No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Routing Policy Configuration Commands

Routing Policy Configuration Commands

NOTE:

The CE6810LI does not support IPv4 or IPv6 Layer 3 forwarding. After the IPv4 or IPv6 function is enabled on an interface of the CE6810LI, the configured IPv4 or IPv6 address can only be used to manage the switch.

apply as-path

Function

The apply as-path command sets the action for changing the AS_Path attribute of BGP routes in a routing policy.

The undo apply as-path command restores the default setting.

By default, the action for changing the AS_Path attribute of BGP routes is not set in a routing policy.

Format

apply as-path { { as-number-plain | as-number-dot } &<1-10> { additive | overwrite | delete } | none overwrite }

undo apply as-path

Parameters

Parameter Description Value
as-number-plain Specifies an integral AS number to be added to the AS_Path list or to replace the existing AS_Path list. A maximum of 10 AS numbers can be specified in one command. The value is an integer ranging from 1 to 4294967295.
as-number-dot Specifies an AS number in dotted notation to be added to the AS_Path list or to replace the existing AS_Path list. A maximum of 10 AS numbers can be specified in one command. The value is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively.
additive Adds the specified AS number to the original AS_Path attribute. -
overwrite Replaces the original AS_Path with the specified AS number. -
none Clears the original AS_Path list. -
delete Deletes the specified AS number to the original AS_Path attribute. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the AS_Path attribute of BGP routes BGP for selecting the optimal route, you can apply a routing policy containing the apply as-path command.

AS_Path is a private attribute of BGP and records all ASs that a route passes through from the local end to the destination address. Using the AS_Path attribute controls route selection and prevents routing loops. If multiple routes are destined for the same destination address, BGP compares the AS_Path lists of these routes and considers the route with the shortest AS_Path list as the optimal route.

After this command is configured, the AS_Path list for matched BGP routes will change. Assume that the original AS-Path is (30, 40, 50) and the BGP route matching condition is met. In this case:
  • If the apply as-path 60 70 80 additive command is run, the AS-Path list is changed to (60, 70, 80, 30, 40, 50). This configuration change is generally used to make the BGP route not preferentially selected.
  • If the apply as-path 60 70 80 overwrite command is run, the AS-Path list is changed to (60, 70, 80). There are many application scenarios for changing the AS-Path list, and the major application scenarios are as follows:
    • Hide the real path information of routes. For example, after the AS-Path list is changed to (60, 70, 80), the AS-Path information of the route (30, 40, 50) is lost.
    • Implement load balancing. For example, a router receives two routes with the same destination IP address 10.1.0.0/16. The AS_Path list of one route is (60, 70, 80) and that of the other route is (30, 40, 50). In this case, you can change the AS_Path list (30, 40, 50) to (60, 70, 80), and load balancing then may be implemented on the two routes.
    • Shorten the AS-Path list to prevent the route from being discarded. If the as-path-limit command is configured, whether the number of AS numbers in the AS-Path list of the incoming route exceeds the maximum value needs to be checked. If the number exceeds the maximum value, the route is discarded. Therefore, before receiving a route with a long AS-Path list, replace the AS-Path list with a shorter AS-Path list. For example, if the original AS-Path list is (60, 70, 80, 65001, 65002, 65003), run the apply as-path 60 70 80 overwrite command to change the AS-Path list to (60, 70, 80). In this manner, the length of the AS-Path is shortened, preventing the route from being discarded.
    • Shorten the AS-Path list to make the route preferentially selected and traffic directed to the local AS.
  • If the apply as-path none overwrite command is run, the AS-Path list is changed to be vacant. In BGP route selection, if the AS-Path list is vacant, the length of the AS-Path list is considered as 0. Therefore, clearing the AS-Path list can not only hide the real path information, but also make the route preferentially selected and traffic directed to the local AS because the AS-Path list is shortened.

Prerequisites

The apply as-path command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects BGP route selection.

Running the apply as-path command changes the path through which network traffic passes. Use this command only when you are familiar with the network topology and impact of the command on services.

Example

# Change the AS number in the original AS_Path attribute to 200, 10.10.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply as-path 200 10.10 additive

apply comm-filter delete

Function

The apply comm-filter delete command sets the action for deleting community attributes of a specified community filter in a routing policy.

The undo apply comm-filter command restores the default setting.

By default, the action for deleting community attributes of a specified community filter is not set in a routing policy.

Format

apply comm-filter { basic-comm-filter-number | adv-comm-filter-number | comm-filter-name } delete

undo apply comm-filter

Parameters

Parameter Description Value
basic-comm-filter-number Specifies the number of a basic community filter. The value is an integer ranging from 1 to 99.
adv-comm-filter-number Specifies the number of an advanced community filter. The value is an integer ranging from 100 to 199.
comm-filter-name Specifies the name of a community filter. The comm-filter-name must already exist.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To delete the community attributes, you can run the ip community-filter command several times to configure community attributes one by one, and apply the routing policy containing the apply comm-filter delete command to delete these community attributes.

The community attribute is a private attribute of BGP. The apply comm-filter delete command takes effect only for BGP routes.

Prerequisites

The apply comm-filter delete command can be used only after the route-policy command is used.

Precautions

After routes meet the filtering conditions, the specified community attributes of these routes are deleted.

  1. When the delete operation is configured on a specified community attribute list, only one community attribute can be configured for the specified community attribute list. To delete multiple community attributes, you need to configure multiple community attribute lists. For example, if community attribute list 1 is used to delete 100:100 200:200 from the community attribute 100:100 200:200 carried in a route, you need to perform the following configurations on community attribute list 1:

    [*HUAWEI] ip community-filter 1 permit 100:100
    [*HUAWEI] ip community-filter 1 permit 200:200
    [*HUAWEI] commit
    [*HUAWEI] display ip community-filter
    Community filter Number: 1
    permit 100:100
    permit 200:200
    [*HUAWEI] route-policy RP1 permit node 10
    [*HUAWEI-route-policy] apply comm-filter 1 delete

    If multiple community attributes are configured in the same community filter, the apply comm-filter delete command cannot delete these community attributes. To delete the community attributes, you can run the ip community-filter command several times to configure community attributes one by one, and apply the routing policy containing the apply comm-filter delete command to delete these community attributes. For example, the following command cannot delete the community attribute 100:100 200:200 of the route:

    [*HUAWEI] ip community-filter 1 permit 100:100 200:200
    [*HUAWEI] commit
    [*HUAWEI] display ip community-filter
    Community filter Number: 1
    permit 100:100 200:200
    [*HUAWEI] route-policy RP1 permit node 10
    [*HUAWEI-route-policy] apply comm-filter 1 delete
  2. When the apply community and apply comm-filter delete commands are run on the same node in a routing policy, the system performs the delete operation before the set operation regardless of the sequence in which the two commands are run.

    [*HUAWEI] display route-policy
    Route-policy : 123a
      permit : 10
    Match clauses:
    Apply clauses: a
    apply community 999:9 additive
    apply comm-filter 1 delete

    The following command output shows that community attribute 111:1 of the corresponding BGP route is deleted and community attribute 999:9 is added.

    [*HUAWEI] display ip community-filter
    Community filter Number: 1 
    permit 111:1 
    permit 999:9

Example

# Delete the specified BGP route community attributes 1:200, 2:200, and 3:200 from the community filter.

<HUAWEI> system-view
[~HUAWEI] ip community-filter 1 permit 1:200
[*HUAWEI] ip community-filter 1 permit 2:200
[*HUAWEI] ip community-filter 1 permit 3:200
[*HUAWEI] route-policy test permit node 10
[*HUAWEI-route-policy] apply comm-filter 1 delete

apply community

Function

The apply community command sets the action for changing the community attribute of BGP routes in a routing policy.

The undo apply community command restores the default setting.

By default, the action for changing the community attribute of BGP routes is not set in a routing policy.

Format

apply community none

apply community { community-number | aa:nn | internet | no-advertise | no-export | no-export-subconfed } &<1-32> [ additive ]

undo apply community

Parameters

Parameter Description Value
none Indicates that all the community attributes of routes are deleted. -
community-number | aa:nn Specifies the community number. A maximum of 32 community numbers can be configured in the apply community command.
  • If you do not configure any one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 32 community-number and aa:nn together.
  • If you configure one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 31 community-number and aa:nn together.
  • If you configure two of internet, no-export-subconfed, no-advertise, and no-export, you can specify 30community-number and aa:nn together.
  • If you configure three of internet, no-export-subconfed, no-advertise, and no-export, you can specify 29 community-number and aa:nn together.
  • If you configure all of internet, no-export-subconfed, no-advertise, and no-export, you can specify 28 community-number and aa:nn together.
The value of community-number is an integer ranging from 0 to 4294967295. The value of aa or nn ranges from 0 to 65535.
internet Indicates that matching routes are sent to any peer. By default, all routes belong to the Internet community. -
no-advertise Indicates that matching routes are not sent to any peer. That is, after a router receives a route with this attribute, it does not advertise the route to other BGP peers. -
no-export Indicates that matching routes are sent to other sub-ASs but not to other ASs. That is, after a router receives a route with this attribute, it does not advertise the route outside the local AS. -
no-export-subconfed Indicates that matching routes are neither sent to other sub-ASs nor to other ASs. That is, after a router receives a route with this attribute, it does not advertise the route to other sub-ASs. -
additive Indicates that community attributes are added to matching routes. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The community attribute, a private attribute of BGP, simplifies the application of routing policies and facilitates route maintenance and management. A community is a set of destination addresses with the same characteristics. These addresses have no physical boundary and are independent of their ASs. They share one or multiple community attributes, which can be changed or set using the apply community command.

  • Run the route-policy command to enter the route-policy view.
  • A route-policy may consist of multiple nodes. The relationship between the nodes is "OR". The system matches a route against the nodes in sequence. If the route matches a node, the route matches the route-policy, and the system no longer matches it against other nodes.
  • Each node comprises a set of if-match and apply clauses. The if-match clauses define the filtering rules that are used to match certain route attributes. The relationship among if-match clauses of the same node that are based on different route attributes is AND. A route matches a node only when the route matches all the filtering rules specified in the if-match clauses of the node. The apply clauses specify actions. The relationship among if-match clauses of the same node that are based on the same route attribute is OR. The system matches routes against the if-match clauses in order. If a route matches an if-match clause, the system no longer matches the route against the rest if-match clauses. For example, the if-match community-filter 1 and if-match as-path-filter 1 configurations in node 10 are based on different route attributes. Therefore, the relationship among if-match clauses of this node is AND. The if-match community-filter 1 and if-match community-filter 2 configurations in node 20 are both based on the community attribute. Therefore, the relationship among if-match clauses of this node is OR. The apply clauses specify actions. If a route matches a node, the apply clauses set some attributes for the route.

Prerequisites

A route-policy has been configured using the route-policy command.

Configuration Impact

If the apply community command is configured in a route-policy, the community attributes of the BGP routes that match the route-policy are changed based on the configurations in the route-policy.

For example, the original community attribute of a BGP route is 30. If this BGP route matches a route-policy, the AS number is replaced or added based on the route-policy.

  • If the apply community 100 command is run, the community attribute is changed to 100.
  • If the apply community 100 150 command is run, the community attribute is changed to 100, 150.
  • If the apply community 100 150 additive command is run, the community attribute is changed to 30, 100, 150.
  • If the apply community none command is run, the community attribute of the BGP route is deleted.

Example

# Configure a routing policy named setcommunity, match the route with the AS_Path filter being 8, and change its community attribute to no-export.

<HUAWEI> system-view
[~HUAWEI] route-policy setcommunity permit node 16
[*HUAWEI-route-policy] if-match as-path-filter 8
[*HUAWEI-route-policy] apply community no-export

apply cost

Function

The apply cost command sets the action for changing the cost of routes in a routing policy.

The undo apply cost command restores the default setting.

By default, the action for changing the cost of routes is not set in a routing policy.

Format

apply cost { [ apply-type ] cost | inherit }

undo apply cost

Parameters

Parameter Description Value
apply-type Specifies the cost type of routes.
  • +: increases the route cost. If the link quality is poor or the link bandwidth is rather small, you can specify this parameter to increase the route cost, controlling route selection.
  • -: reduces the route cost. If the link quality is good or the link bandwidth is rather great, you can specify this parameter to reduce the route cost, controlling route selection.
cost Specifies the route cost. To control route selection, you can adjust the route cost to prevent routing loops. The value is an integer ranging from 0 to 4294967295.
inherit Inherits the original route cost. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the cost of routes for selecting the optimal route, you can apply a routing policy containing the apply cost command.

Prerequisites

The apply cost command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects route selection.

The costs of imported routes are independent of the routing policy after the undo apply cost command is used to cancel the configuration of route costs.

Example

# Define an apply clause to set the route cost to 120.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply cost 120

apply cost-type

Function

The apply cost-type command sets the action for changing the cost type of routes in a routing policy.

The undo apply cost-type command restores the default setting.

By default, the action for changing the cost type of routes is not set in a routing policy.

Format

apply cost-type { external | internal | type-1 | type-2 | internal-inc-ibgp }

undo apply cost-type

Parameters

Parameter Description Value
external Sets the cost type of IS-IS external routes. -
internal Sets the cost type of IS-IS internal routes or sets the MED value of BGP routes as the IGP cost of the next hop. -
type-1 Sets Type 1 external routes of OSPF. -
type-2 Sets Type 2 external routes of OSPF. -
internal-inc-ibgp Sets the MED value of BGP routes as the IGP cost of the next hop when BGP advertises routes to IBGP and EBGP peers on a BGP network. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the cost type of routes for selecting the optimal route, you can apply a routing policy containing the apply cost-type command.

Prerequisites

The apply cost-type command can be used only after the route-policy command is used.

Precautions

The priority of the apply cost-type clause is higher than that of the apply cost clause, which affects route selection when a routing policy takes effect.

Precautions

Different operations are performed when the apply cost-type internal command is applied to IS-IS routes and BGP routes:

  • When the apply cost-type internal command is applied to IS-IS routes:

    Routes are configured as IS-IS internal routes.

  • When the apply cost-type internal command is applied to BGP routes:

    When a switch advertises a route learned from an IBGP peer to an EBGP peer, if the apply cost-type internal command is run, the switch sets the MED value of the route to be advertised to the EBGP peer as the IGP cost of the next hop of the route.

Example

# Set the cost type to OSPF external Type-1.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply cost-type type-1

apply dampening

Function

The apply dampening command sets the action for changing the dampening parameters of EBGP routes in a routing policy.

The undo apply dampening command restores the default setting.

By default, the action for changing the dampening parameters of EBGP routes is not set in a routing policy.

Format

apply dampening half-life-reach reuse suppress ceiling

undo apply dampening

Parameters

Parameter Description Value
half-life-reach Specifies the half-life of a reachable route. The value is an integer ranging from 1 to 45, in minutes.
reuse Specifies the threshold for routes to be released from the dampening state. When the penalty value falls below the threshold, routes are reused. The value is an integer ranging from 1 to 20000.
suppress Specifies the threshold for routes to enter the dampening state. When the penalty value exceeds the threshold, routes are suppressed. The value is an integer ranging from 1 to 20000. The configured value of suppress must be greater than the value of reuse.
ceiling Specifies the upper limit of the penalty value of routes. The value is an integer ranging from 1001 to 20000. The configured value of ceiling must be greater than the value of suppress.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply dampening command, which is mostly used in BGP, is used to prevent frequent route dampening from affecting routers on the network.

You can configure different route dampening parameters for different nodes in the same routing policy. When route flapping occurs, BGP can use different route dampening parameters to suppress the routes that match the routing policy.

Procedure

If the apply dampening command is run multiple times, the latest configuration overwrites the previous one.

Prerequisites

The apply cost-type command can be used only after the route-policy command is used.

Configuration Impact

If the apply dampening command is run, each time route flapping occurs, BGP adds a certain penalty value to this route.

Precautions

The parameters in this command do not have default values and must be set. The values of reuse, suppress, and ceiling are listed in ascending order: reuse < suppress <ceiling. According to the formula, MaxSuppressTime = half-life-reach x 60 x (ln (ceiling/reuse)/ln (2)), routes are unsuppressed if the value of MaxSuppressTime is less than 1. Therefore, the value of the ceiling/reuse must be great enough so that the value of MaxSuppressTime can be equal to or greater than 1.

Example

# Set dampening parameters for EBGP routes.

<HUAWEI> system-view
[~HUAWEI] route-policy aa permit node 10
[*HUAWEI-route-policy] apply dampening 20 2000 10000 16000

apply extcommunity

Function

The apply extcommunity command sets the action for changing the extended community attribute of BGP routes in a routing policy.

The undo apply extcommunity command restores the default setting.

By default, the action for changing the extended community attribute of BGP routes is not set in a routing policy.

Format

apply extcommunity { rt { as-number:nn | ipv4-address:nn } } &<1-16> [ additive ]

undo apply extcommunity [ rt ]

Parameters

Parameter Description Value
rt Indicates the route-target extended community. A maximum of 16 route targets can be configured. -
as-number Specifies the AS number. The AS number can be 2-byte or 4-byte.
  • A 2-byte AS number is an integer ranging from 1 to 65535.
  • A 4-byte AS number is in the x.y format. Here, "x" and "y" are integers ranging from 1 to 65535 and from 0 to 65535 respectively.
ipv4-address Specifies the IPv4 address. It is in dotted decimal notation.
nn Specifies an integer.
  • When the value of as-number is a 2-byte AS number, the value of nn ranges from 0 to 4294967295.
  • When the value of as-number is a 4-byte AS number, the value of nn ranges from 0 to 65535.
  • For ipv4-address, the value of nn ranges from 0 to 65535.
additive Indicates that existing community attributes can be added to routes. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When controlling inter-AS VPN route receiving and advertising, apply the routing policy that contains the apply extcommunity command to change the RT extended community attribute of matched routes. Currently, only the RT extended community attribute is supported. This command cannot specify an extended community attribute for public routes.

Prerequisites

The apply extcommunity command can be used only after the route-policy command is used.

Precautions

When the routing policy that contains the action is used in the BGP view, BGP IPv4 unicast address view, or BGP IPv6 unicast address view, the action does not take effect.

When a routing policy takes effect, it affects inter-AS VPN route receiving and advertising.

If the keyword additive is not set in the apply extcommunity command, the original extended community attribute is replaced.

Example

# Add 100:2, 10.1.1.1:22, 100.100:100 to the VPN route-target extended community attribute of BGP.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply extcommunity rt 100:2 rt 10.1.1.1:22 rt 100.100:100 additive

apply extcommunity soo

Function

The apply extcommunity soo command configures Source of Origin (SoO) extended community attributes for BGP routes.

The undo apply extcommunity soo command cancels the configuration.

By default, no SoO extended community attributes are configured.

Format

apply extcommunity soo { source-of-origin } &<1-16> additive

undo apply extcommunity soo

Parameters

Parameter Description Value
source-of-origin Specifies an SoO extended community attributes.

The SoO attribute is a BGP extended community attribute and can be expressed in any of the following formats:

  • 2-byte AS number:4-byte user-defined number, for example, 1:3 The AS number ranges from 0 to 65535, and the user-defined number ranges from 0 to 4294967295. The AS number and user-defined number cannot both be set to 0. This means that the value of the SoO attribute cannot be 0:0.

  • IPv4-address:2-byte user-defined number, for example, 192.168.122.15:1 The IP address ranges from 0.0.0.0 to 255.255.255.255, and the user-defined number ranges from 0 to 65535.

  • Integral 4-byte AS number:2-byte user-defined number, for example, 0:3 or 65537:3. An AS number ranges from 65536 to 4294967295. A user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s. That is, the value of the SoO attribute cannot be 0:0.

  • 4-byte AS number in dotted notation:2-byte user-defined number, for example, 0.0:3 or 0.1:0. A 4-byte AS number in dotted notation is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively. A user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s. That is, the value of the SoO attribute cannot be 0.0:0.

additive Indicates that existing extended community attributes can be added to routes. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply extcommunity command is applicable to BGP/MPLS IP VPNs. At present, there are two types of BGP extended community attributes.
  • VPN route-target (RT) extended community
  • Source of Origin (SoO) extended community

At present, SoO extended community attributes can be set only through the route-policy.

Prerequisites

The apply extcommunity soo command can be used only after a route-policy is configured.

Precautions

If the keyword additive is not set in the apply extcommunity command, the original SoO extended community attribute is replaced.

Example

# Add 0.0:3 to the SoO extended community attribute of BGP.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply extcommunity soo 0.0:3 additive

apply ip-address next-hop (Route-Policy view)

Function

The apply ip-address next-hop command sets the action for changing the next hop address of BGP routes in a routing policy.

The undo apply ip-address next-hop command restores the default setting.

By default, the action for changing the next hop address of BGP routes is not set in a routing policy.

Format

apply ip-address next-hop { ipv4-address | peer-address }

undo apply ip-address next-hop { ipv4-address | peer-address }

Parameters

Parameter Description Value
ipv4-address Specifies the next hop address. It is in dotted decimal notation.
peer-address

Sets the next hop address to the local address when the apply clause is used by an export policy.

Sets the next hop address to the peer address when the apply clause is used by an import policy.

-

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the next hop address of BGP routes for selecting the optimal route, you can apply a routing policy containing the apply ip-address next-hop command.

The next hop address of a BGP route is set using the policy in the following situations:

  • IBGP: Configure the import or export policy for the IBGP peer. If the next hop address configured in the routing policy is unreachable, the IBGP peer adds the corresponding route to the BGP routing table. However, this route is invalid.

  • EBGP: Configure the import policy for the EBGP peer. If an export policy is configured, the route destined for the EBGP peer is discarded because the next hop address is unreachable. When EBGP peers are directly connected, the routing policy does not take effect. This means that the next hop address remains unchanged.

Prerequisites

The apply ip-address next-hop command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects BGP route selection.

When a routing policy is specified in the import-route and network commands, the apply ip-address next-hop clause in the routing policy does not take effect.

The command sets a next hop IP address for the routes that match the relevant route-policy, which may change the service forwarding path. Therefore, exercise caution when running this command.

Example

# Define an apply clause to set the next hop address as 192.168.1.8.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply ip-address next-hop 192.168.1.8

apply ipv6 next-hop

Function

The apply ipv6 next-hop command sets the action for changing an IPv6 next hop address of a BGP route in a route-policy.

The undo apply ipv6 next-hop command restores the default setting.

By default, the action for changing the IPv6 next hop addresses of BGP routes are not configured in a route-policy.

Format

apply ipv6 next-hop { peer-address | ipv6-address }

undo apply ipv6 next-hop { peer-address | ipv6-address }

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 next hop address. The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
peer-address Specifies the peer address as the next hop. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply ipv6 next-hop command configures an IPv6 next hop address for a BGP route.

In BGP, the next hop address of a route can be set through the route-policy in the following situations:

  • IBGP

    For an IBGP peer, the configured inbound and outbound policies can take effect. If the next hop address configured in the policy is unreachable, the IBGP peer still adds the route to the BGP routing table, but the route is not valid.

  • EBGP

    For an EBGP peer, when the policy is used to modify the next hop address of a route, the inbound policy is configured. If the outbound policy is configured, the route is discarded because its next hop is unreachable. When the EBGP peer relationship is established through a physical connection, the policy cannot take effect. That is, the next hop address of the route cannot be modified.

Prerequisites

The apply ipv6 next-hop command can be used only after the route-policy command is used.

After a BGP route matches a route-policy, you can change the IPv6 next hop address of the BGP route.

When a route-policy is being applied in the import-route and network commands, the apply ipv6 next-hop clause in the route-policy does not take effect.

Example

# Set FC00:0:0:6::1 as the next hop address.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply ipv6 next-hop fc00:0:0:6::1

apply isis

Function

The apply isis command sets the action for changing the level of routes imported to IS-IS in a routing policy.

The undo apply isis command restores the default setting.

By default, the action for changing the level of routes imported to IS-IS is not set in a routing policy.

Format

apply isis { level-1 | level-1-2 | level-2 }

undo apply isis

Parameters

Parameter Description Value
level-1 Indicates IS-IS Level-1 routes. -
level-1-2 Indicates IS-IS Level-1 and Level-2 routes. -
level-2 Indicates IS-IS Level-2 routes. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A large number of external routes can be imported to IS-IS, which causes extra burdens on IS-IS-enabled devices. To solve this problem, run the apply isis command to set the level of the routes to be imported to IS-IS.

Prerequisites

The apply isis command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects route receiving and advertising in IS-IS.

Example

# Set the level of the routes imported to IS-IS.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply isis level-1

apply local-preference

Function

The apply local-preference command sets the action for changing the local preference of BGP routes in a routing policy.

The undo apply local-preference command restores the default setting.

By default, the action for changing the local preference of BGP routes is not set in a routing policy.

Format

apply local-preference [ + | - ] preference

undo apply local-preference

Parameters

Parameter Description Value
preference Specifies the local preference of BGP routes. The value is an integer ranging from 0 to 4294967295.
+ Increment the attribute with specified value. -
- Subtract the attribute by specified value. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The Local-Pref attribute is a private attribute of BGP. The apply local-preference command sets only the local preference for BGP routes. The Local_Pref attribute is used to determine the optimal route when traffic leaves an AS. When a BGP router obtains multiple routes to the same destination address but with different next hops through IBGP peers, the route with the largest Local_Pref value is selected.

Prerequisites

After a BGP route matches a routing policy, you can change the local preference of the BGP route.

Precautions

When a routing policy takes effect, it affects BGP route selection.

The Local_Pref attribute applies to the routing within an AS rather than be advertised to the outside of the AS. In this case, the apply local-preference command does not take effect when EBGP neighbor relationships are set up.

Example

# Set the local preference of BGP routes to 130.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply local-preference 130

apply mpls-label

Function

The apply mpls-label command sets the action for allocating MPLS labels to public routes in a routing policy.

The undo apply mpls-label command restores the default setting.

By default, the action for allocating MPLS labels to public routes is not set in a routing policy.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE6880EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI switches support this command.

Format

apply mpls-label

undo apply mpls-label

Parameters

None

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In the scenario where inter-AS VPN Option C or Carrier Support Carrier (CSC) is deployed, you can use the apply mpls-label command to allocate labels to public routes.

Prerequisites

The apply mpls-label command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it allocates MPLS labels to public routes.

Example

# Assign MPLS labels to the routes that match the routing policy.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply mpls-label
Related Topics

apply origin

Function

The apply origin command sets the action for changing the Origin attribute of BGP routes in a routing policy.

The undo apply origin command restores the default setting.

By default, the action for changing the Origin attribute of BGP routes is not set in a routing policy.

Format

apply origin { egp { as-number-plain | as-number-dot } | igp | incomplete }

undo apply origin

Parameters

Parameter Description Value
egp as-number-plain Sets the origin of BGP routes as EGP. The parameter as-number-plain specifies the Integral AS number of an external route. An AS number uniquely identifies an AS. as-number-plain is required when you need to change the origin of BGP routes as EGP. EGP has the secondary highest priority. The Origin attribute of the routes obtained through EGP is EGP. The value is an integer ranging from 1 to 4294967295.
egp as-number-dot Sets the origin of BGP routes as EGP. The parameter as-number-dot specifies the AS number in dotted notation of an external route. An AS number uniquely identifies an AS. as-number-dot is required when you need to change the origin of BGP routes as EGP. EGP has the secondary highest priority. The Origin attribute of the routes obtained through EGP is EGP. The value is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively.
igp Sets the origin of BGP routes as IGP. IGP has the highest priority. The Origin attribute of the routes obtained through an IGP of the AS that originates the routes, such as the routes imported to the BGP routing table through the network command, is IGP. -
incomplete Sets the origin code of BGP routes as unknown. Incomplete has the lowest priority. The Origin attribute of the routes learned through other methods, such as the routes imported by BGP through the import-route command, is Incomplete. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the Origin attribute of routes for selecting the optimal route, you can apply a routing policy containing the apply origin command. The Origin attribute is a private attribute of BGP and defines the origin of a route.

Prerequisites

The apply origin command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects BGP route selection.

Example

# Set the origin of BGP routes to IGP.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply origin igp

apply ospf

Function

The apply ospf command sets the action performed for configuring an OSPF area to which the route is imported in a routing policy.

The undo apply ospf command restores the default setting.

By default, the action performed for configuring an OSPF area to which the route is imported is not set in a routing policy.

Format

apply ospf { backbone | stub-area }

undo apply ospf

Parameters

Parameter Description Value
backbone Imports routes to the OSPF backbone area. -
stub-area Imports routes to an OSPF NSSA. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply ospf command can be used to specify the OSPF backbone area or NSSA area to which routes are imported. This can prevent OSPF from importing too many external routes, which brings heavy burden on OSPF devices.

Prerequisites

The apply ospf command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, routes are imported to the specified OSPF area.

Example

# Import routes to the OSPF backbone area.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply ospf backbone

apply preference

Function

The apply preference command sets the action for changing the preference of routes in a routing policy.

The undo apply preference command restores the default setting.

By default, the action for changing the preference of routes is not set in a routing policy.

Format

apply preference preference

undo apply preference

Parameters

Parameter Description Value
preference Specifies the route precedence. Route sharing and route selection are difficult because multiple routing protocols can run on the device at the same time; therefore, a default preference needs to be specified for each routing protocol. When different protocols discover multiple routes to the same destination, the route discovered by the protocol with a higher preference is selected to forward IP packets. The smaller the preference value, the higher the preference. The value is an integer ranging from 1 to 255.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the preference of routes for selecting the optimal route, you can apply a routing policy containing the apply preference command.

Prerequisites

The apply preference command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects route selection.

Example

# Set the preference for routes.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply preference 90

apply preferred-value

Function

The apply preferred-value command sets the action for changing the preferred value of BGP routes in a routing policy.

The undo apply preferred-value command restores the default setting.

By default, the action for changing the preferred value of BGP routes is not set in a routing policy.

Format

apply preferred-value preferred-value

undo apply preferred-value

Parameters

Parameter Description Value
preferred-value Specifies the preferred value of BGP routes. In route selection, the BGP route with the largest preferred value is preferred. The value is an integer ranging from 0 to 65535.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the preferred value of BGP routes for selecting the optimal route, you can apply a routing policy containing the apply preferred-value command.

Prerequisites

The apply preferred-value command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects BGP route selection.

The preferred value of a route indicates the weight of the route in BGP routing. The preferred value is not a standard RFC-defined attribute and is valid only on local devices. The preferred value is inapplicable to export policies of BGP.

Example

# Set the preferred value for BGP routes.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply preferred-value 66

apply tag

Function

The apply tag command sets the action for changing the tag of routes in a routing policy.

The undo apply tag command restores the default setting.

By default, the action for changing the tag of routes is not set in a routing policy.

Format

apply tag tag

undo apply tag

Parameters

Parameter Description Value
tag Specifies the tag of routes. Routes can be tagged as required. You can set the same tag for the same type of route. Routes can be flexibly controlled and managed through tags in the routing policy. The value is an integer ranging from 0 to 4294967295.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To identify the routes, you can apply a routing policy containing the apply tag command to add the same tag to the matched routes.

Prerequisites

The apply tag command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effects, routes will be matched by routing policies related to the tag.

BGP routes do not support tags. The apply tag command sets the tag for only IGP routes.

Example

# Set the tag of routes to 100.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] apply tag 100

description (Route-Policy view)

Function

The description command configures the description of a route-policy.

The undo description command deletes the description of a route-policy.

By default, no description is configured for the route-policy.

Format

description text

undo description

Parameters

Parameter Description Value
text Specifies the description of a route-policy. The description is a string of 1 to 80 case-sensitive characters that can contain spaces.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The description command can be used to configure a description for a created route-policy. If many route-policies have been configured, configuring descriptions for the policies will facilitate policy management.

Prerequisites

A route-policy has been created by using route-policy command.

Example

# Configure the description of the route-policy named temp.

<HUAWEI> system-view
[~HUAWEI] route-policy temp permit node 10
[*HUAWEI-route-policy] description This policy-name is temp
Related Topics

display ip as-path-filter

Function

display ip as-path-filter command displays the configuration of the AS_Path filter.

Format

display ip as-path-filter [ as-path-filter-number | as-path-filter-name ]

Parameters

Parameter Description Value
as-path-filter-number Displays the configuration of an AS_Path filter with a specified number. It is an integer that ranges from 1 to 256.
as-path-filter-name Displays the configuration of an AS_Path filter with a specified name. The name of the AS-Path filter must already exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The AS-Path attribute is a BGP-specific attribute. An AS-Path filter is used to filter BGP routes.

You can run the display ip as-path-filter command to:
  • View detailed information about a configured AS path filter.
  • Check whether an AS-Path filter is deleted successfully after running the undo ip as-path-filter command.

Precautions

The display ip as-path-filter command:
  • Displays the configuration information about a specified AS-Path filter, if the number or name of the AS-Path filter is specified.
  • Displays the configuration information about all AS-Path filters, if neither the number nor name of the AS-Path filter is specified.
  • Does not display any information, if the AS-Path filter does not exist in the system or the AS-Path filter that is queried does not exist.

Example

# Display the configured AS_Path filter.

<HUAWEI> display ip as-path-filter
ListID    Mode      Expression
1         permit    1.1 100,200
200       permit    2.2 500,600
Table 9-185  Description of the display ip as-path-filter command output

Item

Description

ListID

Indicates the number of an AS_Path filter.

Mode

Indicates the matching mode, which can be:
  • permit

  • deny

Expression

Indicates the regular expression.

Related Topics

display ip community-filter

Function

The display ip community-filter command displays the configuration of the community filter.

Format

display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num | comm-filter-name ]

Parameters

Parameter Description Value
basic-comm-filter-num Displays the configuration of a basic community filter with a specified number.

The value is an integer ranging from 1 to 99.

adv-comm-filter-num Displays the configuration of an advanced community filter with a specified number.

The value is an integer ranging from 100 to 199.

comm-filter-name Displays the configuration of a community filter with a specified name. The name of the community filter must already exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The community attribute is a BGP-specific attribute. A community filter is used to filter BGP routes.

You can run the display ip community-filter command to:
  • View detailed information about a configured community filter.
  • Check whether a community filter is successfully deleted after running the undo ip community-filter command.

Precautions

The display ip community-filter command:
  • Displays the configuration information about a specified community filter, if the number or name of the community filter is specified.

  • Displays the configuration information about all community filters, if neither the number nor name of the community filter is specified.

  • Does not display any information, if the community filter does not exist in the system or the community filter that is queried does not exist.

Example

# Display all community filters.

<HUAWEI> display ip community-filter
Community filter Number: 10
         deny  no-export
Community filter Number: 110
         permit 110:110
Named Community basic filter: aa (ListID = 200)
         permit  1 internet
Named Community advanced filter: bb (ListID = 700)
         permit ^20                                
Table 9-186  Description of the display ip community-filter command output

Item

Description

Community filter Number

Indicates the number of a community filter.

permit

Indicates that the matching mode is permit.

deny

Indicates that the matching mode is deny.

Named Community basic filter

Indicates the name of a basic community filter.

Named Community advanced filter

Indicates the name of an advanced community filter.

Related Topics

display ip extcommunity-filter

Function

display ip extcommunity-filter command displays the configuration of the extended community filter.

Format

display ip extcommunity-filter [ basic-extcomm-filter-num | advanced-extcomm-filter-num | extcomm-filter-name ]

Parameters

Parameter Description Value
extcomm-filter-name Displays the configuration of an extended community filter with a specified name. The name of the extended community filter must already exist.
basic-extcomm-filter-num Specifies the basic extended community filter number. It is an integer that ranges from 1 to 199.
advanced-extcomm-filter-num Specifies the advanced extended community filter number. It is an integer that ranges from 200 to 399.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The extended community attribute is a BGP-specific attribute. An extended community filter is used to filter VPN routes.

You can run the display ip extcommunity-filter command to:
  • View detailed information about a configured extended community filter.
  • Check whether an extended community filter is successfully deleted after running the undo ip excommunity-filter command.

Precautions

The display ip extcommunity-filter command:
  • Displays the configuration information about a specified extended community filter, if the number or name of the extended community filter is specified.

  • Displays the configuration information about all extended community filters, if neither the number nor name of the extended community filter is specified.

  • Does not display any information, if the extended community filter does not exist in the system or the extended community filter that is queried does not exist.

Example

# Display information about the extended community filter.

<HUAWEI> display ip extcommunity-filter
Extended Community filter Number 10
         permit rt : 100:10
Extended Community filter Number 280
         permit rt 100:65
Extended Community filter basic filter: bas-abc
         permit rt : 200:10
Extended Community filter advanced filter: adv-abc
         deny 1.1.1.1:10
Table 9-187  Description of the display ip extcommunity-filter command output

Item

Description

Extended Community filter Number

Indicates the number of an extended community filter.

Extended Community filter basic filter

Basic extended community filter name.

Extended Community filter advanced filter

Advanced extended community filter name.

permit

Indicates that the matching mode is permit.

deny

Indicates that the matching mode is deny.

rt

Indicates the extended community attribute of the specified RT.

display ip extcommunity-list soo

Function

The display ip extcommunity-list soo command displays detailed configurations of the Source of Origin ( SoO ) extended community filter.

Format

display ip extcommunity-list soo [ extcomm-filter-name ]

Parameters

Parameter Description Value
extcomm-filter-name Specifies the SoO extended community filter name. The name is a string of 1 to 51 characters without any space. It is case-sensitive. When double quotation marks are used around the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The extended community attribute is a BGP-specific attribute. An extended community filter is used to filter VPN routes.

You can run the display ip extcommunity-list soo command to:
  • View detailed information about a configured SoO extended community filter.
  • Check whether an SoO extended community filter is successfully deleted after running the undo ip extcommunity-list soo command.

Precautions

The display ip extcommunity-list soo command:
  • Displays the configuration information about a specified SoO extended community filter, if the name of the SoO extended community filter is specified.

  • Displays the configuration information about all SoO extended community filters, if the name of the SoO extended community filter is not specified.

Example

# Display all SoO extended community filters.

<HUAWEI> display ip extcommunity-list soo
Named Extended Community SoO basic list: aaa
    index: 10            permit     1.2.3.4:5 
Named Extended Community SoO advanced list: bbb
    index: 20            permit     0755:*
Table 9-188  Description of the display ip extcommunity-list soo command output

Item

Description

Named Extended Community SoO basic list

Basic SoO extended community filter name

index

The sequence number of an SoO extended community filter.

permit

Matching mode is permit

deny

Matching mode is deny

Named Extended Community SoO advanced list

Advanced SoO extended community filter name

display ip ip-prefix

Function

The display ip ip-prefix command displays the configuration of IPv4 prefix lists.

Format

display ip ip-prefix [ ip-prefix-name ]

Parameters

Parameter Description Value
ip-prefix-name Displays the configuration of an IP prefix list with a specified name. The name is a string of 1 to 169 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

An IPv4 prefix list is used to filter IPv4 addresses. To achieve the following purposes, run the display ip ip-prefix command:
  • View detailed configuration of a configured IPv4 prefix list.
  • Check whether an IPv4 prefix list is deleted after running the undo ip ip-prefix command.
  • View the number of routes that do or do not match the route-policy in an IPv4 prefix list.

Precautions

The display ip ip-prefix command:
  • Displays the configuration of a specified IPv4 prefix list if the name of the IPv4 prefix list is specified.
  • Displays the configuration of all IPv4 prefix lists if no IPv4 prefix list name is specified.
  • Does not display information if no IPv4 prefix list exists in the system or the queried IPv4 prefix list does not exist.

Before collecting the number of routes that do or do not match the route-policy in an IPv4 prefix list within a certain period, run the reset ip ip-prefix command to clear existing statistics.

Example

# Display the configuration of the IP prefix list named p1.

<HUAWEI> display ip ip-prefix p1
ip-prefix p1
Description prefixok
  total permitted: 0             denied: 0   
    index 10           permit 1.1.1.1/32                           ge 24  le 32
    index 4294967295   permit 2.2.2.2/32                           ge 24
ip-prefix ab
  total permitted: 0             denied: 0                          
    index 10           permit 1.1.1.1/32
    index 20           deny   3.3.3.3/32
Table 9-189  Description of the display ip ip-prefix command output

Item

Description

ip-prefix

Name of an IPv4 prefix list.

total permitted

Number of routes that match a route-policy.

Description

Description of an IPv4 prefix list. This field is displayed only after a description is configured using the ip ip-prefix ip-prefix-name description text command.

Denied

Number of routes that do not match the route-policy.

index

Index of the entry in the IPv4 prefix list.

permit

Contents of the entry in the IPv4 prefix list.

ge

The mask is greater than or equal to .

le

The mask is less than or equal to .

Related Topics

display ip ipv6-prefix

Function

display ip ipv6-prefix displays the configuration of IPv6 prefix lists.

Format

display ip ipv6-prefix [ ipv6-prefix-name ]

Parameters

Parameter Description Value
ipv6-prefix-name Displays the configuration of an IP prefix list with a specified name. If ipv6-prefix-name is not specified, the configuration of all the configured IPv6 prefix lists is displayed. The name is a string of 1 to 169 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

An IPv6 prefix list is used to filter IPv6 addresses. To achieve the following purposes, run the display ip ipv6-prefix command:
  • View detailed configuration of a configured IPv6 prefix list.
  • Check whether an IPv6 prefix list is deleted after running the undo ip ipv6-prefix command.
  • View the number of routes that do or do not match the route-policy in an IPv6 prefix list.

Precautions

The display ip ipv6-prefix command:
  • Displays the configuration of a specified IPv6 prefix list if the name of the IPv6 prefix list is specified.
  • Displays the configuration of all IPv6 prefix lists if no IPv6 prefix list name is specified.
  • Does not display information if no IPv6 prefix list exists in the system or the queried IPv6 prefix list does not exist.

Before collecting the number of routes that do or do not match the route-policy in an IPv6 prefix list within a certain period, run the reset ip ipv6-prefix command to clear existing statistics.

Example

# Display the configuration of all the IPv6 prefix lists.

<HUAWEI> display ip ipv6-prefix
ipv6-prefix abc
Description prefixok
  total permitted: 0             denied: 0   
    index 10             permit ::/0
    index 20             permit ::/1  match-network ge 1   le 128
Table 9-190  Description of the display ip ipv6-prefix command output

Item

Description

Prefix-list6

Name of an IPv6 prefix list.

Description

Description of an IPv6 prefix list. This field is displayed only after a description is configured using the ip ipv6-prefix ipv6-prefix-name description text command.

Permitted

Number of routes that match a route-policy.

Denied

Number of routes that do not match a route-policy.

index

Index of the entry in the IPv6 prefix list.

permit

Contents of the entry in the IPv6 prefix list.

ge

Greater than or equal to.

le

Less than or equal to.

Related Topics

display ip rd-filter

Function

The display ip rd-filter command displays the configuration of the route distinguisher (RD) filter.

Format

display ip rd-filter [ rd-filter-number ]

NOTE:

CE6810LI does not support this command.

Parameters

Parameter Description Value
rd-filter-number Displays the configuration of an RD filter with a specified number. The value is an integer ranging from 1 to 199.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The RD attribute is carried in VPN routes. An RD filter is used to filter VPN routes.

You can run the display ip rd-filter command to:
  • View detailed information about a configured RD filter.
  • Check whether an RD filter is successfully deleted after running the undo ip rd-filter command.

Precautions

The display ip rd-filter command:
  • Displays the configuration information about a specified RD filter if the number of RD filter is specified.
  • Displays the configuration information about all RD filters if the number of the RD filter is not specified.
  • Does not display any information if the RD filter does not exist in the system or the RD filter that is queried does not exist.

Example

# Display detailed information about the configured RD filter.

<HUAWEI> display ip rd-filter
Route Distinguisher Filter 1
        index: 10     permit 1.1.1.1:1 2.2.2.2:* 100:1 200:*
Route Distinguisher Filter 2
        index: 10     deny 1:1 2:2
        index: 20     permit 1:* 2:*
Table 9-191  Description of the display ip rd-filter command output

Item

Description

Route Distinguisher Filter

Number of the RD filter

index

Sequence number of the RD filter

permit

Matching mode: permit

deny

Matching mode: deny

Related Topics

display route-policy

Function

The display route-policy command displays the configuration of the Route-Policy.

Format

display route-policy [ route-policy-name ]

Parameters

Parameter Description Value
route-policy-name Displays the configuration of a routing policy with a specified name. The name is a string of 1 to 200 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None.

Example

# Display the routing policy named policy1.

<HUAWEI> display route-policy policy1
Route-policy : policy1
  permit : 10 
    Match clauses :
        if-match acl 2000
    Apply clauses :
        apply cost 100
        apply tag 100
Table 9-192  Description of the display route-policy command output

Item

Description

Route-policy

Name of the routing policy

permit

Matching mode and node index of the routing policy

Match clauses

Matching condition list

Apply clauses

Apply clause list

Related Topics

if-match acl (Route-Policy view)

Function

The if-match acl command sets a matching rule that is based on the Access Control List (ACL).

The undo if-match acl command deletes the matching rule based on the specified ACL.

By default, no matching rule based on the ACL is configured.

Format

if-match acl { acl-number | acl-name }

undo if-match acl { acl-number | acl-name }

Parameters

Parameter Description Value
acl-number Specifies the number of a basic ACL. The value is an integer ranging from 2000 to 2999.
acl-name Specifies the name of a named ACL. The name of a named ACL must already exist.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match acl command to set a matching rule based on the ACL to match IPv4 prefixes.

Prerequisites

The if-match acl command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes using the ACL. Routes that match the ACL will be checked by other if-match clauses of this node. Routes that do not match the ACL will be checked by the next node.

An ACL name is a character string that starts with a letter. For example, 2a is an invalid ACL name.

The if-match acl command and the if-match ip-prefix command are mutually exclusive. If you run the if-match ip-prefix command after running the if-match acl command, the configuration of the if-match ip-prefix command overrides the configuration of the if-match acl command.

For a named ACL, when the rule command is used to configure a filtering rule, the filtering rule is effective only with the source address range that is specified by the source parameter and with the time period that is specified by the time-range parameter.

Example

# Set a matching rule that is based on ACL 2000.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match acl 2000

if-match as-path-filter

Function

The if-match as-path-filter command creates a matching rule based on the AS_Path filter.

The undo if-match as-path-filter command deletes a matching rule based on the specified AS_Path filter.

By default, no matching rule based on the AS_Path filter is configured.

Format

if-match as-path-filter { as-path-filter-number &<1-16> | as-path-filter-name }

undo if-match as-path-filter [ as-path-filter-number &<1-16> | as-path-filter-name ]

Parameters

Parameter Description Value
as-path-filter-number Specifies the number of an AS_Path filter. A maximum of 16 AS_Path filters can be specified. The value is an integer ranging from 1 to 256.
as-path-filter-name Specifies the name of the AS_Path filter. The as-path-filter-name must already exist.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The AS_Path attribute is the private attribute of BGP. The if-match as-path-filter command is applicable to only BGP routes. The ip as-path-filter command must be used to define an AS_Path filter so that the matching rule based on this AS_Path filter can take effect. For example:

  • If the if-match as-path-filter 1 command is used but AS_Path filter 1 is not configured, all routes are permitted, that is, all routes match the matching rule.
  • If the if-match as-path-filter 1 command after the ip as-path-filter 1 permit *20 command is used, the BGP routes with the AS_Path attribute being 20 are permitted.

The if-match as-path-filter command is required when you need to configure a node to filter routes based on the AS_Path filter. After such a filtering rule is configured, apply the apply clauses to change the attributes of the routes that match the AS_Path filter.

  • Run the route-policy command to enter the Route-policy view.
  • A route-policy may consist of multiple nodes. The relationship between the nodes is "OR". The system matches a route against the nodes in sequence. If the route matches a node, the route matches the route-policy, and the system no longer matches it against other nodes.
  • Each node comprises a set of if-match and apply clauses. The if-match clauses define the filtering rules that are used to match certain route attributes. The relationship between the if-match clauses of a node is "AND". A route matches a node only when the route matches all the filtering rules specified in the if-match clauses of the node. The apply clauses specify actions. If a route matches a node, the apply clauses set some attributes for the route.

Prerequisites

Before running the if-match as-path-filter command, run the ip as-path-filter command to configure an AS_Path filter.

Precautions

The routing policy matches routes using the AS-Path filter. Routes that match the AS-Path filter will be checked by other if-match clauses of this node. Routes that do not match the AS-Path filter will be checked by the next node.

A maximum of 16 AS_Path filters can be specified.

Example

# Configure AS_Path filter 2 to permit AS200 and AS300. Create a routing policy named test, and define AS_Path filter 2 in an if-match clause for node 10 of the routing policy.

<HUAWEI> system-view
[~HUAWEI] ip as-path-filter 2 permit _200_300
[*HUAWEI] route-policy test permit node 10
[*HUAWEI-route-policy] if-match as-path-filter 2
Related Topics

if-match community-filter

Function

The if-match community-filter command creates a matching rule based on the community filter.

The undo if-match community-filter command deletes the matching rule based on the specified community filter.

By default, no matching rule based on the community filter is configured.

Format

if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-comm-filter-num } &<1-16>

if-match community-filter comm-filter-name [ whole-match ]

undo if-match community-filter [ basic-comm-filter-num | adv-comm-filter-num ] &<1-16>

undo if-match community-filter [ comm-filter-name ]

Parameters

Parameter Description Value
basic-comm-filter-num Specifies the number of a basic community filter. The value is an integer ranging from 1 to 99.
adv-comm-filter-num Specifies the number of an advanced community filter. The value is an integer ranging from 100 to 199.
comm-filter-name Specifies the name of a community filter. The comm-filter-name must already exist.
whole-match Indicates complete matching. That is, all the communities in the command must be matched. Complete matching is valid only for the basic community filter. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The community attribute is a private attribute of BGP. The if-match community-filter command is applicable to only BGP routes. The ip community-filter command must be used to define a community filter so that the matching rule based on this community filter can take effect. For example:

  • If the if-match community-filter 1 command is used but community filter 1 is not configured, all routes are permitted, that is, all routes can match the matching rule.
  • If the if-match community-filter 1 command is used after the ip community-filter 1 permit 1:1 command is used, the BGP routes with the community attribute being 1:1 are permitted.

Multiple if-match community-filter clauses can be specified. The relationship between if-match community-filter clauses is "OR". The relationship between if-match clauses is "AND".

Prerequisites

Before using the if-match community-filter command, you must use the ip community-filter command to configure a community filter.

The if-match community-filter command can be used only after a routing policy is configured.

Precautions

The routing policy matches routes using the community filter. Routes that match the community filter will be checked by other if-match clauses of this node. Routes that do not match the community filter will be checked by the next node.

A maximum of 16 community filters can be configured in the if-match community-filter command.

The parameter whole-match is valid only for its front community filter number. If multiple community filters are specified in the if-match community-filter command and packets are required to completely match each filter, you need to specify the parameter whole-match behind each community filter and it is valid to only the basic community filter.

The name of a community filter cannot be all numerals.

Example

# Set a matching rule that is based on the community filter 1.

<HUAWEI> system-view
[~HUAWEI] ip community-filter 1 permit 100:200
[*HUAWEI] route-policy test permit node 10
[*HUAWEI-route-policy] if-match community-filter 1

# Set the complete matching rule for community attribute filters 1 and 2.

<HUAWEI> system-view
[~HUAWEI] route-policy test permit node 11
[*HUAWEI-route-policy] if-match community-filter 1 whole-match 2 whole-match

# Set a matching rule that is based on the community filter named aa.

<HUAWEI> system-view 
[~HUAWEI] route-policy test permit node 12 
[*HUAWEI-route-policy] if-match community-filter aa
Related Topics

if-match cost

Function

The if-match cost command creates a matching rule based on the route cost.

The undo if-match cost command deletes the matching rule based on the specified route cost.

By default, no matching rule based on the route cost is configured.

Format

if-match cost cost

undo if-match cost

Parameters

Parameter Description Value
cost Specifies the route cost. Route costs can be changed to prevent routing loops. The value is an integer ranging from 0 to 4294967295.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can use the if-match cost command to configure a node to filter routes based on the route cost. After such a filtering rule is configured, you can apply the apply clauses to change the attributes of the routes that match the filtering rule.

  • Run the route-policy command to enter the Route-policy view.
  • A route-policy may consist of multiple nodes. The relationship between the nodes is "OR". The system matches a route against the nodes in sequence. If the route matches a node, the route matches the route-policy, and the system no longer matches it against other nodes.
  • Each node comprises a set of if-match and apply clauses. The if-match clauses define the filtering rules that are used to match certain route attributes. The relationship among if-match clauses of the same node that are based on different route attributes is AND. A route matches a node only when the route matches all the filtering rules specified in the if-match clauses of the node. The apply clauses specify actions. The relationship among if-match clauses of the same node that are based on the same route attribute is OR. The system matches routes against the if-match clauses in order. If a route matches an if-match clause, the system no longer matches the route against the rest if-match clauses. For example, the if-match community-filter 1 and if-match as-path-filter 1 configurations in node 10 are based on different route attributes. Therefore, the relationship among if-match clauses of this node is AND. The if-match community-filter 1 and if-match community-filter 2 configurations in node 20 are both based on the community attribute. Therefore, the relationship among if-match clauses of this node is OR. The apply clauses specify actions. If a route matches a node, the apply clauses set some attributes for the route.

Prerequisites

The if-match cost command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on the route cost. Routes that match the route cost will be checked by other if-match clauses of this node. Routes that do not match the route cost will be checked by the next node.

Example

# Match the route with the cost 8.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match cost 8

if-match extcommunity-filter

Function

The if-match extcommunity-filter command sets a matching rule that is based on the extended community filter.

The undo if-match extcommunity-filter command deletes the matching rule based on the specified extended community filter.

By default, no matching rule based on the extended community filter is configured.

Format

if-match extcommunity-filter { { basic-extcomm-filter-num | adv-extcomm-filter-num } &<1-16> | extcomm-filter-name }

undo if-match extcommunity-filter [ [ basic-extcomm-filter-num | adv-extcomm-filter-num ] &<1-16> | extcomm-filter-name ]

Parameters

Parameter Description Value
basic-extcomm-filter-num Specifies the number of a basic extended community filter. It is an integer ranging from 1 to 199.
adv-extcomm-filter-num Specifies the number of an advanced extended community filter. It is an integer ranging from 200 to 399.
extcomm-filter-name Specifies the name of an extended community filter. The name of an extended community filter must already exist.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The extended community attributes help flexibly control the routing policy. You can use the if-match extcommunity-filter command to configure a node to filter routes based on the extended community filter.

The if-match extcommunity-filter command is applicable to only BGP routes and must work in conjunction with the ip extcommunity-filter command. For example:

  • If the if-match extcommunity-filter 1 command is used but the extended community filter 1 is not configured, all routes are permitted, that is, all routes can match the matching rule.
  • If the if-match extcommunity-filter 1 command is used after the ip extcommunity-filter 1 permit rt 1:1 command is used, the BGP routes with the extended community attribute being 1:1 are permitted.

Multiple if-match extcommunity-filter clauses can be specified. The relationship between if-match extcommunity-filter clauses is "OR". The relationship between if-match clauses is "AND".

Prerequisites

Before using the if-match extcommunity-filter command, you must use the ip extcommunity-filter command to configure an extended community filter.

Precautions

The routing policy matches routes using the extended community filter. Routes that match the extended community filter will be checked by other if-match clauses of this node. Routes that do not match the extended community filter will be checked by the next node.

A maximum of 16 extended community filters can be configured in the if-match extcommunity-filter command.

Example

# Define a rule to match the routes of the specified extended community filter.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match extcommunity-filter 100

if-match extcommunity-list soo

Function

The if-match extcommunity-list soo command sets a matching rule that is based on the Source of Origin (SoO) extended community filter.

The undo if-match extcommunity-list soo command cancels the configuration.

By default, no matching rule based on the SoO extended community filter is set.

Format

if-match extcommunity-list soo extcomm-filter-name

undo if-match extcommunity-list soo extcomm-filter-name

Parameters

Parameter Description Value
extcomm-filter-name Specifies the name of the SoO extended community filter. The name of the SoO extended community filter must already exist.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The extended community attributes help flexibly control the route-policy. You can use the if-match extcommunity-list soo command to configure a node to filter routes based on the SoO extended community filter.

  • Run the route-policy command to enter the route-policy view.
  • A Route-Policy may consist of multiple nodes. The relationship between the nodes is "OR". The system matches a route entry with the nodes in sequence. If the route entry matches a node, it indicates that the route passes the filtration and the system need not match the route entry with other nodes any more.
  • Each node comprises a set of if-match and apply clauses. if-match clauses define matching rules. The rules are used to match certain attributes of routing information. The relationship between if-match clauses of one node is "AND". A route entry passes the filtration only when it matches all the rules specified by the if-match clauses of the node. apply clauses are used to define actions. After the route entry passes the filtration, its attributes are changed according to the actions defined by the apply clauses.

The if-match extcommunity-list soo command is applicable to only BGP routes and must work in conjunction with the ip extcommunity-list soo command. For example:

  • If the if-match extcommunity-list soo basic aaa command is used but the extended community filter 1 is not configured, all routes are permitted, that is, all routes can match the matching rule.
  • If the if-match extcommunity-list soo basic aaa command is used after the ip extcommunity-list soo basic aaa permit 1.2.3.4:5 command is used, the BGP routes with the SoO extended community attribute being 1.2.3.4:5 are permitted.

Prerequisites

Before using the if-match extcommunity-list soo command, you must use the ip extcommunity-list soo command to configure an SoO extended community filter.

Configuration Impact

When you filter routes based on the SoO extended community attributes, the routes that match the matching rule are permitted and the routes that do not match the matching rule are denied.

Example

# Define a rule to match the routes of the specified SoO extended community filter.

<HUAWEI> system-view
[~HUAWEI] ip extcommunity-list soo basic aaa permit 1:1
[*HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match extcommunity-list soo aaa

if-match interface

Function

The if-match interface command creates a matching rule based on the outbound interface.

The undo if-match interface command deletes the matching rule based on the specified outbound interface.

By default, no matching rule based on the outbound interface is configured.

Format

if-match interface { interface-type interface-number } &<1-16>

undo if-match interface [ interface-type interface-number ] &<1-16>

Parameters

Parameter Description Value
interface-type interface-number Specifies the type and number of the outbound interface. A maximum of 16 outbound interfaces can be specified in the if-match interface command. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The if-match interface command is used to filter routes based on the outbound interfaces.

A maximum of 16 outbound interfaces can be configured in this command.

If a node contains multiple if-match interface clauses, the relationship between the if-match interface clauses is OR. If a node contains both if-match interface clauses and other if-match clauses with different matching rules, the relationship between the if-match interface clauses and other if-match clauses is AND. For example, if a node contains if-match interface 10ge1/0/1, if-match interface 10ge1/0/2, and if-match acl 2000 clauses, if-match interface 10ge1/0/1 and if-match interface 10ge1/0/2 are ORed, whereas if-match interface 10ge1/0/1 and if-match acl 2000 are ANDed.

Prerequisites

The if-match interface command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on outbound interface information. Routes that match the outbound interface information will be checked by other if-match clauses of this node. Routes that do not match the outbound interface information will be checked by the next node.

Example

# Define a rule to match the routes with the outbound interface VLANIF100.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match interface vlanif 100

if-match ip

Function

The if-match ip command creates a matching rule based on IP information.

The undo if-match ip command deletes the matching rule based on specified IP information.

By default, no matching rule based on IP information is configured.

Format

if-match ip { next-hop | route-source } { acl { acl-number | acl-name } | ip-prefix ip-prefix-name }

undo if-match ip { next-hop | route-source } [ acl { acl-number | acl-name } | ip-prefix ip-prefix-name ]

Parameters

Parameter Description Value
next-hop Specifies the next hop address. -
route-source Specifies the source address of routes. -
acl Indicates route filtering using the ACL. -
acl-number Specifies the number of a basic ACL. The value is an integer ranging from 2000 to 2999.
acl-name Specifies the name of a basic ACL. The name of a basic ACL must already exist.
ip-prefix ip-prefix-name Specifies the name of an IP prefix list that is used to filter routes. The name of an IP prefix list must already exist.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An ACL or IP prefix must be configured before running the if-match ip command so that the matching rule can take effect. For example:

  • If the if-match ip next-hop ip-prefix aa command is used but the IP prefix aa is not configured, all routes are permitted, that is, all routes match the matching rule. This rule also applies to ACL.

  • If the if-match ip next-hop ip-prefix aa and ip ip-prefix aa permit 10.1.1.1 32 commands are used, the routes with the next hop being 10.1.1.1 is permitted. This rule also applies to ACL.

Prerequisites

The if-match ip command can be used only after the route-policy command is used.

Before running the if-match ip command, configure an ACL or an IP prefix.

Precautions

The routing policy matches routes based on the next hop address or source address. Routes that match the next hop address or source address will be checked by other if-match clauses of this node. Routes that do not match the next hop address or source address will be checked by the next node.

If the next hop address or source address of a route is 0.0.0.0, the system considers the mask length of the route as 0 to match the filtering rules by default.

When you run the rule command to configure a filtering rule in a named ACL, only the source and time-range parameters are valid for the filtering rule.

Example

# Set an IP prefix list named p1 to filter routes.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match ip next-hop ip-prefix p1

# Set a rule that source addresses of routes match ACL 2000 to filter routes.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match ip route-source acl 2000

if-match ip-prefix

Function

The if-match ip-prefix command creates a matching rule based on the IP prefix list.

The undo if-match ip-prefix command deletes the matching rule based on the specified IP prefix list.

By default, no matching rule based on the IP prefix list is configured in the routing policy.

Format

if-match ip-prefix ip-prefix-name

undo if-match ip-prefix ip-prefix-name

Parameters

Parameter Description Value
ip-prefix-name Specifies the name of an IP address prefix list. The name is a string of 1 to 169 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The routing policy matches routes using the IP prefix list. Routes are either permitted or denied.

The ip ip-prefix command must be used so that the matching rule can take effect. For example:

  • If the if-match ip-prefix aa command is used but the IP prefix aa is not configured, all routes are permitted, that is, all routes match the matching rule.
  • If the if-match ip-prefix aa and ip ip-prefix aa permit 10.1.1.1 32 commands are used, the routes with the IP prefix being 10.1.1.1 and mask being 32 are permitted.

Prerequisites

The if-match ip-prefix command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on IP prefix information. Routes that match the IP prefix information will be checked by other if-match clauses of this node. Routes that do not match the IP prefix information will be checked by the next node.

The if-match acl and if-match ip-prefix commands cannot be used together in the same node of a routing policy, because the latest configuration will override the previous one.

Example

# Set an IP prefix list named p1 to filter routes.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match ip-prefix p1

if-match ipv6

Function

The if-match ipv6 command sets a matching rule that is based on IPv6 information.

The undo if-match ipv6 command deletes the matching rule based on specified IPv6 information.

By default, no matching rule based on IPv6 information is set.

Format

if-match ipv6 { address | next-hop | route-source } { acl { acl-number | acl-name } | prefix-list ipv6-prefix-name }

undo if-match ipv6 { address | next-hop | route-source } [ acl { acl-number | acl-name } | prefix-list ipv6-prefix-name ]

Parameters

Parameter Description Value
address Matches the destination address of IPv6 routes. -
next-hop Matches the next hop of IPv6 routes. -
route-source Matches the source address of the advertised IPv6 routes. -
acl Specifies the ACL for route filtering. -
acl-number Specifies the number of a basic ACL. The value is an integer ranging from 2000 to 2999.
acl-name Specifies the name of a basic ACL. The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).
prefix-list Specifies the IP prefix list. -
ipv6-prefix-name Specifies the name of the IPv6 prefix list. The name is a string of 1 to 169 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The matching rule (based on the destination addresses, next hop addresses, or source addresses of IPv6 routes) configured through this command takes effect only after an IPv6 prefix or an ACL is configured.
  • If the if-match ipv6 next-hop prefix-list aa command is used but the ip ipv6-prefix aa is not configured, all routes are permitted. This is the same case when the ACL is used.

  • If the if-match ipv6 next-hop prefix-list aa command is used after the ip ipv6-prefix aa permit fc00:0:0:1::1 128 command is used, the routes with the next hop address being FC00:0:0:1::1 are permitted. This is the same case when the ACL is used.

Prerequisites

The if-match ipv6 command can be used only after the route-policy command is used.

Before using the if-match ipv6 command, you must use the ip ipv6-prefix command to configure an IPv6 prefix.

Configuration Impact

When you filter routes based on the destination addresses, next hop addresses, or source addresses of IPv6 routes, the routes that match the matching rule are permitted and the routes that do not match the matching rule are denied.

If the next hop address or source address of a route to be filtered is 0::0, by default, the system matches the route considering that its mask length is 0.

For a named ACL, when the rule command is used to configure a filtering rule, the filtering rule is effective only with the source address range that is specified by the source parameter and with the time period that is specified by the time-range parameter.

Example

# Define an if-match clause to match the related IPv6 routing information.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match ipv6 address prefix-list p1
[*HUAWEI-route-policy] if-match ipv6 next-hop prefix-list p1
[*HUAWEI-route-policy] if-match ipv6 route-source prefix-list p1

# Define a rule to match the routes with the IPv6 routing information in ACL 2000.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match ipv6 address acl 2000
[*HUAWEI-route-policy] if-match ipv6 next-hop acl 2000
[*HUAWEI-route-policy] if-match ipv6 route-source acl 2000

if-match mpls-label

Function

The if-match mpls-label command creates a matching rule based on the MPLS label.

The undo if-match mpls-label command deletes the matching rule based on the specified MPLS label.

By default, no matching rule based on the MPLS label is configured.

Format

if-match mpls-label

undo if-match mpls-label

Parameters

None

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In the scenario where inter-AS VPN Option C or Carrier Support Carrier (CSC) is deployed, you can use the if-match mpls-label command to allocate labels to public routes.

Prerequisites

The if-match mpls-label command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on the MPLS label. Routes that match the MPLS label will be checked by other if-match clauses of this node. Routes that do not match the MPLS label will be checked by the next node.

Example

# Assign MPLS labels to the routes that match the routing policy.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match mpls-label
Related Topics

if-match rd-filter

Function

The if-match rd-filter command creates a matching rule based on the RD filter.

The undo if-match rd-filter command deletes the matching rule based on the specified RD filter.

By default, no matching rule based on the RD filter is configured.

Format

if-match rd-filter rd-filter-number

undo if-match rd-filter

NOTE:

CE6810LI does not support this command.

Parameters

Parameter Description Value
rd-filter-number Specifies the number of an RD filter. The value is an integer ranging from 1 to 199.

Views

Route-policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The if-match rd-filter command and the ip rd-filter command work together to filter routes based on RD attributes. For example:

  • If if-match rd-filter 1 is configured, but rd-filter 1 is not configured, then all current routes will be permitted.

  • If if-match rd-filter 1 is configured, and ip rd-filter 1 permit 1:1 has been configured, then routes with RD 1:1 will be permitted.

Prerequisites

The if-match rd-filter command must be run after the route-policy command is run.

Precautions

The routing policy matches routes using the RD filter. Routes that match the RD filter will be checked by other if-match clauses of this node. Routes that do not match the RD filter will be checked by the next node.

Example

# Define a matching rule to match an RD filter.

<HUAWEI> system-view
[~HUAWEI] route-policy abc permit node 10
[*HUAWEI-route-policy] if-match rd-filter 1

if-match route-type

Function

The if-match route-type command sets a matching rule that is based on the route type.

The undo if-match route-type command deletes the matching rule based on the specified route type.

By default, no matching rule based on the route type is configured.

Format

if-match route-type { external-type1 | external-type1or2 | external-type2 | internal | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 | ibgp | ebgp }

undo if-match route-type { external-type1 | external-type1or2 | external-type2 | internal | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 | ibgp | ebgp }

Parameters

Parameter Description Value
external-type1 Indicates OSPF external Type 1 routes. -
external-type1or2 Indicates OSPF external routes. -
external-type2 Indicates OSPF external Type 2 routes. -
internal Indicates internal routes, including OSPF inter-area routes and intra-area routes. -
is-is-level-1 Indicates IS-IS Level-1 routes. -
is-is-level-2 Indicates IS-IS Level-2 routes. -
nssa-external-type1 Indicates NSSA external Type 1 routes. -
nssa-external-type1or2 Indicates NSSA external routes. -
nssa-external-type2 Indicates NSSA external Type 2 routes. -
ibgp Internal Border Gateway Protocol. -
ebgp External Border Gateway Protocol. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match route-type command to filter OSPF or IS-IS routes based on the route type.

Multiple if-match route-type clauses can be specified. The relationship between if-match route-type clauses is "OR". The relationship between if-match clauses is "AND".

Prerequisites

The if-match route-type command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on the route type. Routes that match the route type will be checked by other if-match clauses of this node. Routes that do not match the route type will be checked by the next node.

For the same node in a routing policy, if two if-match route-type clauses are the same, the latter if-match route-type will not override the previous if-match route-type. After the latter clause is configured, both clauses take effect simultaneously. The relationship between if-match route-type clauses is "OR". That is, the actions defined by apply clauses can be performed on a route as long as the route meets one of the matching rules. For example, if both the if-match route-type is-is-level-1 and if-match route-type external-type1or2 commands are configured on the same node of a route policy, both IS-IS Level-1 routes and OSPF external routes can match the route policy.

NOTE:

external-type1or2 refers to external-type1 or external-type2. For the same node in a route policy, configuring both the if-match route-type external-type1 and if-match route-type external-type2 is equivalent to configuring the if-match route-type external-type1or2 command. The two operations generate the same configuration file.

Similarly, nssa-external-type1or2 refers to nssa-external-type1 or nssa-external-type2. For the same node in a route policy, configuring both the if-match route-type nssa-external-type1 and if-match route-type nssa-external-type2 commands is equivalent to configuring the if-match route-type nssa-external-type1or2 command. The two operations generate the same configuration file.

Example

# Define a rule to match the routes of the specified type.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match route-type nssa-external-type1

if-match tag

Function

The if-match tag command sets a matching rule that is based on the route tag.

The undo if-match tag command deletes the matching rule based on the specified route tag.

By default, no matching rule based on the route tag is configured.

Format

if-match tag tag

undo if-match tag

Parameters

Parameter Description Value
tag Indicates the tag value.

Route tags classify routes as required. The same type of routes has the same tags. Routes are managed and controlled based on the tag by using the routing policy.

The value is an integer ranging from 0 to 4294967295.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match tag command to filter routes based on the tags.

Prerequisites

The if-match tag command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on the route tag. Routes that match the route tag will be checked by other if-match clauses of this node. Routes that do not match the route tag will be checked by the next node.

Example

# Define a rule to match the OSPF routes with the tag value 8.

<HUAWEI> system-view
[~HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match tag 8

ip as-path-filter

Function

The ip as-path-filter command creates an AS_Path filter.

The undo ip as-path-filter command deletes a specified AS_Path filter.

By default, no AS_Path filter is configured.

Format

ip as-path-filter { as-path-filter-number | as-path-filter-name } [ index index-number ] { deny | permit } regular-expression

undo ip as-path-filter { as-path-filter-number | as-path-filter-name } [ index index-number ] [ { deny | permit } regular-expression ]

Parameters

Parameter Description Value
as-path-filter-number Specifies the number of an AS_Path filter. The value is an integer ranging from 1 to 256.
as-path-filter-name Specifies the name of an AS_Path filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The string cannot be all numerals. When double quotation marks are used around the string, spaces are allowed in the string.
index index-number Specifies the sequence number of an AS_Path filter. The value is an integer ranging from 1 to 4294967295.
deny Sets the matching mode of the AS_Path filter to deny. -
permit Sets the matching mode of the AS_Path filter to permit. -
regular-expression Specifies the AS_Path regular expression. For details about a regular expression, see "CLI Overview" in CloudEngine 8800, 7800, 6800, and 5800 Seriesswitch - Configuration Guide - Basic Configuration. The value is a string of 1 to 1024 characters, with spaces supported.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An AS_Path filter uses the regular expression to define matching rules. After an AS_Path filter is set, the RM module immediately instructs each protocol to apply the filter by default.

The AS_Path attribute is a private attribute of BGP, and is used to filter BGP routes.

  • The filter can be directly applied by using a command such as peer as-path-filter.

  • The filter can be used as a matching condition of a routing policy by using a command such as if-match as-path-filter zz.

The relationship between ip as-path-filter commands with the same AS_Path filter number specified is "OR".

Configuration Impact

Multiple rules (permit or deny) can be specified in a filter.

By default, AS_Path filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter.

Follow-up Procedure

To view detailed configurations of the AS_Path filter, run the display ip as-path-filter command.

Example

# Create the AS_Path filter with the sequence number being 1, and permit routes that begin with 10 in the AS_Path to pass.

<HUAWEI> system-view
[~HUAWEI] ip as-path-filter 1 permit ^10_

# Create the AS_Path filter 2, and permit routes that contain 20 in the AS_Path to pass through.

<HUAWEI> system-view
[~HUAWEI] ip as-path-filter 2 permit _20_

# Create the AS_Path filter 3, and prohibit routes that contain 30 in the AS_Path from passing through.

<HUAWEI> system-view
[~HUAWEI] ip as-path-filter 3 deny _30_
[*HUAWEI] ip as-path-filter 3 permit .*

ip community-filter

Function

The ip community-filter command creates a community filter.

The undo ip community-filter command deletes a community filter.

By default, no community filter is configured.

Format

ip community-filter { basic comm-filter-name | basic-comm-filter-num } [ index index-number ] { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>

ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ index index-number ] { permit | deny } regular-expression

undo ip community-filter { basic comm-filter-name | basic-comm-filter-num } [ index index-number ] [ permit | deny ] [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>

undo ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ index index-number ] { permit | deny } regular-expression

Parameters

Parameter Description Value
basic comm-filter-name Specifies the name of a basic community filter. The value is a string of 1 to 51 case-sensitive characters. The string cannot be all digits.
NOTE:
When double quotation marks are used around the string, spaces are allowed in the string.
basic-comm-filter-num Specifies the number of a basic community filter. The value is an integer ranging from 1 to 99.
index index-number Specifies the sequence number of an AS_Path filter. The value is an integer ranging from 1 to 4294967295.
deny Sets the matching mode of the community filter to deny. -
permit Sets the matching mode of the community filter to permit. -
community-number Specifies the community number. The value is an integer ranging from 0 to 4294967295.
aa:nn Specifies the community number.
You can configure a maximum of 20 community numbers once.
  • If you do not configure any one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 20 community-number and aa:nn together.
  • If you configure one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 19 community-number and aa:nn together.
  • If you configure two of internet, no-export-subconfed, no-advertise, and no-export, you can specify 18 community-number and aa:nn together.
  • If you configure three of internet, no-export-subconfed, no-advertise, and no-export, you can specify 17 community-number and aa:nn together.
  • If you configure all of internet, no-export-subconfed, no-advertise, and no-export, you can specify 16 community-number and aa:nn together.
aa and nn are integers ranging from 0 to 65535.
internet Indicates that the matching routes can be sent to any peer. -
no-export-subconfed Indicates that routes are not advertised outside an AS. If an AS confederation is used, routes are not advertised to any other sub-ASs in the AS confederation. -
no-advertise Indicates that routes are not advertised to other peers. -
no-export Indicates that routes are not advertised outside an AS. If an AS confederation is used, routes are not advertised outside the AS confederation, but to other sub-ASs. -
advanced comm-filter-name Specifies the name of an advanced community filter. The value is a string of 1 to 51 case-sensitive characters. The string cannot be all digits.
NOTE:
When double quotation marks are used around the string, spaces are allowed in the string.
adv-comm-filter-num Specifies the number of an advanced community filter. The value is an integer ranging from 100 to 199.
regular-expression Specifies the regular expression used to match the community information. For details about a regular expression, see "CLI Overview" in CloudEngine 8800, 7800, 6800, and 5800 Seriesswitch - Configuration Guide - Basic Configuration. The value is a string of 1 to 1024 case-sensitive characters, with spaces supported.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The community attribute is a private attribute of BGP, and can be used only to filter BGP routes. The community attribute can be used as a matching rule of a routing policy by using the ip community-filter and if-match community-filter commands together.

The relationship between ip community-filter commands with the same community filter number specified is "AND".

Precautions

Only the community number or known community attribute can be specified for a basic community filter. The regular expression can be used as a matching rule in an advanced community filter.

  • The ip community-filter basic comm-filter-name command or the ip community-filter basic-comm-filter-num command can be used to configure a basic community filter. basic comm-filter-name specifies the name of a basic community filter, and the name cannot be all digits. A maximum of 20 community numbers can be configured in one command. basic-comm-filter-num specifies only the basic community filter with the number ranging from 1 to 99. A maximum of 20 community numbers can be configured in one command.

  • The ip community-filter advanced comm-filter-name command or the ip community-filter adv-comm-filter-num command can be used to configure an advanced community filter. advanced comm-filter-name specifies the name of an advanced community filter, and the name cannot be all digits. adv-comm-filter-num specifies only the advanced community filter with the number ranging from 100 to 199.

The relationship between the rules of the community filter is "AND". This is different from the RD filter. This is because each route has only one RD but can have multiple communities.

For example, the community filters in the following formats have different matching results:

Format 1:
ip community-filter 1 permit 100:1 200:1 300:1
Format 2:
ip community-filter 1 permit 100:1
ip community-filter 1 permit 200:1 300:1

In the preceding configuration of the community filter, the community defined in each rule must be a sub-set of route communities so that the rule can be matched.

The RD filters in the following formats have the same matching results:

Format 1:
ip rd-filter 100 permit 100:1 200:1 2.2.2.2:1 3.3.3.3:1
Format 2:
ip rd-filter 100 permit 100:1 200:1
ip rd-filter 100 permit 2.2.2.2:1
ip rd-filter 100 permit 3.3.3.3:1

The apply comm-filter delete command run in the Route-Policy view deletes the specified community attribute from routes. An ip community-filter command can be used to specify community attributes but one such command specifies only one community attribute each time. To delete more than one community attribute, run the ip community-filter command multiple times. If multiple community attributes are specified in one filter, none of them can be deleted. For information about examples, see apply comm-filter delete.

Follow-up Procedure

Run the display ip community-filter command to view detailed configuration for the community filter.

Example

# Configure a basic community filter of which the sequence number is 1.

<HUAWEI> system-view
[~HUAWEI] ip community-filter 1 deny internet

# Configure an advanced community filter of which the sequence number is 100.

<HUAWEI> system-view
[~HUAWEI] ip community-filter 100 permit ^10

ip extcommunity-filter

Function

The ip extcommunity-filter command creates an extended community filter.

The undo ip extcommunity-filter command deletes an extended community filter.

By default, no extended community filter is configured.

Format

ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } [ index index-number ] { deny | permit } { rt { as-number:nn | ipv4-address:nn } } &<1-16>

ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } [ index index-number ] { deny | permit } regular-expression

undo ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } [ index index-number ] [ { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16> ]

undo ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } [ index index-number ] [ regular-expression ]

Parameters

Parameter Description Value
index index-number Specifies the sequence number of an AS_Path filter. The value is an integer ranging from 1 to 4294967295.
deny Sets the matching mode of the extended community filter to deny. -
permit Sets the matching mode of the extended community filter to permit. -
rt Sets the extended community filter type to RT. -
as-number Specifies the AS number. The value is an integer ranging from 0 to 65535.
4as-number Specifies a 4-byte AS number.
A 4-byte AS number is divided into the following types:
  • It is an integer ranging from 65536 to 4294967295.
  • It is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively
ipv4-address Specifies an IPv4 address. The value is in dotted decimal notation.
nn Specifies an integer.
  • When the value of as-number is a 2-byte AS number, the value of nn ranges from 0 to 4294967295.
  • When the value of 4as-number is a 4-byte AS number, the value of nn ranges from 0 to 65535.
  • For ipv4-address, the value of nn ranges from 0 to 65535.
basic-extcomm-filter-num Specifies the number of a basic extended community filter. The value is an integer ranging from 1 to 199.
basic basic-extcomm-filter-name Specifies the name of a basic extended community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The value cannot contain only numerals. When double quotation marks are used around the string, spaces are allowed in the string.
advanced-extcomm-filter-num Specifies the number of an advanced extended community filter. The value is an integer ranging from 200 to 399.
advanced advanced-extcomm-filter-name Specifies the name of an advanced extended community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The value cannot contain only numerals. When double quotation marks are used around the string, spaces are allowed in the string.
regular-expression Specifies the regular expression used to match the extended community information. For details about a regular expression, see "CLI Overview" in CloudEngine 8800, 7800, 6800, and 5800 Seriesswitch - Configuration Guide - Basic Configuration. It is a string of 1 to 1024 space-tolerant characters.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The extended community attribute is a private attribute of BGP, and can be used only to filter BGP routes. The extended community attribute can be used as a matching rule of a routing policy by using the ip extcommunity-filter and if-match extcommunity-filter commands together. Currently, only the RT extended community attribute is supported.

The relationship between ip extcommunity-filter commands with the same extended community filter number specified is "AND".

Run the display ip extcommunity-filter command to view detailed configuration for the extended community filter.

Example

# Configure an RT extended community filter of which the sequence number is 1.

<HUAWEI> system-view
[~HUAWEI] ip extcommunity-filter 1 deny rt 200:200

ip extcommunity-list soo

Function

The ip extcommunity-list soo command configures a Source of Origin (SoO) extended community filter.

The undo ip extcommunity-list soo command deletes a specified SoO extended community filter.

By default, no SoO extended community filter is configured.

Format

ip extcommunity-list soo basic basic-extcomm-filter-name [ index index-number ] { permit | deny } { site-of-origin }&<1-16>

ip extcommunity-list soo advanced advanced-extcomm-filter-name [ index index-number ] { permit | deny } regular-expression

undo ip extcommunity-list soo basic basic-extcomm-filter-name [ index index-number ]

undo ip extcommunity-list soo advanced advanced-extcomm-filter-name [ index index-number ]

Parameters

Parameter Description Value
basic basic-extcomm-filter-name Specifies the name of the basic SoO extended community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The string cannot be all numbers. When double quotation marks are used around the string, spaces are allowed in the string.
index index-number Specifies the sequence number of an SoO extended community filter. The value is an integer ranging from 1 to 4294967295.
permit Sets the matching mode of the SoO extended community filter to permit. -
deny Indicates the matching mode of the SoO extended community filter is "deny". -
advanced advanced-extcomm-filter-name Specifies the name of the advanced SoO extended community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The string cannot be all numbers. When double quotation marks are used around the string, spaces are allowed in the string.
site-of-origin Specifies the SoO extended community.

The SoO attribute is a BGP extended community attribute and can be expressed in any of the following formats:

  • 2-byte AS number:4-byte user-defined number, for example, 1:3 The AS number ranges from 0 to 65535, and the user-defined number ranges from 0 to 4294967295. The AS number and user-defined number cannot both be set to 0. This means that the value of the SoO attribute cannot be 0:0.

  • IPv4-address:2-byte user-defined number, for example, 192.168.122.15:1 The IP address ranges from 0.0.0.0 to 255.255.255.255, and the user-defined number ranges from 0 to 65535.

  • Integral 4-byte AS number:2-byte user-defined number, for example, 0:3 or 65537:3. An AS number ranges from 65536 to 4294967295. A user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s. That is, the value of the SoO attribute cannot be 0:0.

  • 4-byte AS number in dotted notation:2-byte user-defined number, for example, 0.0:3 or 0.1:0. A 4-byte AS number in dotted notation is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively. A user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s. That is, the value of the SoO attribute cannot be 0.0:0.

regular-expression Specifies the regular expression matched the SoO extended community. It is a string of 1 to 1024 space-tolerant characters.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

SoO records the BGP route originator, and the ip extcommunity-list soo command is used to configure an SoO extended community filter so that BGP routes carrying SoO can be filtered.

An SoO extended community filter can be used as a matching condition of a route-policy by using a command such as if-match extcommunity-list soo aaa.

Only the extended community number can be specified for a basic SoO extended community filter. The regular expression can be used as a matching rule in an advanced SoO extended community filter.

The relationship between the rules of the SoO extended community filter is "AND".

For example, the SoO extended community filters in the following formats have different matching results:

Format 1:

ip extcommunity-list soo basic aaa permit 100:1 200:1 300:1

Format 2:

ip extcommunity-list soo basic aaa permit 100:1
ip extcommunity-list soo basic aaa permit 200:1 300:1

In the preceding configuration of the extended community filter, the extended community defined in each rule must be a sub-set of route extended communities so that the rule can be matched.

The undo ip extcommunity-list soo command is used to delete a specified SoO extended community filter.

The display ip extcommunity-list soo command is used to display the detailed configurations of the SoO extended community filter.

Precautions

The extended community attributes of a route include VPN-target and SoO. The ip extcommunity-list soo command adds an SoO extended community filter.

Example

# Configure SoO extended community filter aaa with SoO being configured.

<HUAWEI> system-view
[~HUAWEI] ip extcommunity-list soo basic aaa permit 1.2.3.4:5

ip ip-prefix

Function

The ip ip-prefix command creates an IPv4 prefix list or an entry in an IPv4 prefix list.

The undo ip ip-prefix command deletes an IPv4 prefix list or an entry from an IPv4 prefix list.

By default, no IPv4 prefix list is created.

Format

ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ipv4-address mask-length [ match-network ] [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

undo ip ip-prefix ip-prefix-name [ index index-number ]

ip ip-prefix ip-prefix-name description text

undo ip ip-prefix ip-prefix-name description [ text ]

Parameters

Parameter Description Value
ip-prefix-name Specifies the name of an IPv4 prefix list. The name is a string of 1 to 169 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.
index index-number Specifies the sequence number of an entry in the IPv4 prefix list. The value is an integer that ranges from 1 to 4294967295. By default, the sequence number increases by 10 according to the configuration order, and the first sequence number is 10.
NOTE:

A maximum of 100000 entries can be configured in an IP prefix list.

permit Specifies the matching mode of the IP prefix list as permit. In permit mode, if the IP address to be filtered is within the defined prefix range, the IP address matches the routing policy and does not continue to match the next entry. Otherwise, the IP address continues to match the next entry. -
deny Specifies the matching mode of the IP prefix list as deny. In deny mode, if the IP address to be filtered is within the defined prefix range, the IP address fails to match the routing policy and cannot match the next entry. Otherwise, the IP address continues to match the next entry. -
ipv4-address Specifies an IP address. The value is in dotted decimal notation.
mask-length Specifies the mask length. The value is an integer that ranges from 0 to 32.
match-network Matches the network address. match-network is used to filter routes to a specified IP address and can be configured only when ipv4-address is 0.0.0.0. For example, the ip ip-prefix prefix1 permit 0.0.0.0 8 command filters all routes with mask length 8, while the ip ip-prefix prefix1 permit 0.0.0.0 8 match-network command filters all routes to the IP address range from 0.0.0.1 to 0.255.255.255. -
greater-equal greater-equal-value Specifies the lower threshold of the mask length. If greater-equal greater-equal-value and less-equal less-equal-value are not specified, the value of mask-length is the mask length.

greater-equal-value must meet the following requirement: mask-lengthgreater-equal-valueless-equal-value ≤ 32.

If greater-equal is configured, the mask ranges from greater-equal-value to 32.

less-equal less-equal-value Specifies the upper threshold of the mask length. If greater-equal greater-equal-value and less-equal less-equal-value are not specified, the value of mask-length is the mask length.

less-equal-value must meet the following requirement: mask-lengthgreater-equal-valueless-equal-value ≤ 32.

If less-equal is configured, the mask ranges from mask-length to less-equal-value.

description text Specifies the description of the IP prefix list. The value is a string of 1 to 80 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The ip ip-prefix command is used to configure an IPv4 prefix list. An IP prefix can be used as a filter by various protocols or used together with a routing policy.

An IP prefix list can contain multiple entries with each entry specifying an IP prefix range. The relationship between the entries is "OR". That is, if a route matches one entry, the route matches the IP prefix list; if a route does not match any entry, the route fails to match the IP prefix list.

An IP prefix range is determined by mask-length and [greater-equal-value, less-equal-value]. If mask-length and [greater-equal-value, less-equal-value] are specified, an IP address must match the specified prefix range.

When the value of ipv4-address is 0.0.0.0, a wildcard address, all routes within the mask length range are permitted or denied no matter what value the mask length is specified as.

For example, the five routes to 10.1.1.0/24, 10.1.1.1/32, 10.1.1.0/26, 10.2.2.0/24, and 10.1.0.0/16 are filtered based on different IP prefix lists, and the results are different.
  • Single-Node Matching

    • Case 1:

      ip ip-prefix aa index 10 permit 10.1.1.0 24

      Matching result: The route 10.1.1.0/24 is permitted, and the other routes are denied.

      Note: This is a single-node accurate matching case, which indicates that only the route whose destination IP address and mask are the same as those specified by the IP prefix meets the matching conditions. In this case, permit is configured as the matching mode. Therefore, the route 10.1.1.0/24 is permitted, and the other routes are denied because they do not meet the matching conditions.

    • Case 2:

      ip ip-prefix aa index 10 deny 10.1.1.0 24

      Matching result: All routes are denied.

      Note: This is a single-node accurate matching case, which indicates that only the route whose destination IP address and mask are the same as those specified by the IP prefix meets the matching conditions. In this case, deny is configured as the matching mode. Therefore, all routes are denied, regardless of whether they meet the matching conditions.

  • Multi-Node Matching

    • Case 1:

      ip ip-prefix aa index 10 deny 10.1.1.0 24
      ip ip-prefix aa index 20 permit 10.1.1.1 32

      Matching result: The route 10.1.1.0/24 is denied; the route 10.1.1.1/32 is permitted; the other routes are denied.

      Note: This is a multi-node accurate matching case.
      • When the route 10.1.1.0/24 is matching node 10 (node with the index 10), it meets the matching conditions but is denied because the matching mode is deny.
      • When the route 10.1.1.1/32 is matching node 10, it does not meet the matching conditions and continues to match node 20 (node with the index 20). Because this route matches the matching conditions of node 20, and the matching mode of node 20 is permit, this route is permitted.
      • Other routes do not meet the matching conditions of nodes 10 and 20, and these routes are denied by default.
    • Case 2:

      ip ip-prefix aa index 10 permit 10.1.1.0 24 less-equal 32

      Configuration result: greater-equal-value is 24, and less-equal-value is 32.

      Matching result: The routes 10.1.1.0/24, 10.1.1.1/32, and 10.1.1.0/26 are permitted, and the other routes are denied.

      When configuring greater-equal and less-equal, ensure that their values meet the requirement: mask-lengthgreater-equal-valueless-equal-value. Otherwise, the configuration fails.

    • Case 3:

      ip ip-prefix aa index 10 permit 10.1.1.0 24 greater-equal 26

      Configuration result: greater-equal-value is 26, and less-equal-value is 32.

      Matching result: The routes 10.1.1.1/32 and 10.1.1.0/26 are permitted, and the other routes are denied.

    • Case 4:

      ip ip-prefix aa index 10 permit 10.1.1.0 24 greater-equal 26 less-equal 32

      Configuration result: greater-equal-value is 26, and less-equal-value is 32.

      Matching result: The routes 10.1.1.1/32 and 10.1.1.0/26 are permitted, and the other routes are denied.

  • Wildcard-Address Matching

    • Case 1:

      ip ip-prefix aa index 10 permit 0.0.0.0 8 less-equal 32

      Configuration result: greater-equal-value is 8, and less-equal-value is 32. Because the address 0.0.0.0 is a wildcard address, routes with the mask length ranging from 8 to 32 bits meet the matching conditions.

      Matching result: Routes with the mask length ranging from 8 to 32 bits are all permitted.

    • Case 2:

      ip ip-prefix aa index 10 deny 0.0.0.0 24 less-equal 32
      ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32

      Configuration result: For node 10, greater-equal-value is 24, and less-equal-value is 32. Because the address 0.0.0.0 is a wildcard address, routes with the mask length ranging from 24 to 32 bits are all denied. For node 20, greater-equal-value is 0, and less-equal-value is 32. Because the address 0.0.0.0 is a wildcard address, all routes except the routes with the mask length ranging from 24 to 32 bits are permitted.

      Matching result: The route 10.1.0.0/16 is permitted, and the other routes are denied.

    • Case 3:

      ip ip-prefix aa index 10 deny 10.2.2.0 24
      ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32

      Configuration result: For node 10, the route 10.2.2.0/24, which meets the matching conditions, is denied. For node 20, the other routes are all permitted.

      Matching result: All routes except the route 10.2.2.0/24 are permitted.

Example

# Configure the IP prefix list named p1 to permit only the routes with the mask length ranging from 17 to 18 on the network segment 10.0.0.0/8.

<HUAWEI> system-view
[~HUAWEI] ip ip-prefix p1 permit 10.0.0.0 8 greater-equal 17 less-equal 18

ip ipv6-prefix

Function

The ip ipv6-prefix command configures an IPv6 prefix list or an entry in an IPv6 prefix list.

The undo ip ipv6-prefix command deletes an IPv6 prefix list or an entry from an IPv6 prefix list.

By default, no IPv6 prefix list is created.

Format

ip ipv6-prefix ipv6-prefix-name [ index index-number ] { deny | permit } ipv6-address prefix-length [ match-network ] [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

undo ip ipv6-prefix ipv6-prefix-name [ index index-number ]

ip ipv6-prefix ipv6-prefix-name description text

undo ip ipv6-prefix ipv6-prefix-name description [ text ]

Parameters

Parameter Description Value
ipv6-prefix-name Specifies the name of an IPv6 prefix list. The name is a string of 1 to 169 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.
index index-number Specifies the sequence number of an entry in the IPv6 prefix list. The value is an integer that ranges from 1 to 4294967295. By default, the sequence number increases by 10 according to the configuration order, and the first sequence number is 10.
NOTE:

A maximum of 100000 entries can be configured in an IPv6 prefix list.

permit Specifies the matching mode of the IPv6 prefix list as permit. In permit mode, if the IPv6 address to be filtered is within the defined prefix range, the IPv6 address matches the routing policy and does not continue to match the next entry. Otherwise, the IPv6 address continues to match the next entry. -
deny Specifies the matching mode of the IPv6 prefix list as deny. In deny mode, if the IPv6 address to be filtered is within the defined prefix range, the IPv6 address fails to match the routing policy and cannot match the next entry. Otherwise, the IPv6 address continues to match the next entry. -
ipv6-address Specifies the IPv6 prefix range in the form of an IPv6 address. If :: is specified, the address 0::0 is matched. -
prefix-length Specifies the IPv6 prefix range using the mask length. The value is an integer that ranges from 0 to 128. If ::0 less-equal 128 is used, all IPv6 addresses are matched.
match-network Matches the network address. match-network is used to filter routes to a specified IPv6 address and can be configured only when ipv6-address is 0.0.0.0. For example, the ip ipv6-prefix prefix1 permit :: 96 command filters all IPv6 routes with mask length 96, while the ip ipv6-prefix prefix1 permit :: 96 match-network command filters all routes to the IPv6 address range from ::1 to ::FFFF:FFFF. -
greater-equal greater-equal-value Specifies the lower threshold of the mask length. greater-equal-value must meet the following requirement: prefix-lengthgreater-equal-valueless-equal-value ≤ 128.
less-equal less-equal-value Specifies the upper threshold of the mask length. less-equal-value must meet the following requirement: prefix-lengthgreater-equal-valueless-equal-value ≤ 128.
description text

Specifies the description of the IPv6 prefix list.

The value is a string of 1 to 80 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

An IPv6 prefix list is used to filter IPv6 addresses. An IPv6 prefix list may contain multiple entries with each entry specifying an IPv6 prefix range. The relationship between the entries is "OR". That is, if a route matches one entry, the route matches the IPv6 prefix list; if a route does not match any entry, the route fails to match the IPv6 prefix list.

NOTE:

On the CE8800, CE7800, CE6800, and CE5800 series switches, all unmatched routes are filtered by default. If all entries are in deny mode, all routes are filtered. It is recommended to define a permit :: 0 less-equal 128 entry after multiple entries in deny mode to permit all the other IPv6 routes.

Example

# Permit the routes with the mask length ranging from 32 to 64 bits.

<HUAWEI> system-view
[~HUAWEI] ip ipv6-prefix abc permit :: 0 greater-equal 32 less-equal 64

# Deny the routes with the IP prefix FC00:0:0:D00::/32 and with the prefix longer than 32 bits, and permit the other IPv6 routes.

<HUAWEI> system-view
[~HUAWEI] ip ipv6-prefix abc deny fc00:0:0:d00:: 32 less-equal 128
[*HUAWEI] ip ipv6-prefix abc permit :: 0 less-equal 128

ip rd-filter

Function

The ip rd-filter command creates an RD filter.

The undo ip rd-filter command deletes an RD filter.

By default, no RD filter is configured.

Format

ip rd-filter rd-filter-number [ index index-number ] { deny | permit } route-distinguisher &<1-10>

undo ip rd-filter rd-filter-number [ index index-number ] [ { deny | permit } route-distinguisher &<1-10> ]

NOTE:

The CE6810LI does not support this command.

Parameters

Parameter Description Value
rd-filter-number Specifies the number of an RD filter. The value is an integer ranging from 1 to 199.
index index-number Specifies the sequence number of an entry in the IPv4 prefix list. The value is an integer that ranges from 1 to 4294967295. By default, the sequence number increases by 10 according to the configuration order, and the first sequence number is 10.
permit Permits a route to match the rules if its RD matches the rules. -
deny Denied a route to match the rules if its RD matches the rules. -
route-distinguisher Specifies the RD to aa:nn or ipv4-address:nn. You can set a maximum of 10 RDs.

The device supports RDs in the following formats:

  • ipv4-address:nn, such as 10.1.1.1:200

  • aa:nn, such as 100:1

  • aa.aa:nn, such as 100.100:1

  • ipv4-address:* in the wildcard format, such as 10.1.1.1:*, indicating that the RD begins with 10.1.1.1

  • aa:* in the wildcard format, such as 100:*, indicating that the RD begins with 100

  • aa.aa:* in the wildcard format, such as 100.100:*, indicating that the RD begins with 100.100

  • The IPv4 address is in dotted decimal notation.
  • The nn in ipv4-address:nn is an integer ranging from 0 to 65535.
  • In aa:nn, the aa is an integer ranging from 0 to 65535, and nn is an integer ranging from 0 to 4294967295.
  • The aa and nn in aa:*, aa.aa:*, and aa.aa:nn are both integers ranging from 0 to 65535.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The ip rd-filter command is used together with the if-match rd-filter command. First use the ip rd-filter command to configure an RD filter, and use the if-match rd-filter command to configure a matching rule based on the RD filter in a routing policy. The routing policy is used to filter routes that are received and advertised.

The RD filter has the following rules:

  • If the RD filter is not configured but is used to filter routes, the matching result is permit.

    For example, the RD filter 100 is not configured but is used by the routing policy:

    route-policy test permit node 10
    if-match rd-filter 100

    When the routing policy is used to filter routes, the routes match this if-match clause, and the routes match the node 10 in the routing policy named test.

  • If the RD filter is configured but the RD of routes does not match any RD defined in the RD filter, the default matching result is deny.

    For example, the RD of routes is 100:1, and the configuration of the RD filter is as follows:

    ip rd-filter 100 permit 10.1.1.1:100

    When the RD filter is used to filter routes, the matching result is deny.

  • The relationship between the rules of the RD filter is "OR". This is different from the community filter. This is because each route has only one RD but can have multiple communities.

    For example, the RD filters in the following formats have the same matching results:

    Format 1:

    ip rd-filter 100 permit 100:1 200:1 10.2.2.2:1 10.3.3.3:1

    Format 2:

    ip rd-filter 100 permit 100:1 200:1
    ip rd-filter 100 permit 10.2.2.2:1
    ip rd-filter 100 permit 10.3.3.3:1

    The community filters in the following formats have different matching results:

    Format 1:

    ip community-filter 1 permit 100:1 200:1 300:1

    Format 2:

    ip community-filter 1 permit 100:1
    ip community-filter 1 permit 200:1 300:1

    In the preceding configuration of the community filter, the community defined in each rule must be a sub-set of route communities so that the rule can be matched.

  • Routes are filtered according to the configuration order of multiple rules. For example:

    ip rd-filter 100 deny 200:1 10.5.5.5:1
    ip rd-filter 100 permit 200:* 10.5.5.5:*

    In this situation, the route with the RD 200:1 or 10.5.5.5:1 is denied. If the configuration order of multiple rules is reversed as follows:

    ip rd-filter 100 permit 200:* 10.5.5.5:*
    ip rd-filter 100 deny 200:1 10.5.5.5:1

    In this situation, the route with the RD 200:1 or 10.5.5.5:1 is permitted.

  • Each RD filter can be configured with a maximum of 255 rules.

Example

# Configure an RD filter.

<HUAWEI> system-view
[~HUAWEI] ip rd-filter 1 permit 100:1

reset ip ip-prefix

Function

The reset ip ip-prefix command resets the statistics of the specified IPv4 prefix list.

Format

reset ip ip-prefix [ ip-prefix-name ]

Parameters

Parameter Description Value
ip-prefix-name Specifies the name of an IPv4 prefix list.

If ip-prefix-name is not specified, you can reset the statistics of all the IPv4 prefix lists.

The name is a string of 1 to 169 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The IPv4 prefix list can be used to filter IPv4 addresses. When filtering IPv4 addresses, the system records the numbers of prefixes that are permitted and denied by the IPv4 prefix list. You can run the display ip ip-prefix command to view the numbers.

To view the number of IPv4 prefixes that are permitted and denied by the IPv4 prefix list, run the reset ip ip-prefix command to clear statistics about permitted and denied routes in the IPv4 prefix list, and then run the display ip ip-prefix command to display the number of IPv4 prefixes since the previous operation.

Configuration Impact

The reset ip ip-prefix command clears statistics about the IPv4 prefix list. After that, the previous statistics cannot be shown.

Precautions

The reset ip ip-prefix command:
  • Clears statistics in a specified IPv4 prefix list, if the name of the IPv4 prefix list is specified using ip-prefix-name.

  • Clears statistics in all IPv4 prefix lists, if the name of the IPv4 prefix list is not specified using ip-prefix-name.

Example

# Reset the statistics of the specified IPv4 prefix list.

<HUAWEI> reset ip ip-prefix abc

reset ip ipv6-prefix

Function

The reset ip ipv6-prefix command resets the timer of a specified IPv6 prefix list.

Format

reset ip ipv6-prefix [ ipv6-prefix-name ]

Parameters

Parameter Description Value
ipv6-prefix-name Specifies the name of an IP prefix list. The name is a string of 1 to 169 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The IPv6 prefix list can be used to filter IPv6 addresses. When filtering IPv6 addresses, the system records the numbers of prefixes that are permitted and denied by the IPv6 prefix list. You can run the display ip ipv6-prefix command to view the numbers.

To view the number of IPv6 prefixes that are permitted and denied by the IPv6 prefix list, run the reset ip ipv6-prefix command to clear statistics about permitted and denied routes in the IPv6 prefix list, and then run the display ip ipv6-prefix command to display the number of IPv6 prefixes since the previous operation.

Configuration Impact

The reset ip ipv6-prefix command clears statistics about the IPv6 prefix list. After that, the previous statistics cannot be shown.

Precautions

The reset ip ipv6-prefix command:
  • Clears statistics in a specified IPv6 prefix list, if the name of the IPv6 prefix list is specified using ipv6-prefix-name.

  • Clears statistics in all IPv6 prefix lists, if the name of the IPv6 prefix list is not specified using ipv6-prefix-name.

Example

# Resets the timer of the IPv6 prefix list named abc.

<HUAWEI> reset ip ipv6-prefix abc

reset route-policy counters

Function

The reset route-policy counters command resets route-policy counters.

Format

reset route-policy route-policy-name counters

Parameters

Parameter Description Value
route-policy-name Specifies the name of a route-policy. The name is a string of 1 to 200 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The route-policy is used to filter routes and set the attributes of a route that matches a route-policy. When a route-policy filters routes, the system records the number of routes that match the route-policy nodes. You can run the display route-policy to view the numbers.

The reset route-policy counters command clears the number of routes which match or do not match the route-policy. You can run both the reset route-policy counters command and the display route-policy command to instruct whether to record the number of routes matching a specified route-policy.

Configuration Impact

The reset route-policy counters command clears the number of routes which match or do not match the route-policy. After that, the number cannot be restored.

Example

# Reset the counters of a route-policy named policy1.

<HUAWEI> reset route-policy policy1 counters
Related Topics

route-policy

Function

The route-policy command creates a routing policy and displays the Route-Policy view.

The undo route-policy command deletes a specified routing policy.

By default, no routing policy is configured.

Format

route-policy route-policy-name { permit | deny } node node

undo route-policy route-policy-name [ node node ]

Parameters

Parameter Description Value
route-policy-name Specifies the name of a routing policy. If the routing policy does no exist, create a routing policy and enter its Route-Policy view. If the routing policy exists, enter its Route-Policy view. The name is a string of 1 to 200 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
permit Specifies the matching mode of the routing policy as permit. In permit mode, a route matches all the if-match clauses, the route matches the routing policy and the actions defined by the apply clause are performed on the route. Otherwise, the route continues to match the next entry. -
deny Specifies the matching mode of the routing policy as deny. In deny mode, if a route matches all the if-match clauses, the route fails to match the routing policy and cannot match the next node. -
node node Specifies the index of the node in the routing policy. When the routing policy is used to filter routes, the node with the smaller value of node is matched first. The value is an integer ranging from 0 to 65535.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A routing policy is used to filter routes and set route attributes for the routes that match the routing policy. A routing policy consists of multiple nodes. One node can be configured with multiple if-match and apply clauses.

The if-match clauses define matching rules for this node, and the apply clauses define behaviors for the routes that match the rules. The relationship between if-match clauses is "AND". That is, a route must match all the if-match clauses. The relationship between the nodes of a routing policy is "OR". That is, if a route matches one node, the route matches the routing policy. If the route does not match any node, the route fails to match the routing policy.

You can run the display route-policy command to view the number of routes that match and do not match the routing policy.

Procedure

After a routing policy is created, the system prompts "Info: New Sequence of this List !" and displays the Route-Policy view. The system displays no prompt when a routing policy is deleted.

Example

# Configure the routing policy named policy1 whose node number is 10 and the matching mode is permit.

<HUAWEI> system-view
[~HUAWEI] route-policy policy1 permit node 10
[*HUAWEI-route-policy]
Related Topics
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 79730

Downloads: 382

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next