Configuring Routing Policies
This section describes how to configure routing policies.
- Filter Configuration
Filters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extended community filter, and RD filter. This section describes the configuration of IP prefix list, AS_Path filter, community filter, extended community filter, and RD filter. For details about ACL configuration, see "ACL Configuration" in the CX11x&CX31x&CX91x Series Switch Modules -Configuration Guide - Security. - Configuring a Routing Policy
Each node of a routing policy can comprise a set of if-match and apply clauses.
Filter Configuration
Filters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extended community filter, and RD filter. This section describes the configuration of IP prefix list, AS_Path filter, community filter, extended community filter, and RD filter. For details about ACL configuration, see "ACL Configuration" in the CX11x&CX31x&CX91x Series Switch Modules -Configuration Guide - Security.
Configuring an IP Prefix List
Context
To control the advertising and receiving of routes based on the destination address, configure an IP prefix list.
If an IP prefix list is not used together with the if-match clauses in a routing policy, you must set at least one node to the permit mode in the IP prefix list. If no node is set to the permit mode, all routes are filtered out.
Configuring an AS_Path Filter
Context
An AS_Path filter is used to filter routes based on the AS_Path attributes of BGP routes. If you do not want to receive routes of a specified AS number, configure an AS_Path filter based on the AS number. On a complex network, multiple ACLs or IP prefix lists must be configured to filter BGP routes, which is complicated. Configuring an AS_Path filter simplifies the configuration.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
ip as-path-filter { as-path-filter-number | as-path-filter-name } [ index index-number ] { permit | deny } regular-expression
An AS_Path filter is configured.
In the preceding command, regular-expression the regular expression that the AS_Path filter uses to define a matching rule. For details about a regular expression, see "CLI Overview" in the CX11x&CX31x&CX91x Seriesswitch modules - Configuration Guide - Basic Configuration.
- Run:
commitThe configuration is committed.
Configuring a Community Filter
Context
The community attribute identifies routes with the same characteristics without considering a few IP prefixes and numerous AS numbers. Configuring community filters and community attributes simplifies route management when it is inconvenient to use IP prefix list or AS_Path filter. For example, a company branch needs to receive only routes from its headquarters and branches in adjacent countries. In this case, you can configure different community attributes for the branches. Routes in this branch can then be managed based on community attributes, without considering a few IP prefixes and numerous AS numbers of routes in different countries.
Community filters are classified into basic and advanced community filters. Compared with a basic community filter, an advanced community filter supports regular expressions and is more flexible.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
ip community-filterA community filter is configured.
To configure a basic community filter, run the ip community-filter { basic comm-filter-name | basic-comm-filter-num } [ index index-number ] { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20> command.
To configure an advanced community filter, run the ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ index index-number ] { permit | deny } regular-expression command.
In the preceding command, regular-expression indicates that the AS_Path filter uses a regular expression to define matching rules. For details about a regular expression, see "CLI Overview" in the CX11x&CX31x&CX91x Seriesswitch modules - Configuration Guide - Basic Configuration.
- Run:
commitThe configuration is committed.
Configuring an Extended Community Filter
Context
You can use an extended community filter when using the route target (RT) attribute to filter routes in a VPN scenario.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } [ index index-number ] { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16>
or
ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } [ index index-number ] { deny | permit } regular-expression
An extended community filter is configured.
- Run:
ip extcommunity-list soo basic basic-extcomm-filter-name [ index index-number ] { permit | deny } { site-of-origin } &<1-16>
or
ip extcommunity-list soo advance advanced-extcomm-filter-name [ index index-number ] { permit | deny } regular-expression
An SoO extended community filter is configured.
- Run:
commitThe configuration is committed.
Checking the Configuration
Run the display ip extcommunity-filter [ basic-extcomm-filter-num | advanced-extcomm-filter-num | extcomm-filter-name ] command to check information about a configured extended community filter.
Run the display ip extcommunity-list soo [ extcomm-filter-name ] command to check information about a configured SoO extended community filter.
Configuring a Routing Policy
Each node of a routing policy can comprise a set of if-match and apply clauses.
Creating a Routing Policy
Context
A routing policy can consist of multiple matching rules and actions.
You must set at least one node to the permit mode in a routing policy; otherwise, all routes are filtered out.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
route-policy route-policy-name { permit | deny } node node
A routing policy is created, and the routing policy view is displayed.
A routing policy starts route selection from the lowest node ID. If a route matches a node in the routing policy, the system does not match it with other nodes. If a route fails to match all the nodes in the routing policy, the route is filtered out.
- (Optional) Run:
description text
The description of the routing policy is configured.
- Run:
commitThe configuration is submitted.
(Optional) Configuring an if-match Clause
Context
An if-match clause defines matching rules related to route filters and attributes in a routing policy.
If no if-match clause is configured for a node in a routing policy, all routes match in this node. If one or more if-match clauses are configured in a node, the relationship between the clauses is "AND". This means that routes match this node only when they match all the if-match clauses in this node. When multiple if-match as-path-filter, if-match community-filter, if-match extcommunity-filter, if-match interface, or if-match route-type clauses are configured, the relationship between the clauses is "OR". The relationship of the five clauses is "AND", and the relationship between the five clauses and other clauses is also "AND". If multiple if-match as-path-filter clauses are configured in a node, the relationship of these clauses is "OR", and the relationship between these clauses and other if-match clauses is "AND".
NOTE: If an if-match clause defines a filter that is not configured, all routes match this if-match clause by default.
The if-match acl and if-match ip-prefix commands cannot be used together in the same node. When both the commands are used in a node, the later configured one overrides the previous one.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
route-policy route-policy-name { permit | deny } node node
The routing policy view is displayed.
- Configure if-match clauses in any sequence for a routing policy based on the network requirements.
Run:
if-match acl { acl-number | acl-name }
An if-match clause is configured to match the basic ACL.
Run:
if-match as-path-filter as-path-filter-number &<1-16>
An if-match clause is configured to match AS_Path filters.
- Run either of the following commands as required to configure an if-match clause based on community filters:
- if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-comm-filter-num } &<1-16>
- if-match community-filter comm-filter-name [ whole-match ]
Run:
if-match extcommunity-filter { { basic-extcomm-filter-num | adv-extcomm-filter-num } &<1-16> | extcomm-filter-name }
An if-match clause is configured to match extended community filters.
Run:
if-match extcommunity-list soo extcomm-filter-name
An if-match clause is configured to match SoO extended community filters.
Run:
if-match cost cost
An if-match clause is configured to match the route cost of routes.
Run:
if-match interface { interface-type interface-number } &<1-16>
An if-match clause is configured to match the outbound interface of routes.
Run:
if-match ip { next-hop | route-source } { acl { acl-number | acl-name } | ip-prefix ip-prefix-name }
An if-match clause is configured to match the next hop or source address of IPv4 routes.
Run:
if-match ipv6 { address | next-hop | route-source } { acl { acl-number | acl-name } | prefix-list ipv6-prefix-name }
An if-match clause is configured to match the destination address, next hop, or source address of IPv6 routes.
Run:
if-match ip-prefix ip-prefix-name
An if-match clause is configured to match the IP prefix list.
Run:
if-match rd-filter rd-filter-number
An if-match clause is configured to match the RD filter.
- Run any of the following command as required to match the type of route:
Run:
if-match route-type { external-type1 | external-type1or2 | external-type2 | internal | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 }
An if-match clause is configured to match a specified type of OSPF routes.
Run:
if-match route-type { is-is-level-1 | is-is-level-2 }
An if-match clause is configured to match a specified type of IS-IS routes.
Run:
if-match tag tag
An if-match clause is configured to match the tag of routes.
- Run:
commitThe configuration is submitted.
(Optional) Configuring an apply Clause
Context
An apply clause specifies the action of setting attributes for routes matching a routing policy node. If a node is not configured with an apply clause, the node only filters routs. If one or more apply clauses are configured in a node, all the apply clauses are applied to routes that match the node.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
route-policy route-policy-name { permit | deny } node node
The route-policy view is displayed.
- Run any of the following commands as required to configure apply clauses, the commands are not listed in sequence. A node can have multiple or no apply clauses.
Run:
apply as-path { { as-number-plain | as-number-dot } &<1-10> { additive | overwrite | delete } | none overwrite }
An apply clause is configured to change the AS_Path attribute of BGP routes.
Run:
apply comm-filter { basic-comm-filter-number | adv-comm-filter-number | comm-filter-name } delete
An apply clause is configured to delete the specified community attribute of BGP routes.
![]()
NOTE: To delete the community attributes, you can run the ip community-filter command several times to configure community attributes one by one, and apply the routing policy containing the apply comm-filter delete command to delete these community attributes. If multiple community attributes are specified in one community filter, none of them can be deleted.
Run:
apply community none
An apply clause is configured to delete all community attributes of BGP routes.
Run:
apply community { community-number | aa:nn | internet | no-advertise | no-export | no-export-subconfed } &<1-32> [ additive ]
An apply clause is configured to set the community attributes of BGP routes.
Run:
apply cost { [ apply-type ] cost | inherit }
The route cost is set.
Run the following command as required to set the cost type of a route:
Run:
apply cost-type { external | internal }
The IS-IS cost type is set.
Run:
apply cost-type { type-1 | type-2 }
The OSPF cost type is set.
Run:
apply dampening half-life-reach reuse suppress ceiling
The dampening parameters of EBGP routes are set.
Run:
apply extcommunity { rt { as-number:nn | ipv4-address:nn } } &<1-16> [ additive ]
An extended community attribute (route-target) of BGP is set.
Run:
apply extcommunity soo { site-of-origin } &<1-16> additive
An SoO extended community attribute of BGP is set.
Run:
apply ip-address next-hop { ipv4-address | peer-address }
The next-hop address of the IPv4 route is set.
Run:
apply isis { level-1 | level-1-2 | level-2 }
The level of the IS-IS route is set.
Run:
apply local-preference preference
The local preference for BGP routes is set.
Run:
apply origin { egp { as-number-plain | as-number-dot } | igp | incomplete }
The Origin attribute of BGP routes is set.
Run:
apply ospf { backbone | stub-area }
An OSPF area into which routes are imported is set.
Run:
apply preference preference
The preference of the routing protocol is set.
Run:
apply preferred-value preferred-value
A preferred value is set for BGP routes.
Run:
apply tag tag
The route tag is set.
- Run:
commitThe configuration is submitted.
Previous
