address next-hop { ipv4-address | peer-address }

      The next-hop address of the IPv4 route is set.

    • Run:

      apply isis { level-1 | level-1-2 | level-2 }

      The level of the IS-IS route is set.

    • Run:

      apply local-preference preference

      The local preference for BGP routes is set.

    • Run:

      apply origin { egp { as-number-plain | as-number-dot } | igp | incomplete }

      The Origin attribute of BGP routes is set.

    • Run:

      apply ospf { backbone | stub-area }

      An OSPF area into which routes are imported is set.

    • Run:

      apply preference preference

      The preference of the routing protocol is set.

    • Run:

      apply preferred-value preferred-value

      A preferred value is set for BGP routes.

    • Run:

      apply tag tag

      The route tag is set.

  4. Run:

    commit

    The configuration is submitted.

Checking the Configuration

Procedure

  • Run the display route-policy [ route-policy-name ] command to check information about the Route-Policy.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 57263

Downloads: 3617

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next