CX110 and CX31x Series Switch Modules V100R001C00 Configuration Guide 12
This document describes the features, installation, removing, and configuration methods of the CX110 GE switch module of the E9000 server.
This document describes the features, installation, removing, and configuration methods of the CX110 GE switch module of the E9000 server.
Controlling the Receiving and Advertisement of BGP Routes
Controlling the receiving and advertisement of BGP routes can reduce the routing table size and improve network security.
Pre-configuration Tasks
Before controlling the receiving and advertisement of BGP routes, complete the following task:
Configuring a Routing Policy
Context
Before controlling the receiving and advertisement of BGP routes, configure routing policies or filters of routing policies for route selection. For details, see Routing Policy Configuration.
Controlling the Advertisement of BGP Routes
Context
There are usually a large number of routes in a BGP routing table. Transmitting a great deal of routing information brings a heavy load to devices. Routes to be advertised need to be controlled to address this problem. You can configure devices to advertise only routes that these devices want to advertise or routes that their peers require. Multiple routes to the same destination may exist and traverse different ASs. Routes to be advertised need to be filtered in order to direct routes to specific ASs.
Procedure
- Configure a BGP device to advertise routes to all peers or peer groups.
You can configure a BGP device to filter routes to be advertised.
- Perform either of the following operations to configure the BGP device to advertise routes to all peers or peer groups:
- To filter routes based on an ACL, run the filter-policy { acl-number | acl-name acl-name } export [ protocol [ process-id ] ] command.
- To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-name export [ protocol [ process-id ] ] command.
![]()
If an ACL has been referenced in the filter-policy command but no VPN instance is specified in the ACL rule, BGP will filter routes including public and private network routes in all address families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN instance will be filtered, and no route of this VPN instance will be filtered.
- Perform either of the following operations to configure the BGP device to advertise routes to all peers or peer groups:
- Configure a BGP device to advertise routes to a specific peer or peer group.
- Perform any of the following operations to configure the BGP device to advertise routes to a specific peer or peer group:
To filter routes based on an ACL, run the peer { group-name | ipv4-address } filter-policy { acl-number | acl-name acl-name } export command.
To filter routes based on an IP prefix list, run the peer { ipv4-address | group-name } ip-prefix ip-prefix-name export command.
To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-name } as-path-filter { as-path-filter-number | as-path-filter-name } export command.
To filter routes based on a route-policy, run the peer { ipv4-address | group-name } route-policy route-policy-name export command.
![]()
The routing policy applied in the peer route-policy export command does not support a specific interface as one matching rule. That is, the routing policy does not support the if-match interface command.
- Perform any of the following operations to configure the BGP device to advertise routes to a specific peer or peer group:
Controlling the Receiving of BGP Routes
Context
When a BGP device is attacked or network configuration errors occur, the BGP device will receive a large number of routes from its neighbor. As a result, many device resources are consumed. Therefore, the administrator must limit the resources used by the device based on network planning and device capacity. BGP provides peer-based route control to limit the number of routes to be sent by a neighbor. This addresses the preceding problem.
Procedure
- Configure a BGP device to receive routes from all its peers or peer groups.
- Perform either of the following operations to configure the BGP device to filter the routes received from all its peers or peer groups:
- To filter routes based on an ACL, run the filter-policy { acl-number | acl-name acl-name } import command.
- To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-name import command.
![]()
If an ACL has been referenced in the filter-policy command but no VPN instance is specified in the ACL rule, BGP will filter routes including public and private network routes in all address families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN instance will be filtered, and no route of this VPN instance will be filtered.
- Perform either of the following operations to configure the BGP device to filter the routes received from all its peers or peer groups:
- Configure a BGP device to receive routes from a specific peer or peer group.
- Perform any of the following operations to configure the BGP device to filter the routes received from a specific peer or peer group:
To filter routes based on an ACL, run the peer { group-name | ipv4-address } filter-policy { acl-number | acl-name acl-name } import command.
To filter routes based on an IP prefix list, run the peer { ipv4-address | group-name } ip-prefix ip-prefix-name import command.
To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-name } as-path-filter { as-path-filter-number | as-path-filter-name } import command.
To filter routes based on a route-policy, run the peer { ipv4-address | group-name } route-policy route-policy-name import command.
![]()
The routing policy applied in the peer route-policy import command does not support a specific interface as one matching rule. That is, the routing policy does not support the if-match interface command.
![]()
If the number of routes received by the local device exceeds the upper limit and the peer route-limit command is used for the first time, the local device and its peer reestablish the peer relationship, regardless of whether alert-only is set.
- Perform any of the following operations to configure the BGP device to filter the routes received from a specific peer or peer group:
Configuring BGP Soft Reset
Context
After changing a BGP import policy, you must reset BGP connections for the new import policy to take effect. This, however, interrupts these BGP connections temporarily. BGP route-refresh allows the system to softly reset BGP connections to refresh a BGP routing table without tearing down any BGP connection. If a device's peer does not support route-refresh, configure the device to remain all routing updates received from the peer so that the device can refresh its routing table without tearing down the BGP connection with the peer.
Procedure
- If a device's peer supports route-refresh, configure the device to softly reset the BGP connection with the peer and update the BGP routing table.
- Run:
system-viewThe system view is displayed.
- Run:
bgp as-number
The BGP view is displayed.
- (Optional) Run:
peer { ipv4-address | group-name } capability-advertise route-refresh
Route-refresh is enabled.
By default, route-refresh is enabled.
- Run:
commitThe configuration is committed.
- Run:
quitReturn to the system view.
- Run:
quitReturn to the user view.
- Run:
refresh bgp [ vpn-instance vpn-instance-name ipv4-family ] { all | ipv4-address | group group-name | external | internal } { export | import }
or run :refresh bgp ipv6 { all | group group-name | ipv6-address | external | internal } { export | import }
BGP soft reset is configured.
- Run:
- If a device's peer does not support route-refresh, configure the device to remain all routing updates received from the peer so that the device can refresh its routing table without tearing down the BGP connection with the peer.
- Run:
system-viewThe system view is displayed.
- Run:
bgp as-number
The BGP view is displayed.
Enter the corresponding address family view based on network type to configure BGP devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
![]()
If the peer keep-all-routes command is used on the device for the first time, the sessions between the device and its peers are reestablished.
The refresh bgp command takes effect when the peer keep-all-routes command is used on the device supporting route-refresh.
- Run:
peer { ipv4-address | group-name } keep-all-routes
The device is configured to store all the routing updates received from its peers or peer groups.
By default, the device stores only the routing updates that are received from peers or peer groups and match a configured import policy.
- Run:
commitThe configuration is committed.
- Run:
Checking the Configuration
Procedure
- Run the display ip as-path-filter [ as-path-filter-number ] command to check information about a configured AS_Path filter.
- Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num | comm-filter-name ] command to check information about a configured community filter.
- Run the display ip extcommunity-filter [ extcomm-filter-number | extcomm-filter-name ] command to check information about a configured extcommunity filter.
- Run the display bgp routing-table as-path-filter { as-path-filter-number | as-path-filter-name } command to check information about routes matching a specified AS_Path filter.
- Run the display bgp routing-table community-filter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advanced-community-filter-number } command to check information about routes matching a specified BGP community filter.
- Run the display bgp routing-table peer ipv4-address received-routes [ active ] [ statistics ] command to check information about routes received by a BGP device from its peers.
- Run the display bgp multicast routing-table different-origin-as command to check information about MBGP routes with different origin ASs.
- Run the display bgp multicast routing-table regular-expression as-regular-expression to check information about MBGP routes matching the AS regular expression.
- Run the display bgp multicast paths [ as-regular-expression ] command to check information about AS paths.
- Run the display bgp multicast routing-table as-path-filter { as-path-filter-number | as-path-filter-name } command to check information about MBGP routes matching the AS_Path filter.
- Run the display bgp multicast routing-table community-filter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advanced-community-filter-number } command to check information about routes matching a specified MBGP community filter.
- Run the display bgp multicast routing-table peer peer-address { advertised-routes | received-routes [ active ] } [ statistics ] command to check information about routes that are sent by and received from the specified MBGP peer.
- Run the display bgp multicast network command to check the routing information that MBGP advertises.