No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S7700 and S9700 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Routing Policy Configuration Commands

Routing Policy Configuration Commands

Command Support

For details about command support, see the description of each command.

apply as-path

Function

The apply as-path command sets the action for changing the AS_Path attribute of BGP routes in a routing policy.

The undo apply as-path command restores the default setting.

By default, the action for changing the AS_Path attribute of BGP routes is not set in a routing policy.

Format

apply as-path { { as-number-plain | as-number-dot } &<1-10> { additive | overwrite } | none overwrite }

undo apply as-path

Parameters

Parameter Description Value
as-number-plain Specifies a integral AS number to be added to the AS_Path list or to replace the existing AS_Path list. A maximum of 10 AS numbers can be specified in one command. The value is an integer ranging from 1 to 4294967295.
as-number-dot Specifies an AS number in dotted notation to be added to the AS_Path list or to replace the existing AS_Path list. A maximum of 10 AS numbers can be specified in one command. The value is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively.
additive Adds the specified AS number to the original AS_Path attribute. -
overwrite Replaces the original AS_Path with the specified AS number. -
none Clears the original AS_Path list. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the AS_Path attribute of BGP routes BGP for selecting the optimal route, you can apply a routing policy containing the apply as-path command.

AS_Path is a private attribute of BGP and records all ASs that a route passes through from the local end to the destination address. Using the AS_Path attribute controls route selection and prevents routing loops. If multiple routes are destined for the same destination address, BGP compares the AS_Path lists of these routes and considers the route with the shortest AS_Path list as the optimal route.

After this command is configured, the AS_Path list for matched BGP routes will change. Assume that the original AS-Path is (30, 40, 50) and the BGP route matching condition is met. In this case:
  • If the apply as-path 60 70 80 additive command is run, the AS-Path list is changed to (60, 70, 80, 30, 40, 50). This configuration change is generally used to make the BGP route not preferentially selected.
  • If the apply as-path 60 70 80 overwrite command is run, the AS-Path list is changed to (60, 70, 80). There are many application scenarios for changing the AS-Path list, and the major application scenarios are as follows:
    • Hide the real path information of routes. For example, after the AS-Path list is changed to (60, 70, 80), the AS-Path information of the route (30, 40, 50) is lost.
    • Implement load balancing. For example, a router receives two routes with the same destination IP address 10.1.0.0/16. The AS_Path list of one route is (60, 70, 80) and that of the other route is (30, 40, 50). In this case, you can change the AS_Path list (30, 40, 50) to (60, 70, 80), and load balancing then may be implemented on the two routes.
    • Shorten the AS-Path list to prevent the route from being discarded. If the as-path-limit command is configured, whether the number of AS numbers in the AS-Path list of the incoming route exceeds the maximum value needs to be checked. If the number exceeds the maximum value, the route is discarded. Therefore, before receiving a route with a long AS-Path list, replace the AS-Path list with a shorter AS-Path list. For example, if the original AS-Path list is (60, 70, 80, 65001, 65002, 65003), run the apply as-path 60 70 80 overwrite command to change the AS-Path list to (60, 70, 80). In this manner, the length of the AS-Path is shortened, preventing the route from being discarded.
    • Shorten the AS-Path list to make the route preferentially selected and traffic directed to the local AS.
  • If the apply as-path none overwrite command is run, the AS-Path list is changed to be vacant. In BGP route selection, if the AS-Path list is vacant, the length of the AS-Path list is considered as 0. Therefore, clearing the AS-Path list can not only hide the real path information, but also make the route preferentially selected and traffic directed to the local AS because the AS-Path list is shortened.

Prerequisites

The apply as-path command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects BGP route selection.

Running the apply as-path command changes the path through which network traffic passes. Use this command only when you are familiar with the network topology and impact of the command on services.

Example

# Change the AS number in the original AS_Path attribute to 200, 10.10.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply as-path 200 10.10 additive

apply backup-interface

Function

The apply backup-interface command sets the action for configuring a backup outbound interface in a routing policy.

The undo apply backup-interface command restores the default setting.

By default, the action for configuring the backup outbound interface is not set in a routing policy.

Format

apply backup-interface interface-type interface-number

undo apply backup-interface

Parameters

Parameter Description Value
interface-type interface-number Specifies the type and number of the backup outbound interface. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply backup-interface command is used in IP FRR scenarios to configure a backup outbound interface for a route. After IP FRR is enabled, data traffic can be quickly switched to the backup outbound interface if the primary link fails.

Prerequisites

The route-policy command must be used before the apply backup-interface command.

if-match clauses can be used to configure matching rules such as IP prefix lists, and ACLs before a backup outbound interface is configured.

Follow-up Procedure

Reference a configured route-policy in the ip frr (system view) command or the ip frr (VPN instance view) command to configure IP FRR on a public network or VPN.

The apply backup-interface command is usually used together with the apply backup-nexthop command.
NOTE:

For P2P links, a backup next hop is not necessary. For non-P2P links, a backup next hop is necessary.

Example

# Configure the backup outbound interface and the backup next hop in the route-policy named ip_frr_rp.

<HUAWEI> system-view
[HUAWEI] route-policy ip_frr_rp permit node 10
[HUAWEI-route-policy] apply backup-interface vlanif10
[HUAWEI-route-policy] apply backup-nexthop 192.168.20.2

# Delete the configured backup outbound interface from the route-policy named ip_frr_rp.

<HUAWEI> system-view
[HUAWEI] route-policy ip_frr_rp permit node 10
[HUAWEI-route-policy] undo apply backup-interface

apply backup-nexthop

Function

The apply backup-nexthop command sets the action for configuring a backup next hop in a routing policy.

The undo apply backup-nexthop command deletes the configured backup next hop.

By default, the action for configuring a backup next hop is not set in a routing policy.

Format

apply backup-nexthop { ipv4-address | auto }

undo apply backup-nexthop

Parameters

Parameter Description Value
ipv4-address Specifies the IP address of a backup next hop. It is in dotted decimal notation.
auto Automatically searches for the backup next hop. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply backup-nexthop command is used to configure a backup next hop for a route in IP FRR and VPN FRR scenarios. After IP FRR is enabled, data traffic can be quickly switched to the backup next hop if the primary link fails.

Prerequisites

The route-policy command has been run before the apply backup-nexthop command.

if-match clauses can be used to set matching rules such as interfaces, IP prefix lists, and ACLs before a backup next hop is configured.

Follow-up Procedure

The configured route-policy can be used in the ip frr (system view) command or the ip frr (VPN instance view) command that is run to configure IP FRR for a public or private network. It can also be used in the vpn frr command that is run to enable VPN FRR.

In a VPN FRR scenario, you only need to run the apply backup-nexthop command to configure a backup next hop.

In an IP FRR scenario, you need to run both the apply backup-nexthop and apply backup-interface commands.
NOTE:

On a P2P link, a backup next hop may not be set. On a non-P2P link, the apply backup-nexthop command must be run to configure a backup next hop.

Example

# Configure the backup interface and the backup next hop 192.168.20.2 in the route-policy named ip_frr_rp.

<HUAWEI> system-view
[HUAWEI] route-policy ip_frr_rp permit node 10
[HUAWEI-route-policy] apply backup-interface vlanif10
[HUAWEI-route-policy] apply backup-nexthop 192.168.20.2

# Delete the configured backup next hop from the route-policy named ip_frr_rp.

<HUAWEI> system-view
[HUAWEI] route-policy ip_frr_rp permit node 10
[HUAWEI-route-policy] undo apply backup-nexthop

apply behavior

Function

The apply behavior command configures a QoS traffic behavior for routes.

The undo apply behavior command restores the default setting.

By default, no QoS traffic behavior is configured.

Format

apply behavior behavior-name

undo apply behavior

Parameters

Parameter Description Value
behavior-name Specifies the name of a QoS traffic behavior. The value is a string of 1 to 31 case-sensitive characters without spaces, and must start with a letter.

Views

Route-policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a large and complex network is deployed, traffic flows of different types, such as voice, video, and data, need to be managed separately, with different bandwidth and delays assigned to these traffic flows. In this case, class-based QoS needs to be configured and complex traffic classification needs to be performed. The apply behavior command is used to associate filtered route with a specific traffic behavior.

Prerequisites

Before running the apply behavior behavior-name command, you need to create a traffic behavior.

Meanwhile, certain matching conditions need to be configured to classify routes, such as the AS-Path lost, community attribute list, address prefix list, and route cost.

Precautions

The apply behavior command is mutually exclusive with the apply ip-precedence command and the apply qos-local-id command, and only one of these commands can be configured on a node of a routing policy. For example, if the apply behavior command is configured in the view created by the route-policy test permit node 10 command, configuring the apply qos-local-id command replaces apply behavior command.

Example

# Configure the behavior named example in the system view, and then apply this QoS traffic behavior in the route-policy view.

<HUAWEI> system-view
[HUAWEI] traffic behavior example
[HUAWEI-behavior-example] quit
[HUAWEI] route-policy test permit node 10
[HUAWEI-route-policy] apply behavior example

apply comm-filter delete

Function

The apply comm-filter delete command sets the action for deleting community attributes of a specified community filter in a routing policy.

The undo apply comm-filter command restores the default setting.

By default, the action for deleting community attributes of a specified community filter is not set in a routing policy.

Format

apply comm-filter { basic-comm-filter-number | adv-comm-filter-number | comm-filter-name } delete

undo apply comm-filter

Parameters

Parameter Description Value
basic-comm-filter-number Specifies the number of a basic community filter. The value is an integer ranging from 1 to 99.
adv-comm-filter-number Specifies the number of an advanced community filter. The value is an integer ranging from 100 to 199.
comm-filter-name Specifies the name of a community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The string cannot be all numerals.When double quotation marks are used around the string, spaces are allowed in the string.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To delete the community attributes, you can run the ip community-filter command several times to configure community attributes one by one, and apply the routing policy containing the apply comm-filter delete command to delete these community attributes.

The community attribute is a private attribute of BGP. The apply comm-filter delete command takes effect only for BGP routes.

Prerequisites

The apply comm-filter delete command can be used only after the route-policy command is used.

Precautions

After routes meet the filtering conditions, the specified community attributes of these routes are deleted.

  1. When the delete operation is configured on a specified community attribute list, only one community attribute can be configured for the specified community attribute list. To delete multiple community attributes, you need to configure multiple community attribute lists. For example, if community attribute list 1 is used to delete 100:100 200:200 from the community attribute 100:100 200:200 carried in a route, you need to perform the following configurations on community attribute list 1:

    [HUAWEI] ip community-filter 1 permit 100:100
    [HUAWEI] ip community-filter 1 permit 200:200
    [HUAWEI] display ip community-filter
    Community filter Number: 1
    permit 100:100
    permit 200:200
    [HUAWEI] route-policy RP1 permit node 10
    [HUAWEI-route-policy] apply comm-filter 1 delete

    If multiple community attributes are configured in the same community filter, the apply comm-filter delete command cannot delete these community attributes. To delete the community attributes, you can run the ip community-filter command several times to configure community attributes one by one, and apply the routing policy containing the apply comm-filter delete command to delete these community attributes. For example, the following command cannot delete the community attribute 100:100 200:200 of the route:

    [HUAWEI] ip community-filter 1 permit 100:100 200:200
    [HUAWEI] display ip community-filter
    Community filter Number: 1
    permit 100:100 200:200
    [HUAWEI] route-policy RP1 permit node 10
    [HUAWEI-route-policy] apply comm-filter 1 delete
  2. When the apply community and apply comm-filter delete commands are run on the same node in a routing policy, the system performs the delete operation before the set operation regardless of the sequence in which the two commands are run.

    [HUAWEI] display route-policy
    Route-policy : 123a
      permit : 10
    Match clauses:
    Apply clauses: a
    apply community 999:9 additive
    apply comm-filter 1 delete

    The following command output shows that community attribute 111:1 of the corresponding BGP route is deleted and community attribute 999:9 is added.

    [HUAWEI] display ip community-filter
    Community filter Number: 1 
    permit 111:1 
    permit 999:9

Example

# Delete the specified BGP route community attributes 1:200, 2:200, and 3:200 from the community filter.

<HUAWEI> system-view
[HUAWEI] ip community-filter 1 permit 1:200
[HUAWEI] ip community-filter 1 permit 2:200
[HUAWEI] ip community-filter 1 permit 3:200
[HUAWEI] route-policy test permit node 10
[HUAWEI-route-policy] apply comm-filter 1 delete

apply community

Function

The apply community command sets the action for changing the community attribute of BGP routes in a routing policy.

The undo apply community command restores the default setting.

By default, the action for changing the community attribute of BGP routes is not set in a routing policy.

Format

apply community none

apply community { community-number | aa:nn | internet | no-advertise | no-export | no-export-subconfed } &<1-32> [ additive ]

undo apply community

Parameters

Parameter Description Value
none Indicates that all the community attributes of routes are deleted. -
community-number | aa:nn Specifies the community number. A maximum of 32 community numbers can be configured in the apply community command.
  • If you do not configure any one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 32 community-number and aa:nn together.
  • If you configure one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 31 community-number and aa:nn together.
  • If you configure two of internet, no-export-subconfed, no-advertise, and no-export, you can specify 30community-number and aa:nn together.
  • If you configure three of internet, no-export-subconfed, no-advertise, and no-export, you can specify 29 community-number and aa:nn together.
  • If you configure all of internet, no-export-subconfed, no-advertise, and no-export, you can specify 28 community-number and aa:nn together.
The value of community-number is an integer ranging from 0 to 4294967295. The value of aa or nn ranges from 0 to 65535.
internet Indicates that matching routes are sent to any peer. By default, all routes belong to the Internet community. -
no-advertise Indicates that matching routes are not sent to any peer. That is, after a router receives a route with this attribute, it does not advertise the route to other BGP peers. -
no-export Indicates that matching routes are sent to other sub-ASs but not to other ASs. That is, after a router receives a route with this attribute, it does not advertise the route outside the local AS. -
no-export-subconfed Indicates that matching routes are neither sent to other sub-ASs nor to other ASs. That is, after a router receives a route with this attribute, it does not advertise the route to other sub-ASs. -
additive Indicates that community attributes are added to matching routes. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To identify the BGP routes, you can apply a routing policy containing the apply community command to configure the community attribute of matched BGP routes.

The community attribute is a private attribute of BGP. It simplifies the application of routing policies and facilitates route maintenance and management. A community is a set of destination addresses with the same characteristics. These addresses have no physical boundary and are independent of their ASs. They share one or multiple community attributes, which can be changed or set by running the apply community command.

Prerequisites

The apply community command can be used only after the route-policy command is used.

Precautions

If the apply community command is configured in a routing policy, the community attributes of the BGP routes that match the routing policy are changed according to the configurations in the routing policy.

Assume that the original community name of a BGP route is 30. If this BGP route matches a certain routing policy, the AS number is replaced or added on the basis of the routing policy. For example:

  • If the apply community 100 command is run, the community name is changed to 100.
  • If the apply community 100 150 command is run, the community name is changed to 100 or 150. That is, the BGP route belongs to two communities.
  • If the apply community 100 150 additive command is run, the community name is changed to 30, 100 or 150. That is, the BGP route belongs to three communities.
  • If the apply community none command is run, the community attribute of the BGP route is deleted.

Example

# Configure a routing policy named setcommunity, match the route with the AS_Path filter being 8, and change its community attribute to no-export.

<HUAWEI> system-view
[HUAWEI] route-policy setcommunity permit node 16
[HUAWEI-route-policy] if-match as-path-filter 8
[HUAWEI-route-policy] apply community no-export

apply cost

Function

The apply cost command sets the action for changing the cost of routes in a routing policy.

The undo apply cost command restores the default setting.

By default, the action for changing the cost of routes is not set in a routing policy.

Format

apply cost [ + | - ] cost

undo apply cost

Parameters

Parameter Description Value
+ Increases the route cost.

If the MED of BGP routes or cost of non-BGP routes is greater than the maximum value (4294967295) after the adjustment, 4294967295 takes effect.

- Reduces the route cost.

If the MED of BGP routes or cost of non-BGP routes is less than the minimum value (0) after the adjustment, 0 takes effect.

cost Specifies the route cost. To control route selection, you can adjust the route cost to prevent routing loops. The value is an integer ranging from 0 to 4294967295.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the filtering conditions specified by if-match clauses are met, you can run the apply cost command to change the route MED or cost to control route selection. After setting the MED or cost, the MED or cost of the routes that are imported using the route-policy is changed accordingly.

Prerequisites

A route-policy has been configured by route-policy.

Configuration Impact

The costs of routes that match the route-policy are changed. BGP routes do not have costs, and instead, they have MEDs. If the apply cost command is run to configure an apply clause for a route-policy that is designed for BGP routes, the MEDs of BGP routes that match the route-policy are changed.

Precautions

The MEDs or costs of imported routes are independent of the route-policy after the undo apply cost command is used to cancel the route MED or cost.

Example

# Define an apply clause to set the route cost to 120.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply cost 120

apply cost-type

Function

The apply cost-type command sets the action for changing the cost type of routes in a routing policy.

The undo apply cost-type command restores the default setting.

By default, the action for changing the cost type of routes is not set in a routing policy.

Format

apply cost-type { external | internal | type-1 | type-2 }

undo apply cost-type

Parameters

Parameter Description Value
external Sets the cost type of IS-IS external routes. -
internal Sets the cost type of IS-IS internal routes or sets the MED value of BGP routes as the IGP cost of the next hop. -
type-1 Sets Type 1 external routes of OSPF. -
type-2 Sets Type 2 external routes of OSPF. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply cost-type { external | internal } command sets the cost type of IS-IS routes. The cost of an internal route imported to IS-IS remains unchanged and the cost of an external route imported to IS-IS is increased by 64.
NOTE:

When the cost-style of an IS-IS device is wide, compatible, or wide-compatible, the cost types of external or internal are classified. When the cost-style of an IS-IS device is narrow or narrow-compatible, the imported route classifies the cost type of external or internal. In other words, the apply cost-type command is valid on IS-IS devices only in the narrow or narrow-compatible modes.

The apply cost-type { type-1 | type-2 } command modifies the type of OSPF routes. During route import, OSPF modifies the type but not the cost value of the original route. When OSPF advertises the imported route with the cost and type information to a peer, the peer device will recalculate the cost value of the imported route based on the received information.

When the filtering conditions specified by if-match clauses are met, you can change the cost type of routes to set the imported external routes all to Type-1 or all to Type-2 by using the apply cost-type command. After the cost type of the routes that match the route-policy is set, the cost type of the routes that are imported by using the route-policy is the set cost type.

Prerequisites

Before running the apply cost-type command, you need to configure a route-policy by route-policy.

Configuration Impact

After routes match the route-policy, the cost type of the routes is changed.

Precautions

Different operations are performed when the apply cost-type internal command is applied to IS-IS routes and BGP routes:
  • When the apply cost-type internal command is applied to IS-IS routes:

    Routes are configured as IS-IS internal routes.

  • When the apply cost-type internal command is applied to BGP routes:

    When a switch advertises a route learned from an IBGP peer to an EBGP peer, if the apply cost-type internal command is run, the switch sets the MED value of the route to be advertised to the EBGP peer as the IGP cost of the next hop of the route.

Example

# Set the cost type to OSPF external Type-1.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply cost-type type-1

apply dampening

Function

The apply dampening command sets the action for changing the dampening parameters of EBGP routes in a routing policy.

The undo apply dampening command restores the default setting.

By default, the action for changing the dampening parameters of EBGP routes is not set in a routing policy.

Format

apply dampening half-life-reach reuse suppress ceiling

undo apply dampening

Parameters

Parameter Description Value
half-life-reach Specifies the half-life of a reachable route. The value is an integer ranging from 1 to 45, in minutes.
reuse Specifies the threshold for routes to be released from the dampening state. When the penalty value falls below the threshold, routes are reused. The value is an integer ranging from 1 to 20000.
suppress Specifies the threshold for routes to enter the dampening state. When the penalty value exceeds the threshold, routes are suppressed. The value is an integer ranging from 1 to 20000. The configured value of suppress must be greater than the value of reuse.
ceiling Specifies the upper limit of the penalty value of routes. The value is an integer ranging from 1001 to 20000. The configured value of ceiling must be greater than the value of suppress.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply dampening command, which is mostly used in BGP, is used to prevent frequent route dampening from affecting routers on the network.

You can configure different route dampening parameters for different nodes in the same routing policy. When route flapping occurs, BGP can use different route dampening parameters to suppress the routes that match the routing policy.

Procedure

If the apply dampening command is run multiple times, the latest configuration overwrites the previous one.

Configuration Impact

If the apply dampening command is run, each time route flapping occurs, BGP adds a certain penalty value to this route.

Precautions

The parameters in this command do not have default values and must be set. The values of reuse, suppress, and ceiling are listed in ascending order: reuse < suppress <ceiling. According to the formula, MaxSuppressTime = half-life-reach x 60 x (ln (ceiling/reuse)/ln (2)), routes are unsuppressed if the value of MaxSuppressTime is less than 1. Therefore, the value of the ceiling/reuse must be great enough so that the value of MaxSuppressTime can be equal to or greater than 1.

Example

# Set dampening parameters for EBGP routes.

<HUAWEI> system-view
[HUAWEI] route-policy aa permit node 10
[HUAWEI-route-policy] apply dampening 20 2000 10000 16000

apply extcommunity

Function

The apply extcommunity command sets the action for changing the extended community attribute of BGP routes in a routing policy.

The undo apply extcommunity command restores the default setting.

By default, the action for changing the extended community attribute of BGP routes is not set in a routing policy.

Format

apply extcommunity { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16> [ additive ]

undo apply extcommunity

Parameters

Parameter Description Value
rt Indicates the route-target extended community. A maximum of 16 route targets can be configured. -
as-number Specifies the AS number. The value is an integer ranging from 0 to 65535.
4as-number Specifies a 4-byte AS number.
A 4-byte AS number is divided into the following types:
  • It is an integer ranging from 65536 to 4294967295.
  • It is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively
ipv4-address Specifies the IPv4 address. It is in dotted decimal notation.
nn Specifies an integer.
  • When the value of as-number is a 2-byte AS number, the value of nn ranges from 0 to 4294967295.
  • When the value of 4as-number is a 4-byte AS number, the value of nn ranges from 0 to 65535.
  • For ipv4-address, the value of nn ranges from 0 to 65535.
additive Indicates that existing community attributes can be added to routes. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When controlling inter-AS VPN route receiving and advertising, apply the routing policy that contains the apply extcommunity command to change the RT extended community attribute of matched routes. Currently, only the RT extended community attribute is supported. This command cannot specify an extended community attribute for public routes.

Prerequisites

The apply extcommunity command can be used only after the route-policy command is used.

Precautions

When the routing policy that contains the action is used in the BGP view, BGP IPv4 unicast address view, or BGP IPv6 unicast address view, the action does not take effect.

When a routing policy takes effect, it affects inter-AS VPN route receiving and advertising.

If the keyword additive is not set in the apply extcommunity command, the original extended community attribute is replaced.

Example

# Add 100:2, 10.1.1.1:22, 100.100:100 to the VPN route-target extended community attribute of BGP.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply extcommunity rt 100:2 rt 10.1.1.1:22 rt 100.100:100 additive

apply ip-address next-hop (Route-Policy view)

Function

The apply ip-address next-hop command sets the action for changing the next hop address of BGP routes in a routing policy.

The undo apply ip-address next-hop command restores the default setting.

By default, the action for changing the next hop address of BGP routes is not set in a routing policy.

Format

apply ip-address next-hop { ipv4-address | peer-address }

undo apply ip-address next-hop { ipv4-address | peer-address }

Parameters

Parameter Description Value
ipv4-address Specifies the next hop address. It is in dotted decimal notation.
peer-address

Sets the next hop address to the local address when the apply clause is used by an export policy.

Sets the next hop address to the peer address when the apply clause is used by an import policy.

-

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the next hop address of BGP routes for selecting the optimal route, you can apply a routing policy containing the apply ip-address next-hop command.

The next hop address of a BGP route is set using the policy in the following situations:

  • IBGP: Configure the import or export policy for the IBGP peer. If the next hop address configured in the routing policy is unreachable, the IBGP peer adds the corresponding route to the BGP routing table. However, this route is invalid.

  • EBGP: Configure the import policy for the EBGP peer. If an export policy is configured, the route destined for the EBGP peer is discarded because the next hop address is unreachable.

Prerequisites

The apply ip-address next-hop command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects BGP route selection.

When a routing policy is specified in the import-route and network commands, the apply ip-address next-hop clause in the routing policy does not take effect.

The command sets a next hop IP address for the routes that match the relevant route-policy, which may change the service forwarding path. Therefore, exercise caution when running this command.

Example

# Define an apply clause to set the next hop address as 192.168.1.8.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply ip-address next-hop 192.168.1.8

apply ip-precedence

Function

The apply ip-precedence command sets the QoS parameter ip-precedence for routes.

The undo apply ip-precedence command restores the configuration.

By default, no IP preference is set.

Format

apply ip-precedence ip-precedence

undo apply ip-precedence

Parameters

Parameter Description Value
ip-precedence IP precedence
The value can be a preference value or a keyword:
  • The value is an integer ranging from 0 to 7.
  • The preference keyword can be Routine, Priority, Immediate, Flash, Flash-override, Critical, Internet, or Network.
Table 7-191 shows the relationship between preference values and keywords.
Table 7-191  Relationship between preference values and keywords

Value

Keyword

0

Routine

1

Priority

2

Immediate

3

Flash

4

Flash-override

5

Critical

6

Internet

7

Network

Views

Route-policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After receiving routes, a BGP route receiver matches the attributes of the BGP routes based on the import route-policy, sets the IP precedence, delivers the BGP routes together with the associated QoS parameters, and applies QoS traffic policies to the classified data. In this case, the BGP route receiver can apply QoS policies to the data sent to the destination network segment based on the IP precedence. This applies QoS policies in BGP.

Prerequisites

The apply ip-precedence command can be used only after the route-policy command is used.

Configuration Impact

If a route matches a route-policy, you can change the value of the Precedence field in the IP header. The Precedence field is the first three bits of the Type of Service (ToS) field in the IP header.

Precautions

If an integer is used to specify ip-precedence, the preference is saved as an integer in the configuration file. If a keyword is used to specify ip-precedence, the preference is saved as a keyword in the configuration file.

Example

# Set the IP precedence in the route-policy named test.

<HUAWEI> system-view
[HUAWEI] route-policy test permit node 10
[HUAWEI-route-policy] apply ip-precedence internet

apply ipv6 next-hop

Function

The apply ipv6 next-hop command sets the action for changing an IPv6 next hop address of a BGP route in a route-policy.

The undo apply ipv6 next-hop command restores the default setting.

By default, the action for changing the IPv6 next hop addresses of BGP routes are not configured in a route-policy.

Format

apply ipv6 next-hop { peer-address | ipv6-address }

undo apply ipv6 next-hop { peer-address | ipv6-address }

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 next hop address. The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
peer-address Specifies the peer address as the next hop. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply ipv6 next-hop command configures an IPv6 next hop address for a BGP route.

In BGP, the next hop address of a route can be set through the route-policy in the following situations:

  • IBGP

    For an IBGP peer, the configured inbound and outbound policies can take effect. If the next hop address configured in the policy is unreachable, the IBGP peer still adds the route to the BGP routing table, but the route is not valid.

  • EBGP

    For an EBGP peer, when the policy is used to modify the next hop address of a route, the inbound policy is configured. If the outbound policy is configured, the route is discarded because its next hop is unreachable.

Prerequisites

The apply ipv6 next-hop command can be used only after the route-policy command is used.

Configuration Impact

After a BGP route matches a route-policy, you can change the IPv6 next hop address of the BGP route.

Precautions

When a route-policy is being applied in the import-route and network commands, the apply ipv6 next-hop clause in the route-policy does not take effect.

Example

# Set FC00:0:0:6::1 as the next hop address.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply ipv6 next-hop fc00:0:0:6::1

apply isis

Function

The apply isis command sets the action for changing the level of routes imported to IS-IS in a routing policy.

The undo apply isis command restores the default setting.

By default, the action for changing the level of routes imported to IS-IS is not set in a routing policy.

Format

apply isis { level-1 | level-1-2 | level-2 }

undo apply isis

Parameters

Parameter Description Value
level-1 Indicates IS-IS Level-1 routes. -
level-1-2 Indicates IS-IS Level-1 and Level-2 routes. -
level-2 Indicates IS-IS Level-2 routes. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A large number of external routes can be imported to IS-IS, which causes extra burdens on IS-IS-enabled devices. To solve this problem, run the apply isis command to set the level of the routes to be imported to IS-IS.

Prerequisites

The apply isis command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects route receiving and advertising in IS-IS.

Example

# Set the level of the routes imported to IS-IS.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply isis level-1

apply local-preference

Function

The apply local-preference command sets the action for changing the local preference of BGP routes in a routing policy.

The undo apply local-preference command restores the default setting.

By default, the action for changing the local preference of BGP routes is not set in a routing policy.

Format

apply local-preference preference

undo apply local-preference

Parameters

Parameter Description Value
preference Specifies the local preference of BGP routes. The value is an integer ranging from 0 to 4294967295.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The Local-Pref attribute is a private attribute of BGP. The apply local-preference command sets only the local preference for BGP routes. The Local_Pref attribute is used to determine the optimal route when traffic leaves an AS. When a BGP router obtains multiple routes to the same destination address but with different next hops through IBGP peers, the route with the largest Local_Pref value is selected.

Prerequisites

After a BGP route matches a routing policy, you can change the local preference of the BGP route.

Precautions

When a routing policy takes effect, it affects BGP route selection.

The Local_Pref attribute applies to the routing within an AS rather than be advertised to the outside of the AS. In this case, the apply local-preference command does not take effect when EBGP neighbor relationships are set up.

Example

# Set the local preference of BGP routes to 130.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply local-preference 130

apply mpls-label

Function

The apply mpls-label command sets the action for allocating MPLS labels to public routes in a routing policy.

The undo apply mpls-label command restores the default setting.

By default, the action for allocating MPLS labels to public routes is not set in a routing policy.

Format

apply mpls-label

undo apply mpls-label

Parameters

None

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In the scenario where inter-AS VPN Option C or Carrier Support Carrier (CSC) is deployed, you can use the apply mpls-label command to allocate labels to public routes.

Prerequisites

The apply mpls-label command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it allocates MPLS labels to public routes.

Example

# Assign MPLS labels to the routes that match the routing policy.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply mpls-label
Related Topics

apply origin

Function

The apply origin command sets the action for changing the Origin attribute of BGP routes in a routing policy.

The undo apply origin command restores the default setting.

By default, the action for changing the Origin attribute of BGP routes is not set in a routing policy.

Format

apply origin { egp { as-number-plain | as-number-dot } | igp | incomplete }

undo apply origin

Parameters

Parameter Description Value
egp as-number-plain Sets the origin of BGP routes as EGP. The parameter as-number-plain specifies the Integral AS number of an external route. An AS number uniquely identifies an AS. as-number-plain is required when you need to change the origin of BGP routes as EGP. EGP has the secondary highest priority. The Origin attribute of the routes obtained through EGP is EGP. The value is an integer ranging from 1 to 4294967295.
egp as-number-dot Sets the origin of BGP routes as EGP. The parameter as-number-dot specifies the AS number in dotted notation of an external route. An AS number uniquely identifies an AS. as-number-dot is required when you need to change the origin of BGP routes as EGP. EGP has the secondary highest priority. The Origin attribute of the routes obtained through EGP is EGP. The value is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively.
igp Sets the origin of BGP routes as IGP. IGP has the highest priority. The Origin attribute of the routes obtained through an IGP of the AS that originates the routes, such as the routes imported to the BGP routing table through the network command, is IGP. -
incomplete Sets the origin code of BGP routes as unknown. Incomplete has the lowest priority. The Origin attribute of the routes learned through other methods, such as the routes imported by BGP through the import-route command, is Incomplete. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the Origin attribute of routes for selecting the optimal route, you can apply a routing policy containing the apply origin command. The Origin attribute is a private attribute of BGP and defines the origin of a route.

Prerequisites

The apply origin command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects BGP route selection.

Example

# Set the origin of BGP routes to IGP.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply origin igp

apply ospf

Function

The apply ospf command sets the action performed for configuring an OSPF area to which the route is imported in a routing policy.

The undo apply ospf command restores the default setting.

By default, the action performed for configuring an OSPF area to which the route is imported is not set in a routing policy.

Format

apply ospf { backbone | stub-area }

undo apply ospf

Parameters

Parameter Description Value
backbone Imports routes to the OSPF backbone area. -
stub-area Imports routes to an OSPF NSSA. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The apply ospf command can be used to specify the OSPF backbone area or NSSA area to which routes are imported. This can prevent OSPF from importing too many external routes, which brings heavy burden on OSPF devices.

Prerequisites

The apply ospf command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, routes are imported to the specified OSPF area.

Example

# Import routes to the OSPF backbone area.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply ospf backbone

apply preference

Function

The apply preference command sets the action for changing the preference of routes in a routing policy.

The undo apply preference command restores the default setting.

By default, the action for changing the preference of routes is not set in a routing policy.

Format

apply preference preference

undo apply preference

Parameters

Parameter Description Value
preference Specifies the route precedence. Route sharing and route selection are difficult because multiple routing protocols can run on the device at the same time; therefore, a default preference needs to be specified for each routing protocol. When different protocols discover multiple routes to the same destination, the route discovered by the protocol with a higher preference is selected to forward IP packets. The smaller the preference value, the higher the preference. The value is an integer ranging from 1 to 255.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the preference of routes for selecting the optimal route, you can apply a routing policy containing the apply preference command.

Prerequisites

The apply preference command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects route selection.

Example

# Set the preference for routes.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply preference 90

apply preferred-value

Function

The apply preferred-value command sets the action for changing the preferred value of BGP routes in a routing policy.

The undo apply preferred-value command restores the default setting.

By default, the action for changing the preferred value of BGP routes is not set in a routing policy.

Format

apply preferred-value preferred-value

undo apply preferred-value

Parameters

Parameter Description Value
preferred-value Specifies the preferred value of BGP routes. In route selection, the BGP route with the largest preferred value is preferred. The value is an integer ranging from 0 to 65535.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To change the preferred value of BGP routes for selecting the optimal route, you can apply a routing policy containing the apply preferred-value command.

Prerequisites

The apply preferred-value command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effect, it affects BGP route selection.

The preferred value of a route indicates the weight of the route in BGP routing. The preferred value is not a standard RFC-defined attribute and is valid only on local devices. The preferred value is inapplicable to export policies of BGP.

Example

# Set the preferred value for BGP routes.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply preferred-value 66

apply qos-local-id

Function

The apply qos-local-id command sets the QoS local ID.

The undo apply qos-local-id command cancels the configuration.

By default, no QoS local ID is set.

Format

apply qos-local-id qos-local-id

undo apply qos-local-id

Parameters

Parameter Description Value
qos-local-id Specifies the QoS local ID. The value is an integer ranging from 1 to 4095.

Views

Route-policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The QoS local ID is a local identifier of QoS. In actual applications, you can set the QoS local ID in the route-policy, and add the command that matches the QoS local ID in the QoS policy. The QoS local ID set in the route-policy is delivered to the FIB table. During packet forwarding, the system obtains the QoS local ID from the FIB table and applies the related QoS policy according to the QoS local ID.

Configuration Impact

The apply qos-local-id command is mutually exclusive with the apply behavior and apply ip-precedence commands, and only one of these commands can be configured on a node of a routing policy. For example, if the apply qos-local-id command is configured in the view created by the route-policy test permit node 10 command, configuring the apply ip-precedence command replaces apply qos-local-id command.

Example

# Set the QoS local ID in the route-policy named test.

<HUAWEI> system-view
[HUAWEI] route-policy test permit node 10
[HUAWEI-route-policy] apply qos-local-id 10

apply tag

Function

The apply tag command sets the action for changing the tag of routes in a routing policy.

The undo apply tag command restores the default setting.

By default, the action for changing the tag of routes is not set in a routing policy.

Format

apply tag tag

undo apply tag

Parameters

Parameter Description Value
tag Specifies the tag of routes. Routes can be tagged as required. You can set the same tag for the same type of route. Routes can be flexibly controlled and managed through tags in the routing policy. The value is an integer ranging from 0 to 4294967295.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To identify the routes, you can apply a routing policy containing the apply tag command to add the same tag to the matched routes.

Prerequisites

The apply tag command can be used only after the route-policy command is used.

Precautions

When a routing policy takes effects, routes will be matched by routing policies related to the tag.

BGP routes do not support tags. The apply tag command sets the tag for only IGP routes.

Example

# Set the tag of routes to 100.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] apply tag 100

apply traffic-index

Function

The apply traffic-index command sets the BGP traffic index.

The undo apply traffic-index command cancels the configuration.

By default, no BGP traffic index is set.

Format

apply traffic-index traffic-index

undo apply traffic-index

Parameters

Parameter Description Value
traffic-index Specifies the index of BGP traffic. The value is an integer ranging from 1 to 64.

Views

Route-policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

BGP accounting uses different BGP traffic indexes in BGP community attributes to identify routes and charge the traffic accordingly.

The sending end of BGP routes can set attributes for BGP routes by using the route-policy. The receiving end of BGP routes can set the BGP traffic index for BGP routes according to the BGP community filter, BGP AS_Path filter, ACL, and IP prefix list. The BGP traffic index together with routing information is delivered to the FIB table. After BGP accounting is enabled on an interface, the traffic-index-based traffic collection table can be generated for the interface.

During packet forwarding, traffic statistics can be collected according to the traffic index on each interface. Traffic statistics can be collected according to either the destination address in the inbound direction or the source address in the outbound direction.

Prerequisites

The route-policy command has been run.

Example

# Configure the BGP traffic index.

<HUAWEI> system-view
[HUAWEI] route-policy test permit node 10
[HUAWEI-route-policy] apply traffic-index 10
Related Topics

description (Route-Policy view)

Function

The description command configures the description of a route-policy.

The undo description command deletes the description of a route-policy.

By default, no description is configured for the route-policy.

Format

description text

undo description

Parameters

Parameter Description Value
text Specifies the description of a route-policy. The description is a string of 1 to 80 case-sensitive characters that can contain spaces.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The description command can be used to configure a description for a created route-policy. If many route-policies have been configured, configuring descriptions for the policies will facilitate policy management.

Prerequisites

A route-policy has been created by using route-policy command.

Example

# Configure the description of the route-policy named temp.

<HUAWEI> system-view
[HUAWEI] route-policy temp permit node 10
[HUAWEI-route-policy] description This policy-name is temp
Related Topics

display ip as-path-filter

Function

display ip as-path-filter command displays the configuration of the AS_Path filter.

Format

display ip as-path-filter [ as-path-filter-number | as-path-filter-name ]

Parameters

Parameter Description Value
as-path-filter-number Displays the configuration of an AS_Path filter with a specified number. It is an integer that ranges from 1 to 256.
as-path-filter-name Displays the configuration of an AS_Path filter with a specified name. The name is a string of 1 to 51 characters without any space. It is case-sensitive.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The AS-Path attribute is a BGP-specific attribute. An AS-Path filter is used to filter BGP routes.

You can run the display ip as-path-filter command to:
  • View detailed information about a configured AS path filter.
  • Check whether an AS-Path filter is deleted successfully after running the undo ip as-path-filter command.

Precautions

The display ip as-path-filter command:
  • Displays the configuration information about a specified AS-Path filter, if the number or name of the AS-Path filter is specified.
  • Displays the configuration information about all AS-Path filters, if neither the number nor name of the AS-Path filter is specified.
  • Does not display any information, if the AS-Path filter does not exist in the system or the AS-Path filter that is queried does not exist.

Example

# Display the configured AS_Path filter.

<HUAWEI> display ip as-path-filter
As path filter number: 1
         permit    1.1 100,200
As path filter name: abc
         deny      2.2 200,400
Table 7-192  Description of the display ip as-path-filter command output

Item

Description

As path filter number

AS-Path filter number.

As path filter name

AS-Path filter name.

permit

Matching mode is permit.

1.1 100,200

Content of the regular expression.

deny

Matching mode is deny.
Related Topics

display ip community-filter

Function

The display ip community-filter command displays the configuration of the community filter.

Format

display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num | comm-filter-name ]

Parameters

Parameter Description Value
basic-comm-filter-num Displays the configuration of a basic community filter with a specified number.

The value is an integer ranging from 1 to 99.

adv-comm-filter-num Displays the configuration of an advanced community filter with a specified number.

The value is an integer ranging from 100 to 199.

comm-filter-name Displays the configuration of a community filter with a specified name. The name is a string of 1 to 51 characters. The string cannot be all numerals.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The community attribute is a BGP-specific attribute. A community filter is used to filter BGP routes.

You can run the display ip community-filter command to:
  • View detailed information about a configured community filter.
  • Check whether a community filter is successfully deleted after running the undo ip community-filter command.

Precautions

The display ip community-filter command:
  • Displays the configuration information about a specified community filter, if the number or name of the community filter is specified.

  • Displays the configuration information about all community filters, if neither the number nor name of the community filter is specified.

  • Does not display any information, if the community filter does not exist in the system or the community filter that is queried does not exist.

Example

# Display all community filters.

<HUAWEI> display ip community-filter
Community filter Number: 10
         deny  no-export
Community filter Number: 110
         permit 110:110
Named Community basic filter: aa (ListID = 200)
         permit  1 internet
Named Community advanced filter: bb (ListID = 700)
         permit ^20                                
Table 7-193  Description of the display ip community-filter command output

Item

Description

Community filter Number

Indicates the number of a community filter.

permit

Indicates that the matching mode is permit.

deny

Indicates that the matching mode is deny.

Named Community basic filter

Indicates the name of a basic community filter.

Named Community advanced filter

Indicates the name of an advanced community filter.

Related Topics

display ip extcommunity-filter

Function

display ip extcommunity-filter command displays the configuration of the extended community filter.

Format

display ip extcommunity-filter [ basic-extcomm-filter-num | advanced-extcomm-filter-num | extcomm-filter-name ]

Parameters

Parameter Description Value
basic-extcomm-filter-num Specifies the basic extended community filter number. It is an integer that ranges from 1 to 199.
advanced-extcomm-filter-num Specifies the advanced extended community filter number. It is an integer that ranges from 200 to 399.
extcomm-filter-name Displays the configuration of an extended community filter with a specified name. The name is a string of 1 to 51 characters without any space. It is case-sensitive.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The extended community attribute is a BGP-specific attribute. An extended community filter is used to filter VPN routes.

You can run the display ip extcommunity-filter command to:
  • View detailed information about a configured extended community filter.
  • Check whether an extended community filter is successfully deleted after running the undo ip excommunity-filter command.

Precautions

The display ip extcommunity-filter command:
  • Displays the configuration information about a specified extended community filter, if the number or name of the extended community filter is specified.

  • Displays the configuration information about all extended community filters, if neither the number nor name of the extended community filter is specified.

  • Does not display any information, if the extended community filter does not exist in the system or the extended community filter that is queried does not exist.

Example

# Display information about the extended community filter.

<HUAWEI> display ip extcommunity-filter
Extended Community filter Number 10
         permit rt : 100:10
Extended Community filter Number 280
         permit rt 100:65
Extended Community filter basic filter: bas-abc
         permit rt : 200:10
Extended Community filter advanced filter: adv-abc
         deny 1.1.1.1:10
Table 7-194  Description of the display ip extcommunity-filter command output

Item

Description

Extended Community filter Number

Indicates the number of an extended community filter.

Extended Community filter basic filter

Basic extended community filter name.

Extended Community filter advanced filter

Advanced extended community filter name.

permit

Indicates that the matching mode is permit.

deny

Indicates that the matching mode is deny.

rt

Indicates the extended community attribute of the specified RT.

display ip ip-prefix

Function

The display ip ip-prefix command displays the configuration of IPv4 prefix lists.

Format

display ip ip-prefix [ ip-prefix-name ]

Parameters

Parameter Description Value
ip-prefix-name Displays the configuration of an IP prefix list with a specified name. The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

An IPv4 prefix list is used to filter IPv4 addresses. To achieve the following purposes, run the display ip ip-prefix command:
  • View detailed configuration of a configured IPv4 prefix list.
  • Check whether an IPv4 prefix list is deleted after running the undo ip ip-prefix command.
  • View the number of routes that do or do not match the route-policy in an IPv4 prefix list.

Precautions

The display ip ip-prefix command:
  • Displays the configuration of a specified IPv4 prefix list if the name of the IPv4 prefix list is specified.
  • Displays the configuration of all IPv4 prefix lists if no IPv4 prefix list name is specified.
  • Does not display information if no IPv4 prefix list exists in the system or the queried IPv4 prefix list does not exist.

Before collecting the number of routes that do or do not match the route-policy in an IPv4 prefix list within a certain period, run the reset ip ip-prefix command to clear existing statistics.

NOTE:

If The specified filter list does not exist is displayed in the command output, the specified IPv4 prefix list failed to be configured. To re-configure it, run the ip ip-prefix command in the system view.

Example

# Display the configuration of the IP prefix list named p1.

<HUAWEI> display ip ip-prefix p1
Prefix-list pl
Permitted 0
  Description prefixok
Denied 0
         index: 10      permit  192.168.0.0/16          ge  17  le  18
Table 7-195  Description of the display ip ip-prefix command output

Item

Description

Prefix-list

Name of an IPv4 prefix list.

Permitted

Number of routes that match a route-policy.

Description

Description of an IPv4 prefix list. This field is displayed only after a description is configured using the ip ip-prefix ip-prefix-name description text command.

Denied

Number of routes that do not match the route-policy.

index

Index of the entry in the IPv4 prefix list.

permit

Contents of the entry in the IPv4 prefix list.

ge 17

The mask is greater than or equal to 17.

le 18

The mask is less than or equal to 18.

Related Topics

display ip ipv6-prefix

Function

display ip ipv6-prefix displays the configuration of IPv6 prefix lists.

Format

display ip ipv6-prefix [ ipv6-prefix-name ]

Parameters

Parameter Description Value
ipv6-prefix-name Displays the configuration of an IP prefix list with a specified name. If ipv6-prefix-name is not specified, the configuration of all the configured IPv6 prefix lists is displayed. The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

An IPv6 prefix list is used to filter IPv6 addresses. To achieve the following purposes, run the display ip ipv6-prefix command:
  • View detailed configuration of a configured IPv6 prefix list.
  • Check whether an IPv6 prefix list is deleted after running the undo ip ipv6-prefix command.
  • View the number of routes that do or do not match the route-policy in an IPv6 prefix list.

Precautions

The display ip ipv6-prefix command:
  • Displays the configuration of a specified IPv6 prefix list if the name of the IPv6 prefix list is specified.
  • Displays the configuration of all IPv6 prefix lists if no IPv6 prefix list name is specified.
  • Does not display information if no IPv6 prefix list exists in the system or the queried IPv6 prefix list does not exist.

Before collecting the number of routes that do or do not match the route-policy in an IPv6 prefix list within a certain period, run the reset ip ipv6-prefix command to clear existing statistics.

Example

# Display the configuration of all the IPv6 prefix lists.

<HUAWEI> display ip ipv6-prefix
  Prefix-list6 abc
  Description prefixok 
  Permitted 0
  Denied 0
  index:   10             permit  ::/0
  index:   20             permit  ::/1              ge  1   le  128
Table 7-196  Description of the display ip ipv6-prefix command output

Item

Description

Prefix-list6

Name of an IPv6 prefix list.

Description

Description of an IPv6 prefix list. This field is displayed only after a description is configured using the ip ipv6-prefix ipv6-prefix-name description text command.

Permitted

Number of routes that match a route-policy.

Denied

Number of routes that do not match a route-policy.

index

Index of the entry in the IPv6 prefix list.

permit

Contents of the entry in the IPv6 prefix list.

ge

Greater than or equal to.

le

Less than or equal to.

Related Topics

display ip rd-filter

Function

The display ip rd-filter command displays the configuration of the route distinguisher (RD) filter.

Format

display ip rd-filter [ rd-filter-number ]

Parameters

Parameter Description Value
rd-filter-number Displays the configuration of a RD filter with a specified number. The value is an integer ranging from 1 to 255.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The RD attribute is carried in VPN routes. An RD filter is used to filter VPN routes.

You can run the display ip rd-filter command to:
  • View detailed information about a configured RD filter.
  • Check whether an RD filter is successfully deleted after running the undo ip rd-filter command.

Precautions

The display ip rd-filter command:
  • Displays the configuration information about a specified RD filter, if the number of RD filter is specified.
  • Displays the configuration information about all RD filters, if the number of the RD filter is not specified.
  • Does not display any information, if the RD filter does not exist in the system or the RD filter that is queried does not exist.

Example

# Display the configured RD filter.

<HUAWEI> display ip rd-filter
Route Distinguisher Filter 1
        permit 10.1.1.1:1 10.2.2.2:* 100:1 200:*
Route Distinguisher Filter 2
        deny 1:1 2:2
        permit 1:* 2:*
Table 7-197  Description of the display ip rd-filter command output

Item

Description

Route Distinguisher Filter

Number of the RD filter

permit

Matching mode: permit

deny

Matching mode: deny

Related Topics

display route-policy

Function

The display route-policy command displays the configuration of the route-policy.

Format

display route-policy [ route-policy-name ]

Parameters

Parameter Description Value
route-policy-name Displays the configuration of a route-policy with a specified name. The name is a string of 1 to 40 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display route-policy command to check detailed configuration of a route-policy.

Example

# Display the configuration of the route-policy named policy1.

<HUAWEI> display route-policy policy1
Route-policy : policy1
  permit : 10 (matched counts: 2)
    Match clauses :
        if-match acl 2000
    Apply clauses :
        apply cost 100
        apply tag 100
Table 7-198  Description of the display route-policy command output

Item

Description

Route-policy

Name of the routing policy

permit

Matching mode and node index of the routing policy

matched counts: 2

Number of nodes that routes are matched in a routing policy

Match clauses

Matching condition list

Apply clauses

Apply clause list

Related Topics

if-match acl (Route-Policy view)

Function

The if-match acl command sets a matching rule that is based on the Access Control List (ACL).

The undo if-match acl command deletes the matching rule based on the specified ACL.

By default, no matching rule based on the ACL is configured.

Format

if-match acl { acl-number | acl-name }

undo if-match acl { acl-number | acl-name }

Parameters

Parameter Description Value
acl-number Specifies the number of a basic ACL. The value is an integer ranging from 2000 to 2999.
acl-name Specifies the name of a named ACL. The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match acl command to set a matching rule based on the ACL to match IPv4 prefixes.

Prerequisites

The if-match acl command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes using the ACL. Routes that match the ACL will be checked by other if-match clauses of this node. Routes that do not match the ACL will be checked by the next node.

An ACL name is a character string that starts with a letter. For example, 2a is an invalid ACL name.

The if-match acl command and the if-match ip-prefix command are mutually exclusive. If you run the if-match ip-prefix command after running the if-match acl command, the configuration of the if-match ip-prefix command overrides the configuration of the if-match acl command.

For an ACL, when the rule command is used to configure a filtering rule, the filtering rule is effective only with the source address range that is specified by the source parameter and with the time period that is specified by the time-range parameter.

Example

# Set a matching rule that is based on ACL 2000.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match acl 2000

if-match as-path-filter

Function

The if-match as-path-filter command creates a matching rule based on the AS_Path filter.

The undo if-match as-path-filter command deletes a matching rule based on the specified AS_Path filter.

By default, no matching rule based on the AS_Path filter is configured.

Format

if-match as-path-filter { as-path-filter-number &<1-16> | as-path-filter-name }

undo if-match as-path-filter [ as-path-filter-number &<1-16> | as-path-filter-name ]

Parameters

Parameter Description Value
as-path-filter-number Specifies the number of an AS_Path filter. A maximum of 16 AS_Path filters can be specified. The value is an integer ranging from 1 to 256.
as-path-filter-name Specifies the name of the AS_Path filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The value cannot contain only numerals.
NOTE:
When double quotation marks are used around the string, spaces are allowed in the string.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The AS_Path attribute is the private attribute of BGP. The if-match as-path-filter command is applicable to only BGP routes. The ip as-path-filter command must be used to define an AS_Path filter so that the matching rule based on this AS_Path filter can take effect. For example:

  • If the if-match as-path-filter 1 command is used but AS_Path filter 1 is not configured, all routes are permitted, that is, all routes match the matching rule.
  • If the if-match as-path-filter 1 command after the ip as-path-filter 1 permit *20 command is used, the BGP routes with the AS_Path attribute being 20 are permitted.

Multiple if-match as-path-filter clauses can be specified. The relationship between if-match as-path-filter clauses is "OR". The relationship between if-match clauses is "AND".

Prerequisites

Before running the if-match as-path-filter command, run the ip as-path-filter command to configure an AS_Path filter.

Precautions

The routing policy matches routes using the AS-Path filter. Routes that match the AS-Path filter will be checked by other if-match clauses of this node. Routes that do not match the AS-Path filter will be checked by the next node.

A maximum of 16 AS_Path filters can be specified. The relationship between these AS_Path filters is OR. Specifically, if a route matches one of these AS_Path filters, it matches the matching rules of the command.

Creating an AS_Path filter before it is referenced is recommended. By default, nonexistent AS_Path filters cannot be referenced using the command. If the route-policy nonexistent-config-check disable command is run in the system view and a nonexistent AS_Path filter is referenced using the current command, all routes match the AS_Path filter.

Example

# Configure AS_Path filter 2 to permit AS200 and AS300. Create a routing policy named test, and define AS_Path filter 2 in an if-match clause for node 10 of the routing policy.

<HUAWEI> system-view
[HUAWEI] ip as-path-filter 2 permit _200_300
[HUAWEI] route-policy test permit node 10
[HUAWEI-route-policy] if-match as-path-filter 2
Related Topics

if-match community-filter

Function

The if-match community-filter command creates a matching rule based on the community filter.

The undo if-match community-filter command deletes the matching rule based on the specified community filter.

By default, no matching rule based on the community filter is configured.

Format

if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-comm-filter-num } &<1-16>

if-match community-filter comm-filter-name [ whole-match ]

undo if-match community-filter [ basic-comm-filter-num | adv-comm-filter-num ] &<1-16>

undo if-match community-filter comm-filter-name

Parameters

Parameter Description Value
basic-comm-filter-num Specifies the number of a basic community filter. The value is an integer ranging from 1 to 99.
adv-comm-filter-num Specifies the number of an advanced community filter. The value is an integer ranging from 100 to 199.
comm-filter-name Specifies the name of a community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The string cannot be all numerals.When double quotation marks are used around the string, spaces are allowed in the string.
whole-match Indicates complete matching. That is, all the communities in the command must be matched. Complete matching is valid only for the basic community filter. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The community attribute is a private attribute of BGP. The if-match community-filter command is applicable to only BGP routes. The ip community-filter command must be used to define a community filter so that the matching rule based on this community filter can take effect. For example:

  • If the if-match community-filter 1 command is used but community filter 1 is not configured, all routes are permitted, that is, all routes can match the matching rule.
  • If the if-match community-filter 1 command is used after the ip community-filter 1 permit 1:1 command is used, the BGP routes with the community attribute being 1:1 are permitted.

Multiple if-match community-filter clauses can be specified. The relationship between if-match community-filter clauses is "OR". The relationship between if-match clauses is "AND".

Prerequisites

Before using the if-match community-filter command, you must use the ip community-filter command to configure a community filter.

The if-match community-filter command can be used only after a routing policy is configured.

Precautions

The routing policy matches routes using the community filter. Routes that match the community filter will be checked by other if-match clauses of this node. Routes that do not match the community filter will be checked by the next node.

A maximum of 16 community filters can be configured in the if-match community-filter command. The relationship between these community-filters is OR. Specifically, if a route matches one of these community-filters, it matches the matching rules of the command.

The parameter whole-match is valid only for its front community filter number. If multiple community filters are specified in the if-match community-filter command and packets are required to completely match each filter, you need to specify the parameter whole-match behind each community filter and it is valid to only the basic community filter.

The name of a community filter cannot be all numerals.

Creating a community attribute filter before it is referenced is recommended. By default, nonexistent community attribute filters cannot be referenced using the command. If the route-policy nonexistent-config-check disable command is run in the system view and a nonexistent community attribute filter is referenced using the current command, all routes match the community filter.

Example

# Set a matching rule that is based on the community filter 1.

<HUAWEI> system-view
[HUAWEI] ip community-filter 1 permit 100:200
[HUAWEI] route-policy test permit node 10
[HUAWEI-route-policy] if-match community-filter 1

# Set the complete matching rule for community attribute filters 1 and 2.

<HUAWEI> system-view
[HUAWEI] route-policy test permit node 11
[HUAWEI-route-policy] if-match community-filter 1 whole-match 2 whole-match

# Set a matching rule that is based on the community filter named aa.

<HUAWEI> system-view 
[HUAWEI] route-policy test permit node 12 
[HUAWEI-route-policy] if-match community-filter aa
Related Topics

if-match cost

Function

The if-match cost command creates a matching rule based on the route cost.

The undo if-match cost command deletes the matching rule based on the specified route cost.

By default, no matching rule based on the route cost is configured.

Format

if-match cost { cost | greater-equal greater-equal-value [ less-equal less-equal-value ] | less-equal less-equal-value }

undo if-match cost

Parameters

Parameter Description Value
cost Specifies the route cost. Route costs can be changed to prevent routing loops. The value is an integer ranging from 0 to 4294967295.
greater-equal greater-equal-value Specifies the minimum value of route cost. The value is an integer ranging from 0 to 4294967294.
less-equal less-equal-value Specifies the maximum value of route cost. less-equal-value is demanded to be greater than greater-equal-value. The value is an integer ranging from 1 to 4294967295.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can use the if-match cost command to configure a node to filter routes based on the route costs. After such a matching rule is configured, you can apply the apply clauses to change the attributes of the routes that match the matching rule.

Prerequisites

The if-match cost command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on the route cost. Routes that match the route cost will be checked by other if-match clauses of this node. Routes that do not match the route cost will be checked by the next node.

Example

# Match the route with the cost 8.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match cost 8

if-match extcommunity-filter

Function

The if-match extcommunity-filter command sets a matching rule that is based on the extended community filter.

The undo if-match extcommunity-filter command deletes the matching rule based on the specified extended community filter.

By default, no matching rule based on the extended community filter is configured.

Format

if-match extcommunity-filter { { basic-extcomm-filter-num | adv-extcomm-filter-num } &<1-16> | extcomm-filter-name }

undo if-match extcommunity-filter [ [ basic-extcomm-filter-num | adv-extcomm-filter-num ] &<1-16> | extcomm-filter-name ]

Parameters

Parameter Description Value
basic-extcomm-filter-num Specifies the number of a basic extended community filter. It is an integer ranging from 1 to 199.
adv-extcomm-filter-num Specifies the number of an advanced extended community filter. It is an integer ranging from 200 to 399.
extcomm-filter-name Specifies the name of an extended community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The string cannot be all numerals.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The extended community attributes help flexibly control the routing policy. You can use the if-match extcommunity-filter command to configure a node to filter routes based on the extended community filter.

The if-match extcommunity-filter command is applicable to only BGP routes and must work in conjunction with the ip extcommunity-filter command. For example:

  • If the if-match extcommunity-filter 1 command is used but the extended community filter 1 is not configured, all routes are permitted, that is, all routes can match the matching rule.
  • If the if-match extcommunity-filter 1 command is used after the ip extcommunity-filter 1 permit rt 1:1 command is used, the BGP routes with the extended community attribute being 1:1 are permitted.

Multiple if-match extcommunity-filter clauses can be specified. The relationship between if-match extcommunity-filter clauses is "OR". The relationship between if-match clauses is "AND".

Prerequisites

Before using the if-match extcommunity-filter command, you must use the ip extcommunity-filter command to configure an extended community filter.

Precautions

The routing policy matches routes using the extended community filter. Routes that match the extended community filter will be checked by other if-match clauses of this node. Routes that do not match the extended community filter will be checked by the next node.

A maximum of 16 extended community filters can be configured in the if-match extcommunity-filter command. The relationship between these extended community filters is OR. Specifically, if a route matches one of these extended community filters, it matches the matching rules of the command.

Example

# Define a rule to match the routes of the specified extended community filter.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match extcommunity-filter 100

if-match interface

Function

The if-match interface command creates a matching rule based on the outbound interface.

The undo if-match interface command deletes the matching rule based on the specified outbound interface.

By default, no matching rule based on the outbound interface is configured.

Format

if-match interface { interface-type interface-number } &<1-16>

undo if-match interface [ interface-type interface-number ] &<1-16>

Parameters

Parameter Description Value
interface-type interface-number Specifies the type and number of the outbound interface. A maximum of 16 outbound interfaces can be specified in the if-match interface command. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The if-match interface command is used to filter routes based on the outbound interfaces.

A maximum of 16 outbound interfaces can be configured in this command.

If a node contains multiple if-match interface clauses, the relationship between the if-match interface clauses is OR. If a node contains both if-match interface clauses and other if-match clauses with different matching rules, the relationship between the if-match interface clauses and other if-match clauses is AND. For example, if a node contains if-match interface GE1/0/1, if-match interface GE1/0/2, and if-match acl 2000 clauses, if-match interface GE1/0/1 and if-match interface GE1/0/2 are ORed, whereas if-match interface GE1/0/1 and if-match acl 2000 are ANDed.

Prerequisites

The if-match interface command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on outbound interface information. Routes that match the outbound interface information will be checked by other if-match clauses of this node. Routes that do not match the outbound interface information will be checked by the next node.

Example

# Define a rule to match the routes with the outbound interface VLANIF100.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match interface vlanif 100

if-match ip

Function

The if-match ip command creates a matching rule based on IP information.

The undo if-match ip command deletes the matching rule based on specified IP information.

By default, no matching rule based on IP information is configured.

Format

if-match ip { next-hop | route-source | group-address } { acl { acl-number | acl-name } | ip-prefix ip-prefix-name }

undo if-match ip { next-hop | route-source | group-address } [ acl { acl-number | acl-name } | ip-prefix ip-prefix-name ]

Parameters

Parameter Description Value
next-hop Specifies the next hop address. -
route-source Specifies the source address of routes. -
group-address Indicates the IP address of the multicast group. The value is in dotted decimal notation.
acl Indicates route filtering using the ACL. -
acl-number Specifies the number of a basic ACL. The value is an integer ranging from 2000 to 2999.
acl-name Specifies the name of a basic ACL. The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter.
ip-prefix ip-prefix-name Specifies the name of an IP prefix list that is used to filter routes. The value is a string of case-sensitive characters without space and ranges from 1 to 169.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An ACL or IP prefix must be configured before running the if-match ip command so that the matching rule can take effect. For example:

  • If the if-match ip next-hop ip-prefix aa command is used but the IP prefix aa is not configured, all routes are permitted, that is, all routes match the matching rule. This rule also applies to ACL.

  • If the if-match ip next-hop ip-prefix aa and ip ip-prefix aa permit 10.1.1.1 32 commands are used, the routes with the next hop being 10.1.1.1 is permitted. This rule also applies to ACL.

Prerequisites

The if-match ip command can be used only after the route-policy command is used.

Before running the if-match ip command, configure an ACL or an IP prefix.

Precautions

The routing policy matches routes based on the next hop address or source address. Routes that match the next hop address or source address will be checked by other if-match clauses of this node. Routes that do not match the next hop address or source address will be checked by the next node.

If the next hop address or source address of a route is 0.0.0.0, the system considers the mask length of the route as 0 to match the filtering rules by default.

When you run the rule command to configure a filtering rule in an ACL, only the source and time-range parameters are valid for the filtering rule.

Creating an ACL before it is referenced is recommended. If a nonexistent ACL is referenced using the command, all routes match the ACL.

Creating an IP prefix list before it is referenced is recommended. By default, nonexistent IP prefix lists cannot be referenced using the command. If the route-policy nonexistent-config-check disable command is run in the system view and a nonexistent IP prefix list is referenced using the current command, all routes match the IP prefix list.

Example

# Set an IP prefix list named p1 to filter routes.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match ip next-hop ip-prefix p1

# Set a rule that source addresses of routes match ACL 2000 to filter routes.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match ip route-source acl 2000

if-match ip-prefix

Function

The if-match ip-prefix command creates a matching rule based on the IP prefix list.

The undo if-match ip-prefix command deletes the matching rule based on the specified IP prefix list.

By default, no matching rule based on the IP prefix list is configured in the routing policy.

Format

if-match ip-prefix ip-prefix-name

undo if-match ip-prefix ip-prefix-name

Parameters

Parameter Description Value
ip-prefix-name Specifies the name of an IP address prefix list. The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The routing policy matches routes using the IP prefix list. Routes are either permitted or denied.

The ip ip-prefix command must be used so that the matching rule can take effect. For example:

  • If the if-match ip-prefix aa command is used but the IP prefix aa is not configured, all routes are permitted, that is, all routes match the matching rule.
  • If the if-match ip-prefix aa and ip ip-prefix aa permit 10.1.1.1 32 commands are used, the routes with the IP prefix being 10.1.1.1 and mask being 32 are permitted.

Prerequisites

The if-match ip-prefix command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on IP prefix information. Routes that match the IP prefix information will be checked by other if-match clauses of this node. Routes that do not match the IP prefix information will be checked by the next node.

The if-match acl and if-match ip-prefix commands cannot be used together in the same node of a routing policy, because the latest configuration will override the previous one.

Creating an IP prefix list before it is referenced is recommended. By default, nonexistent IP prefix lists cannot be referenced using the command. If the route-policy nonexistent-config-check disable command is run in the system view and a nonexistent IP prefix list is referenced using the current command, all routes match the IP prefix list.

Example

# Set an IP prefix list named p1 to filter routes.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match ip-prefix p1

if-match ipv6

Function

The if-match ipv6 command sets a matching rule that is based on IPv6 information.

The undo if-match ipv6 command deletes the matching rule based on specified IPv6 information.

By default, no matching rule based on IPv6 information is set.

Format

if-match ipv6 { address | next-hop | route-source } prefix-list ipv6-prefix-name

undo if-match ipv6 { address | next-hop | route-source } prefix-list ipv6-prefix-name

Parameters

Parameter Description Value
address Matches the destination address of IPv6 routes. -
next-hop Matches the next hop of IPv6 routes. -
route-source Matches the source address of the advertised IPv6 routes. -
prefix-list Specifies the IP prefix list. -
ipv6-prefix-name Specifies the name of the IPv6 prefix list. The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The ip ipv6-prefix command must be used to configure an IPv6 prefix so that the matching rule (based on the destination addresses, next hop addresses, or source addresses of IPv6 routes) configured through the ip ipv6-prefix command can take effect. Otherwise, all routes are permitted.

Prerequisites

The if-match ipv6 command can be used only after the route-policy command is used.

Before using the if-match ipv6 command, you must use the ip ipv6-prefix command to configure an IPv6 prefix.

Configuration Impact

When you filter routes based on the destination addresses, next hop addresses, or source addresses of IPv6 routes, the routes that match the matching rule are permitted and the route that do not match the matching rule are denied.

If the next hop address or source address of a route to be filtered is 0::0, by default, the system matches the route considering that its mask length is 0.

Creating an IPv6 prefix list before it is referenced is recommended. If a nonexistent IPv6 prefix list is referenced using the command, all routes match the IPv6 prefix list.

Example

# Define an if-match clause to match the related IPv6 routing information.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match ipv6 address prefix-list p1
[HUAWEI-route-policy] if-match ipv6 next-hop prefix-list p1
[HUAWEI-route-policy] if-match ipv6 route-source prefix-list p1

if-match mpls-label

Function

The if-match mpls-label command creates a matching rule based on the MPLS label.

The undo if-match mpls-label command deletes the matching rule based on the specified MPLS label.

By default, no matching rule based on the MPLS label is configured.

Format

if-match mpls-label

undo if-match mpls-label

Parameters

None

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In the scenario where inter-AS VPN Option C or Carrier Support Carrier (CSC) is deployed, you can use the if-match mpls-label command to allocate labels to public routes.

Prerequisites

The if-match mpls-label command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on the MPLS label. Routes that match the MPLS label will be checked by other if-match clauses of this node. Routes that do not match the MPLS label will be checked by the next node.

Example

# Assign MPLS labels to the routes that match the routing policy.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match mpls-label
Related Topics

if-match rd-filter

Function

The if-match rd-filter command creates a matching rule based on the RD filter.

The undo if-match rd-filter command deletes the matching rule based on the specified RD filter.

By default, no matching rule based on the RD filter is configured.

Format

if-match rd-filter rd-filter-number

undo if-match rd-filter

Parameters

Parameter Description Value
rd-filter-number Specifies the number of an RD filter. The value is an integer ranging from 1 to 255.

Views

Route-policy view, Tunnel selector view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The if-match rd-filter command and the ip rd-filter command work together to filter routes based on RD attributes. For example:

  • If if-match rd-filter 1 is configured, but rd-filter 1 is not configured, then all current routes will be permitted.

  • If if-match rd-filter 1 is configured, and ip rd-filter 1 permit 1:1 has been configured, then routes with RD 1:1 will be permitted.

Prerequisites

The if-match rd-filter command must be run after the route-policy command is run.

Precautions

The routing policy matches routes using the RD filter. Routes that match the RD filter will be checked by other if-match clauses of this node. Routes that do not match the RD filter will be checked by the next node.

Example

# Define a matching rule to match an RD filter.

<HUAWEI> system-view
[HUAWEI] route-policy abc permit node 10
[HUAWEI-route-policy] if-match rd-filter 1

if-match route-type

Function

The if-match route-type command sets a matching rule that is based on the route type.

The undo if-match route-type command deletes the matching rule based on the specified route type.

By default, no matching rule based on the route type is configured.

Format

if-match route-type { external-type1 | external-type1or2 | external-type2 | internal | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 }

undo if-match route-type { external-type1 | external-type1or2 | external-type2 | internal | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 }

Parameters

Parameter Description Value
external-type1 Indicates OSPF external Type 1 routes. -
external-type1or2 Indicates OSPF external routes. -
external-type2 Indicates OSPF external Type 2 routes. -
internal Indicates internal routes, including OSPF inter-area routes and intra-area routes. -
is-is-level-1 Indicates IS-IS Level-1 routes. -
is-is-level-2 Indicates IS-IS Level-2 routes. -
nssa-external-type1 Indicates NSSA external Type 1 routes. -
nssa-external-type1or2 Indicates NSSA external routes. -
nssa-external-type2 Indicates NSSA external Type 2 routes. -

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match route-type command to filter OSPF or IS-IS routes based on the route type.

Multiple if-match route-type clauses can be specified. The relationship between if-match route-type clauses is "OR". The relationship between if-match clauses is "AND".

Prerequisites

The if-match route-type command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on the route type. Routes that match the route type will be checked by other if-match clauses of this node. Routes that do not match the route type will be checked by the next node.

For the same node in a routing policy, if two if-match route-type clauses are the same, the latter if-match route-type will not override the previous if-match route-type. After the latter clause is configured, both clauses take effect simultaneously. The relationship between if-match route-type clauses is "OR". That is, the actions defined by apply clauses can be performed on a route as long as the route meets one of the matching rules. For example, if both the if-match route-type is-is-level-1 and if-match route-type external-type1or2 commands are configured on the same node of a route policy, both IS-IS Level-1 routes and OSPF external routes can match the route policy.

NOTE:

external-type1or2 refers to external-type1 or external-type2. For the same node in a route policy, configuring both the if-match route-type external-type1 and if-match route-type external-type2 is equivalent to configuring the if-match route-type external-type1or2 command. The two operations generate the same configuration file.

Similarly, nssa-external-type1or2 refers to nssa-external-type1 or nssa-external-type2. For the same node in a route policy, configuring both the if-match route-type nssa-external-type1 and if-match route-type nssa-external-type2 commands is equivalent to configuring the if-match route-type nssa-external-type1or2 command. The two operations generate the same configuration file.

Example

# Define a rule to match the routes of the specified type.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match route-type nssa-external-type1

if-match tag

Function

The if-match tag command sets a matching rule that is based on the route tag.

The undo if-match tag command deletes the matching rule based on the specified route tag.

By default, no matching rule based on the route tag is configured.

Format

if-match tag tag

undo if-match tag

Parameters

Parameter Description Value
tag Indicates the tag value.

Route tags classify routes as required. The same type of routes has the same tags. Routes are managed and controlled based on the tag by using the routing policy.

The value is an integer ranging from 0 to 4294967295.

Views

Route-Policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match tag command to filter routes based on the tags.

Prerequisites

The if-match tag command can be used only after the route-policy command is used.

Precautions

The routing policy matches routes based on the route tag. Routes that match the route tag will be checked by other if-match clauses of this node. Routes that do not match the route tag will be checked by the next node.

Example

# Define a rule to match the OSPF routes with the tag value 8.

<HUAWEI> system-view
[HUAWEI] route-policy policy permit node 10
[HUAWEI-route-policy] if-match tag 8

ip as-path-filter

Function

The ip as-path-filter command creates an AS_Path filter.

The undo ip as-path-filter command deletes a specified AS_Path filter.

By default, no AS_Path filter is configured.

Format

ip as-path-filter { as-path-filter-number | as-path-filter-name } { deny | permit } regular-expression

undo ip as-path-filter { as-path-filter-number | as-path-filter-name } [ { deny | permit } regular-expression ]

Parameters

Parameter Description Value
as-path-filter-number Specifies the number of an AS_Path filter. The value is an integer ranging from 1 to 256.
as-path-filter-name Specifies the name of an AS_Path filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The string cannot be all numerals.When double quotation marks are used around the string, spaces are allowed in the string.
deny Sets the matching mode of the AS_Path filter to deny. -
permit Sets the matching mode of the AS_Path filter to permit. -
regular-expression Specifies the AS_Path regular expression. The value is a string of 1 to 255 characters, with spaces supported.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An AS_Path filter uses the regular expression to define matching rules. After an AS_Path filter is set, the RM module immediately instructs each protocol to apply the filter by default.

The AS_Path attribute is a private attribute of BGP, and is used to filter BGP routes.

  • The filter can be directly applied by using a command such as peer as-path-filter.

  • The filter can be used as a matching condition of a routing policy by using a command such as if-match as-path-filter zz.

Configuration Impact

Multiple rules (permit or deny) can be specified in a filter.

By default, AS_Path filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter.

Before you run the undo ip as-path-filter command to delete an AS_Path filter that is referenced by another command, delete the reference configuration.

Follow-up Procedure

To view detailed configurations of the AS_Path filter, run the display ip as-path-filter command.

Example

# Create the AS_Path filter with the sequence number being 1, and permit routes that begin with 10 in the AS_Path to pass.

<HUAWEI> system-view
[HUAWEI] ip as-path-filter 1 permit ^10_

# Create the AS_Path filter 2, and permit routes that contain 20 in the AS_Path to pass through.

<HUAWEI> system-view
[HUAWEI] ip as-path-filter 2 permit _20_

# Create the AS_Path filter 3, and prohibit routes that contain 30 in the AS_Path from passing through.

<HUAWEI> system-view
[HUAWEI] ip as-path-filter 3 deny _30_
[HUAWEI] ip as-path-filter 3 permit .*

ip community-filter

Function

The ip community-filter command creates a community filter.

The undo ip community-filter command deletes a community filter.

By default, no community filter is configured.

Format

ip community-filter { basic comm-filter-name | basic-comm-filter-num } { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>

ip community-filter { advanced comm-filter-name | adv-comm-filter-num } { permit | deny } regular-expression

undo ip community-filter { basic comm-filter-name | basic-comm-filter-num } [ permit | deny ] [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>

undo ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ permit | deny ] [ regular-expression ]

Parameters

Parameter Description Value
basic comm-filter-name Specifies the name of a basic community filter. The value is a string of 1 to 51 case-sensitive characters. The string cannot be all digits.
NOTE:
When double quotation marks are used around the string, spaces are allowed in the string.
basic-comm-filter-num Specifies the number of a basic community filter. The value is an integer ranging from 1 to 99.
deny Sets the matching mode of the community filter to deny. -
permit Sets the matching mode of the community filter to permit. -
community-number Specifies the community number. The value is an integer ranging from 0 to 4294967295.
aa:nn Specifies the community number.
You can configure a maximum of 20 community numbers once.
  • If you do not configure any one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 20 community-number and aa:nn together.
  • If you configure one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 19 community-number and aa:nn together.
  • If you configure two of internet, no-export-subconfed, no-advertise, and no-export, you can specify 18 community-number and aa:nn together.
  • If you configure three of internet, no-export-subconfed, no-advertise, and no-export, you can specify 17 community-number and aa:nn together.
  • If you configure all of internet, no-export-subconfed, no-advertise, and no-export, you can specify 16 community-number and aa:nn together.
aa and nn are integers ranging from 0 to 65535.
internet Indicates that the matching routes can be sent to any peer. -
no-export-subconfed Indicates that routes are not advertised outside an AS. If an AS confederation is used, routes are not advertised to any other sub-ASs in the AS confederation. -
no-advertise Indicates that routes are not advertised to other peers. -
no-export Indicates that routes are not advertised outside an AS. If an AS confederation is used, routes are not advertised outside the AS confederation, but to other sub-ASs. -
advanced comm-filter-name Specifies the name of an advanced community filter. The value is a string of 1 to 51 case-sensitive characters. The string cannot be all digits.
NOTE:
When double quotation marks are used around the string, spaces are allowed in the string.
adv-comm-filter-num Specifies the number of an advanced community filter. The value is an integer ranging from 100 to 199.
regular-expression Specifies the regular expression used to match the community information. The value is a string of 1 to 255 case-sensitive characters, with spaces supported.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The community attribute is a private attribute of BGP, and can be used only to filter BGP routes. The community attribute can be used as a matching rule of a routing policy by using the ip community-filter and if-match community-filter commands together.

Precautions

Only the community number or known community attribute can be specified for a basic community filter. The regular expression can be used as a matching rule in an advanced community filter.

  • The ip community-filter basic comm-filter-name command or the ip community-filter basic-comm-filter-num command can be used to configure a basic community filter. basic comm-filter-name specifies the name of a basic community filter, and the name cannot be all digits. A maximum of 20 community numbers can be configured in one command. basic-comm-filter-num specifies only the basic community filter with the number ranging from 1 to 99. A maximum of 20 community numbers can be configured in one command.

  • The ip community-filter advanced comm-filter-name command or the ip community-filter adv-comm-filter-num command can be used to configure an advanced community filter. advanced comm-filter-name specifies the name of an advanced community filter, and the name cannot be all digits. adv-comm-filter-num specifies only the advanced community filter with the number ranging from 100 to 199.

The relationship between the rules of the community filter is "AND". This is different from the route distinguisher (RD) filter. This is because each route has only one RD but can have multiple communities.

For example, the community filters in the following formats have different matching results:

Format 1:

ip community-filter 1 permit 100:1 200:1 300:1

Format 2:

ip community-filter 1 permit 100:1
ip community-filter 1 permit 200:1 300:1

In the preceding configuration of the community filter, the community defined in each rule must be a sub-set of route communities so that the rule can be matched.

The RD filters in the following formats have the same matching results:

Format 1:

ip rd-filter 100 permit 100:1 200:1 2.2.2.2:1 3.3.3.3:1

Format 2:

ip rd-filter 100 permit 100:1 200:1
ip rd-filter 100 permit 2.2.2.2:1
ip rd-filter 100 permit 3.3.3.3:1

The apply comm-filter delete command run in the Route-Policy view deletes the specified community attribute from routes. An ip community-filter command can be used to specify community attributes but one such command specifies only one community attribute each time. To delete more than one community attribute, run the ip community-filter command multiple times. If multiple community attributes are specified in one filter, none of them can be deleted. For information about examples, see apply comm-filter delete.

By default, Community filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter.

Before you run the undo ip community-filter command to delete a community attribute filter that is referenced by another command, delete the reference configuration.

Follow-up Procedure

By default, the Route Management (RM) module will instruct all protocols to apply this community filter. To delay the effective time, run the route-policy-change notify-delay command.

Run the display ip community-filter command to view detailed configuration for the community filter.

Example

# Configure a basic community filter of which the sequence number is 1 to prevent matching routes from being advertised to any peer.

<HUAWEI> system-view
[HUAWEI] ip community-filter 1 deny internet

# Configure an advanced community filter of which the sequence number is 100 to permit all the routes that match the AS 65001.

<HUAWEI> system-view
[HUAWEI] ip community-filter advanced 100 permit 65001:[0-9]+

ip extcommunity-filter

Function

The ip extcommunity-filter command creates an extended community filter.

The undo ip extcommunity-filter command deletes an extended community filter.

By default, no extended community filter is configured.

Format

ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16>

ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } { deny | permit } regular-expression

undo ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } [ { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16> ]

undo ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } [ regular-expression ]

Parameters

Parameter Description Value
deny Sets the matching mode of the extended community filter to deny. -
permit Sets the matching mode of the extended community filter to permit. -
rt Sets the extended community filter type to RT. -
as-number Specifies the AS number. The value is an integer ranging from 0 to 65535.
4as-number Specifies a 4-byte AS number.
A 4-byte AS number is divided into the following types:
  • It is an integer ranging from 65536 to 4294967295.
  • It is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively
ipv4-address Specifies an IPv4 address. The value is in dotted decimal notation.
nn Specifies an integer.
  • When the value of as-number is a 2-byte AS number, the value of nn ranges from 0 to 4294967295.
  • When the value of 4as-number is a 4-byte AS number, the value of nn ranges from 0 to 65535.
  • For ipv4-address, the value of nn ranges from 0 to 65535.
basic-extcomm-filter-num Specifies the number of a basic extended community filter. The value is an integer ranging from 1 to 199.
basic basic-extcomm-filter-name Specifies the name of a basic extended community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The value cannot contain only numerals.When double quotation marks are used around the string, spaces are allowed in the string.
advanced-extcomm-filter-num Specifies the number of an advanced extended community filter. The value is an integer ranging from 200 to 399.
advanced advanced-extcomm-filter-name Specifies the name of an advanced extended community filter. The name is a string of 1 to 51 case-sensitive characters without spaces. The value cannot contain only numerals.When double quotation marks are used around the string, spaces are allowed in the string.
regular-expression Specifies the regular expression used to match the extended community information. It is a string of 1 to 255 space-tolerant characters.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An extended community filter can be used as a matching condition of a route-policy by using a command such as if-match extcommunity-filter zz.

Only the extended community number can be specified for a basic extended community filter. The regular expression can be used as a matching rule in an advanced extended community filter.

  • The ip extcommunity-filter basic extcomm-filter-name command or the ip extcommunity-filter basic-extcomm-filter-num command can be used to configure a basic extended community filter. basic extcomm-filter-name specifies the name of a basic extended community filter, and the name cannot be all digits. basic-extcomm-filter-num specifies only the basic extended community filter with the number ranging from 1 to 199. A maximum of 16 extended community numbers can be configured using one command.

  • The ip extcommunity-filter advanced extcomm-filter-name command or the ip extcommunity-filter adv-extcomm-filter-num command can be used to configure an advanced extended community filter. advanced extcomm-filter-name specifies the name of an advanced extended community filter, and the name cannot be all digits. adv-extcomm-filter-num specifies only the advanced extended community filter with the number ranging from 200 to 399.

The relationship between the rules of the extended community filter is "OR".

For example, the extended community filtersin the following formats have the same matching results:

Format 1:

ip extcommunity-filter 1 permit rt 100:1 200:1 300:1

Format 2:

ip extcommunity-filter 1 permit rt 100:1
ip extcommunity-filter 1 permit rt 200:1 300:1

After the extended community filter is configured, if the policy application delay is set by using the route-policy-change notify-delay command, the Route Management (RM) module will instruct each protocol to apply this filter after the delay expires. By default, the RM module instructs each protocol to immediately apply this filter.

The undo ip extcommunity-filter command is used to delete a specified extended community filter.

The display ip extcommunity-filter command is used to display the detailed configurations of the extended community filter.

Configuration Impact

The ip extcommunity-filter command is used to filter routes based on the RT attributes of the routes. The routes that pass the filtering are permitted to pass through and the routes that fail to pass the filtering are denied.

Precautions

The extended community attributes of a route include VPN-target and Source of Origin (SoO). Only VPN-target, however, is supported by the policy.

By default, extended community filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter.

Example

# Configure an RT extended community filter of which the sequence number is 1.

<HUAWEI> system-view
[HUAWEI] ip extcommunity-filter 1 deny rt 200:200

ip ip-prefix

Function

The ip ip-prefix command creates an IPv4 prefix list or an entry in an IPv4 prefix list.

The undo ip ip-prefix command deletes an IPv4 prefix list or an entry from an IPv4 prefix list.

By default, no IPv4 prefix list is created.

Format

ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ipv4-address mask-length [ match-network ] [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

undo ip ip-prefix ip-prefix-name [ index index-number ]

ip ip-prefix ip-prefix-name description text

undo ip ip-prefix ip-prefix-name description [ text ]

Parameters

Parameter Description Value
ip-prefix-name Specifies the name of an IPv4 prefix list. The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
index index-number Specifies the sequence number of an entry in the IPv4 prefix list. The value is an integer that ranges from 1 to 4294967295. By default, the sequence number increases by 10 according to the configuration order, and the first sequence number is 10.
NOTE:

A maximum of 65535 entries can be configured in an IP prefix list.

permit Specifies the matching mode of the IP prefix list as permit. In permit mode, if the IP address to be filtered is within the defined prefix range, the IP address matches the routing policy and does not continue to match the next entry. Otherwise, the IP address continues to match the next entry. -
deny Specifies the matching mode of the IP prefix list as deny. In deny mode, if the IP address to be filtered is within the defined prefix range, the IP address fails to match the routing policy and cannot match the next entry. Otherwise, the IP address continues to match the next entry. -
ipv4-address Specifies an IP address. The value is in dotted decimal notation.
mask-length Specifies the mask length. The value is an integer that ranges from 0 to 32.
match-network Matches the network address. The match-network parameter can be configured only when the IP address generated after ipv4-address is ANDed with mask-length is 0.0.0.0. This parameter is mainly used to match routes with a specified network address. For example, the ip ip-prefix prefix1 permit 0.0.0.0 8 command filters all routes with mask length 8, while the ip ip-prefix prefix1 permit 0.0.0.0 8 match-network command filters all routes to the IP address range from 0.0.0.1 to 0.255.255.255. -
greater-equal greater-equal-value Specifies the lower threshold of the mask length. If greater-equal greater-equal-value and less-equal less-equal-value are not specified, the value of mask-length is the mask length.

greater-equal-value must meet the following requirement: mask-lengthgreater-equal-valueless-equal-value ≤ 32.

If greater-equal is configured, the mask ranges from greater-equal-value to 32.

less-equal less-equal-value Specifies the upper threshold of the mask length. If greater-equal greater-equal-value and less-equal less-equal-value are not specified, the value of mask-length is the mask length.

less-equal-value must meet the following requirement: mask-lengthgreater-equal-valueless-equal-value ≤ 32.

If less-equal is configured, the mask ranges from mask-length to less-equal-value.

description text Specifies the description of the IP prefix list. The value is a string of 1 to 80 case-sensitive characters without spaces. If the string is enclosed within double quotation marks ("), the string can contain spaces.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An IP prefix list can be used as a filter or as matching conditions of a routing policy when it is used together with the if-match command.

Each entry in an IP prefix list can be used as a filtering rule. When a route to be filtered matches an entry, whether the route matches the IP prefix list is determined by the matching mode. A route to be filtered matches an entry or entries based on the following rules:

  • Sequential matching: The route has to match the entries in the IP prefix list in ascending order of their index-number values. Therefore, specifying index-number in a required sequence is recommended.

  • One-time matching: If a route matches one entry, the route matches the IP prefix list and will not be matched against the next entry.

  • Matching failure by default: If a route fails to match any of the entries, it fails to match the IP prefix list.

The following example shows how different IP prefix lists take effect on the routes 1.1.1.1/24, 1.1.1.1/32, 1.1.1.1/26, 2.2.2.2/24, and 1.1.1.2/16.
Table 7-199  Matching results of IP prefix lists

Case

Commands

Matching result

Note

1

ip ip-prefix aa index 10 permit 1.1.1.1 24

Only the route 1.1.1.1/24 is permitted, and the other routes are denied.

This is a single-node accurate matching case, which indicates that only the route whose destination IP address and mask are the same as those specified by the entry meets the matching conditions. In addition, permit is configured as the matching mode. Therefore, the route 1.1.1.1/24 is permitted, and other routes are denied because they fail to meet the matching conditions.

2

ip ip-prefix aa index 10 deny 1.1.1.1 24

All routes are denied.

This is also a single-node accurate matching case. deny is configured as the matching mode. Therefore, the route 1.1.1.1/24 is denied, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions.

3

ip ip-prefix aa index 10 permit 1.1.1.1 24 less-equal 32

The routes 1.1.1.1/24, 1.1.1.1/32, and 1.1.1.1/26 are permitted, and the other routes are denied.

This is also a single-node accurate matching case. permit is configured as the matching mode, and less-equal is set to 32. Therefore, the routes with 1.1.1.0 as the prefix and the mask ranging from 24 to 32 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions.

4

ip ip-prefix aa index 10 permit 1.1.1.0 24 greater-equal 24 less-equal 32

The routes 1.1.1.1/24, 1.1.1.1/32, and 1.1.1.1/26 are permitted, and the other routes are denied.

This is also a single-node accurate matching case. permit is configured as the matching mode, greater-equal is set to 24, and less-equal is set to 32. Therefore, the routes with 1.1.1.0 as the prefix and the mask ranging from 24 to 32 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. This case is similar to case 3 in terms of the matching result.

5

ip ip-prefix aa index 10 permit 1.1.1.1 24 greater-equal 26

The routes 1.1.1.1/32 and 1.1.1.1/26 are permitted, and the other routes are denied.

This is also a single-node accurate matching case. permit is configured as the matching mode, and greater-equal is set to 26. Therefore, the routes with 1.1.1.0 as the prefix and the mask ranging from 26 to 32 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions.

6

ip ip-prefix aa index 10 permit 1.1.1.1 24 greater-equal 26 less-equal 32

The routes 1.1.1.1/32 and 1.1.1.1/26 are permitted, and the other routes are denied.

This is also a single-node accurate matching case. permit is configured as the matching mode, greater-equal is set to 26, and less-equal is set to 32. Therefore, the routes with 1.1.1.0 as the prefix and the mask ranging from 26 to 32 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. This case is similar to case 5 in terms of the matching result.

7

ip ip-prefix aa index 10 deny 1.1.1.1 24
ip ip-prefix aa index 20 permit 1.1.1.1 32

The route 1.1.1.1/32 is permitted, and the other routes are denied.

This is a multi-node accurate matching case. deny is configured as the matching mode of the matching entry indexed 10, and therefore the route 1.1.1.1/24 is denied by the matching entry indexed 10 based on the rule of one-time matching. The route 1.1.1.1/32 fails to match the matching conditions, and it is then matched against the entry indexed 20 for which permit is configured as the matching mode. Consequently, the route 1.1.1.1/32 matches the matching conditions of the entry indexed 20. The other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions.

8

ip ip-prefix aa index 10 permit 0.0.0.0 8 less-equal 32

The routes 1.1.1.1/24, 1.1.1.1/32, 1.1.1.1/26, 2.2.2.2/24, and 1.1.1.2/16 are all permitted.

If the IP prefix is 0.0.0.0 and you specify a mask and a mask length range after this IP prefix, all routes with the mask length within the specified mask length range are denied or permitted, regardless of the mask.

The mask length range is from 8 to 32, 0.0.0.0 is specified as the IP address, and permit is configured as the matching mode. Therefore, all routes with the mask length within the range are permitted.

9

ip ip-prefix aa index 10 deny 0.0.0.0 24 less-equal 32
ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32

The route 1.1.1.2/16 is permitted, and the other routes are denied.

Note: For the entry indexed 10, the mask length range is from 24 to 32, 0.0.0.0 is specified as the IP address, and deny is configured as the matching mode. Therefore, all routes with the mask length within the range are denied, and the route 1.1.1.2/16 that fails to match its matching conditions is then matched against the entry indexed 20. For the entry indexed 20, the mask length range is from 0 to 32, 0.0.0.0 is specified as the IP address, and permit is configured as the matching mode. Therefore, the route 1.1.1.2/16 is permitted by the entry indexed 20.

9

ip ip-prefix aa index 10 deny 2.2.2.2 24
ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32

All routes except the route 2.2.2.2/24 are permitted.

For the entry indexed 10, deny is configured as the matching mode. Therefore, the route 2.2.2.2/24 that matches its matching conditions is denied, and the other routes that fail to match the matching conditions are then matched against the entry indexed 20. For the entry indexed 20, the mask length range is from 0 to 32, 0.0.0.0 is specified as the IP address, and permit is configured as the matching mode. Therefore, all routes except the route 2.2.2.2/24 are permitted by the entry indexed 20.

Configuration Impact

If you create an entry whose index-number has existed in the same IP prefix list but has different filtering rules, the new entry overwrites the existing one.

Precautions

  • Because of the matching failure by default, if one or more than one entry with deny as the matching mode is created, create an entry using the ip ip-prefix ip-prefix-name [ index index-number ] permit 0.0.0.0 0 less-equal 32 command so that all IPv4 routes may match the IP prefix list.

  • If ipv4-address mask-length is specified as 0.0.0.0 0, only default routes are matched.

  • If ipv4-address mask-length is set to 0.0.0.0 0 less-equal 32, all routes are matched.

  • Before you run the undo ip ip-prefix command to delete an IP prefix list that is referenced by another command, delete the reference configuration.

  • After a configuration is delivered, the device checks the validity of the parameters in the configuration and processes these parameters. After the processing, the generated configuration is the result of the AND calculation between the specified ipv4-address and mask-length. For example, if the specified ipv4-address and mask-length are 1.1.1.1 and 24, respectively, the generated configuration is 1.1.1.0 24.

    If the ipv4-address in the generated configuration is 0.0.0.0, the configuration matches all IPv4 addresses. In this case, routes are filtered based on the following rules.

    Table 7-200  Route filtering rules

    Whether greater-equal and less-equal Exist in the Post-Processing Configuration

    Condition

    Matching Result

    Example

    Neither greater-equal nor less-equal exists.

    The post-processing ipv4-address and mask-length are 0.0.0.0 and 0, respectively.

    Matches only the default IPv4 route.

    Pre-processing:

    ip ip-prefix aa index 10 permit 1.1.1.1 0

    Post-processing:

    ip ip-prefix aa index 10 permit 0.0.0.0 0

    Matching result: Only the default route is permitted.

    The post-processing ipv4-address and mask-length are 0.0.0.0 and X (non-0 value), respectively.

    Matches all routes with the mask length of X.

    Pre-processing:

    ip ip-prefix aa index 10 permit 0.0.1.1 16

    Post-processing:

    ip ip-prefix aa index 10 permit 0.0.0.0 16

    Matching result: The routes with the mask length of 16 are permitted.

    greater-equal exists, but less-equal does not.

    The post-processing ipv4-address and mask-length are 0.0.0.0 and 0, respectively.

    Matches all the routes whose mask length is within the range from greater-equal to 32.

    Pre-processing:

    ip ip-prefix aa index 10 permit 1.1.1.1 0 greater-equal 16

    Post-processing:

    ip ip-prefix aa index 10 permit 0.0.0.0 0 greater-equal 16 less-equal 32

    Matching result: The routes whose mask length is within the range from 16 to 32 are permitted.

    The post-processing ipv4-address and mask-length are 0.0.0.0 and X (non-0 value), respectively.

    Matches all the routes whose mask length is within the range from greater-equal to 32.

    Pre-processing:

    ip ip-prefix aa index 10 permit 0.0.1.1 16 greater-equal 20

    Post-processing:

    ip ip-prefix aa index 10 permit 0.0.0.0 16 greater-equal 20 less-equal 32

    Matching result: The routes whose mask length is within the range from 20 to 32 are permitted.

    greater-equal does not exist, but less-equal does.

    The post-processing ipv4-address and mask-length are 0.0.0.0 and 0, respectively.

    Matches all the routes whose mask length is within the range from 0 to less-equal.

    Pre-processing:

    ip ip-prefix aa index 10 permit 1.1.1.1 0 less-equal 30

    Post-processing:

    ip ip-prefix aa index 10 permit 0.0.0.0 0 less-equal 30

    Matching result: The routes whose mask length is within the range from 0 to 30 are permitted.

    The post-processing ipv4-address and mask-length are 0.0.0.0 and X (non-0 value), respectively.

    Matches all the routes whose mask length is within the range from X to less-equal.

    Pre-processing:

    ip ip-prefix aa index 10 permit 0.0.1.1 16 less-equal 30

    Post-processing:

    ip ip-prefix aa index 10 permit 0.0.0.0 16 greater-equal 16 less-equal 30

    Matching result: The routes whose mask length is within the range from 16 to 30 are permitted.

    Both greater-equal and less-equal exist.

    The post-processing ipv4-address and mask-length are 0.0.0.0 and 0, respectively.

    Matches all the routes whose mask length is within the range from greater-equal to less-equal.

    Pre-processing:

    ip ip-prefix aa index 10 permit 1.1.1.1 0 greater-equal 5 less-equal 30

    Post-processing:

    ip ip-prefix aa index 10 permit 0.0.0.0 0 greater-equal 5 less-equal 30

    Matching result: The routes whose mask length is within the range from 5 to 30 are permitted.

    The post-processing ipv4-address and mask-length are 0.0.0.0 and X (non-0 value), respectively.

    Matches all the routes whose mask length is within the range from greater-equal to less-equal.

    Pre-processing:

    ip ip-prefix aa index 10 permit 0.0.1.1 16 greater-equal 20 less-equal 30

    Post-processing:

    ip ip-prefix aa index 10 permit 0.0.0.0 16 greater-equal 20 less-equal 30

    Matching result: The routes whose mask length is within the range from 20 to 30 are permitted.

Follow-up Procedure

In a scenario in which a routing policy is being modified, after an IP prefix is configured, the RM module notifies protocols of applying the changed routing policy immediately by default. However, in some cases, multiple commands need to be run to modify a routing policy. If other commands need to be run after an IP prefix is configured, protocols may apply the routing policy whose modification is not complete yet. To solve this problem, run the route-policy-change notify-delay command to configure a delay for protocols to apply the changed routing policy.

Example

# Configure the IP prefix list named p1 to permit only the routes with the mask length ranging from 17 to 18 on the network segment 10.0.0.0/8.

<HUAWEI> system-view
[HUAWEI] ip ip-prefix p1 permit 10.0.0.0 8 greater-equal 17 less-equal 18
# Configure the IP prefix list named p3 to deny the routes to the IP address ranging from 0.0.0.1 to 0.255.255.255.
<HUAWEI> system-view
[HUAWEI] ip ip-prefix p3 index 10 deny 0.0.0.0 8 match-network
[HUAWEI] ip ip-prefix p3 index 20 permit 0.0.0.0 0 less-equal 32

ip ipv6-prefix

Function

The ip ipv6-prefix command configures an IPv6 prefix list or an entry in an IPv6 prefix list.

The undo ip ipv6-prefix command deletes an IPv6 prefix list or an entry from an IPv6 prefix list.

By default, no IPv6 prefix list is created.

Format

ip ipv6-prefix ipv6-prefix-name [ index index-number ] { deny | permit } ipv6-address prefix-length [ match-network ] [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

undo ip ipv6-prefix ipv6-prefix-name [ index index-number ]

ip ipv6-prefix ipv6-prefix-name description text

undo ip ipv6-prefix ipv6-prefix-name description [ text ]

Parameters

Parameter Description Value
ipv6-prefix-name Specifies the name of an IPv6 prefix list. The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
index index-number Specifies the sequence number of an entry in the IPv6 prefix list. The value is an integer that ranges from 1 to 4294967295. By default, the sequence number increases by 10 according to the configuration order, and the first sequence number is 10.
NOTE:

A maximum of 65535 entries can be configured in an IPv6 prefix list.

permit Specifies the matching mode of the IPv6 prefix list as permit. In permit mode, if the IPv6 address to be filtered is within the defined prefix range, the IPv6 address matches the routing policy and does not continue to match the next entry. Otherwise, the IPv6 address continues to match the next entry. -
deny Specifies the matching mode of the IPv6 prefix list as deny. In deny mode, if the IPv6 address to be filtered is within the defined prefix range, the IPv6 address fails to match the routing policy and cannot match the next entry. Otherwise, the IPv6 address continues to match the next entry. -
ipv6-address Specifies the IPv6 prefix range in the form of an IPv6 address. If :: is specified, the address 0::0 is matched. -
prefix-length Specifies the IPv6 prefix range using the mask length. The value is an integer that ranges from 0 to 128. If ::0 less-equal 128 is used, all IPv6 addresses are matched.
match-network Matches the network address. The match-network parameter can be configured only when the IP address generated after ipv6-address is ANDed with prefix-length is ::. For example, the ip ipv6-prefix prefix1 permit :: 96 command filters all IPv6 routes with mask length 96, while the ip ipv6-prefix prefix1 permit :: 96 match-network command filters all routes to the IPv6 address range from ::1 to ::FFFF:FFFF. -
greater-equal greater-equal-value Specifies the lower threshold of the mask length. greater-equal-value must meet the following requirement: prefix-lengthgreater-equal-valueless-equal-value ≤ 128.
less-equal less-equal-value Specifies the upper threshold of the mask length. less-equal-value must meet the following requirement: prefix-lengthgreater-equal-valueless-equal-value ≤ 128.
description text Specifies the description of the IPv6 prefix list. The value is a string of 1 to 80 case-sensitive characters without spaces. If the string is enclosed within double quotation marks ("), the string can contain spaces.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The IPv6 prefix list can be used by the protocols as a prefix filter, or used with the if-match ipv6 command as a matching condition of routing policies.

Each entry in the IPv6 prefix list can be considered as a filter rule. When a route to be filtered matches one of the entries, the route can be determined whether it is permitted the IPv6 prefix list based on the matching mode. Entries in the IPv6 prefix list can be matched with routes to be filtered based on the following rules:

  • Sequence match: Each entry in the IP prefix list is matched in ascending order of the index number. When setting index numbers for entries, you can arrange your expected matching order.

  • Unique match: When the route to be filtered matches one entry, the route stops to match the other entries.

  • Default deny: By default, if routes to be filtered do not match any entry in the IP prefix list, the routes are denied by IP prefix list.

The following example shows how different IPv6 prefix lists take effect on the routes 1::1/96, 1::1/128, 1::1/100, 2::2/96, and 1::2/64.
Table 7-201  Matching results of IPv6 prefix lists

Case

Commands

Matching result

Note

1

ip ipv6-prefix aa index 10 permit 1::1 96

Only the route 1::1/96 is permitted, and the other routes are denied.

This is a single-node accurate matching case, which indicates that only the route whose destination IPv6 address and mask are the same as those specified by the entry meets the matching conditions. In addition, permit is configured as the matching mode. Therefore, the route 1::1/96 is permitted, and other routes are denied because they fail to meet the matching conditions.

2

ip ipv6-prefix aa index 10 deny 1::1 96

All routes are denied.

This is also a single-node accurate matching case. deny is configured as the matching mode. Therefore, the route 1::1/96 is denied, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions.

3

ip ipv6-prefix aa index 10 permit 1::1 96 less-equal 128

The routes 1::1/96, 1::1/128, and 1::1/100 are permitted, and the other routes are denied.

This is also a single-node accurate matching case. permit is configured as the matching mode, and less-equal is set to 128. Therefore, the routes with 1::1 as the prefix and the mask ranging from 96 to 128 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions.

4

ip ipv6-prefix aa index 10 permit 1::1 96 greater-equal 96 less-equal 128

The routes 1::1/96, 1::1/128, and 1::1/100 are permitted, and the other routes are denied.

This is also a single-node accurate matching case. permit is configured as the matching mode, greater-equal is set to 96, and less-equal is set to 128. Therefore, the routes with 1::1 as the prefix and the mask ranging from 96 to 128 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. This case is similar to case 3 in terms of the matching result.

5

ip ipv6-prefix aa index 10 permit 1::1 96 greater-equal 100

The routes 1::1/128 and 1::1/100 are permitted, and the other routes are denied.

This is also a single-node accurate matching case. permit is configured as the matching mode, and greater-equal is set to 100. Therefore, the routes with 1::1 as the prefix and the mask ranging from 100 to 128 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions.

6

ip ipv6-prefix aa index 10 permit 1::1 96 greater-equal 100 less-equal 128

The routes 1::1/128 and 1::1/100 are permitted, and the other routes are denied.

This is also a single-node accurate matching case. permit is configured as the matching mode, greater-equal is set to 100, and less-equal is set to 128. Therefore, the routes with 1::1 as the prefix and the mask ranging from 100 to 128 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. This case is similar to case 5 in terms of the matching result.

7

ip ipv6-prefix aa index 10 deny 1::1 96
ip ipv6-prefix aa index 20 permit 1::1 128

The route 1::1/128 is permitted, and the other routes are denied.

This is a multi-node accurate matching case. deny is configured as the matching mode of the matching entry indexed 10, and therefore the route 1::1/96 is denied by the matching entry indexed 10 based on the rule of one-time matching. The route 1::1/128 fails to match the matching conditions, and it is then matched against the entry indexed 20 for which permit is configured as the matching mode. Consequently, the route 1::1/128 matches the matching conditions of the entry indexed 20. The other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions.

8

ip ipv6-prefix aa index 10 permit :: 64 less-equal 128

The routes 1::1/96, 1::1/128, 1::1/100, 2::2/96, and 1::2/64 are all permitted.

If the IPv6 prefix is :: and you specify a mask and a mask length range after this IPv6 prefix, all routes with the mask length within the specified mask length range are denied or permitted, regardless of the mask.

The mask length range is from 64 to 128, :: is specified as the IPv6 address, and permit is configured as the matching mode. Therefore, all routes with the mask length within the range are permitted.

9

ip ipv6-prefix aa index 10 deny :: 96 less-equal 128
ip ipv6-prefix aa index 20 permit :: 0 less-equal 128

The route 1::2/64 is permitted, and the other routes are denied.

For the entry indexed 10, the mask length range is from 96 to 128, :: is specified as the IPv6 address, and deny is configured as the matching mode. Therefore, all routes with the mask length within the range are denied, and the route 1::2/64 that fails to match its matching conditions is then matched against the entry indexed 20. For the entry indexed 20, the mask length range is from 0 to 128, :: is specified as the IPv6 address, and permit is configured as the matching mode. Therefore, the route 1::2/64 is permitted by the entry indexed 20.

10

ip ipv6-prefix aa index 10 deny 2::2 96
ip ipv6-prefix aa index 20 permit :: 0 less-equal 128

All routes except the route 2::2/96 are permitted.

Note: For the entry indexed 10, deny is configured as the matching mode. Therefore, the route 2::2/96 that matches its matching conditions is denied, and the other routes that fail to match the matching conditions are then matched against the entry indexed 20. For the entry indexed 20, the mask length range is from 0 to 128, :: is specified as the IPv6 address, and permit is configured as the matching mode. Therefore, all routes except the route 2::2/96 are permitted by the entry indexed 20.

Configuration Impact

If you create an entry whose index number is the same as an existing entry in the IPv6 prefix list, the created entry will replace the existing entry.

Precautions

  • The IPv6 prefix list adopts default deny as the matching mode. If you have created one or multiple entries in deny mode, but no entry in the permit mode, you must create an entry permit :: 0 less-equal 128 to permit IPv6 routes which do not match the entries in deny mode.

  • If you specify ipv6-address prefix-length to be :: 0, only IPv6 default routes are matched.

  • If ipv6-address prefix-length is set to :: 0 less-equal 128, all routes will be matched.

  • Before you run the undo ip ipv6-prefix command to delete an IPv6 prefix list that is referenced by another command, delete the reference configuration.

  • After a configuration is delivered, the device checks the validity of the parameters in the configuration and processes these parameters. After the processing, the generated configuration is the result of the AND calculation between the specified ipv6-address and prefix-length. For example, if the specified ipv6-address and prefix-length are 1::1 and 64, respectively, the generated configuration is 1:: 64.

    If the ipv6-address in the generated configuration is ::, the configuration matches all IPv6 addresses. In this case, routes are filtered based on the following rules.

    Table 7-202  Route filtering rules

    Whether greater-equal and less-equal Exist in the Post-Processing Configuration

    Condition

    Matching Result

    Example

    Neither greater-equal nor less-equal exists.

    The post-processing ipv6-address and prefix-length are :: and 0, respectively.

    Matches only the default IPv6 route.

    Pre-processing:

    ip ipv6-prefix aa index 10 permit 1::1 0

    Post-processing:

    ip ipv6-prefix aa index 10 permit :: 0

    Matching result: Only the default IPv6 route is permitted.

    The post-processing ipv6-address and prefix-length are :: and X (non-0 value), respectively.

    Matches all IPv6 routes with the prefix length of X.

    Pre-processing:

    ip ipv6-prefix aa index 10 permit ::1:1 96

    Post-processing:

    ip ipv6-prefix aa index 10 permit :: 96

    Matching result: The IPv6 routes with the prefix length of 96 are permitted.

    greater-equal exists, but less-equal does not.

    The post-processing ipv6-address and prefix-length are :: and 0, respectively.

    Matches all the IPv6 routes whose prefix length is within the range from greater-equal to 128.

    Pre-processing:

    ip ipv6-prefix aa index 10 permit 1::1 0 greater-equal 16

    Post-processing:

    ip ipv6-prefix aa index 10 permit :: 0 greater-equal 16 less-equal 128

    Matching result: The IPv6 routes whose prefix length is within the range from 16 to 128 are permitted.

    The post-processing ipv6-address and prefix-length are :: and X (non-0 value), respectively.

    Matches all the IPv6 routes whose prefix length is within the range from greater-equal to 128.

    Pre-processing:

    ip ipv6-prefix aa index 10 permit ::1:1 96 greater-equal 120

    Post-processing:

    ip ipv6-prefix aa index 10 permit :: 96 greater-equal 120 less-equal 128

    Matching result: The IPv6 routes whose prefix length is within the range from 120 to 128 are permitted.

    greater-equal does not exist, but less-equal does.

    The post-processing ipv6-address and prefix-length are :: and 0, respectively.

    Matches all the IPv6 routes whose prefix length is within the range from 0 to less-equal.

    Pre-processing:

    ip ipv6-prefix aa index 10 permit 1::1 0 less-equal 120

    Post-processing:

    ip ipv6-prefix aa index 10 permit :: 0 less-equal 120

    Matching result: The IPv6 routes whose prefix length is within the range from 0 to 120 are permitted.

    The post-processing ipv6-address and prefix-length are :: and X (non-0 value), respectively.

    Matches all the IPv6 routes whose prefix length is within the range from X to less-equal.

    Pre-processing:

    ip ipv6-prefix aa index 10 permit ::1:1 96 less-equal 120

    Post-processing:

    ip ipv6-prefix aa index 10 permit :: 96 greater-equal 96 less-equal 120

    Matching result: The IPv6 routes whose prefix length is within the range from 96 to 120 are permitted.

    Both greater-equal and less-equal exist.

    The post-processing ipv6-address and prefix-length are :: and 0, respectively.

    Matches all the IPv6 routes whose prefix length is within the range from greater-equal to less-equal.

    Pre-processing:

    ip ipv6-prefix aa index 10 permit 1::1 0 greater-equal 5 less-equal 30

    Post-processing:

    ip ipv6-prefix aa index 10 permit :: 0 greater-equal 5 less-equal 30

    Matching result: The IPv6 routes whose prefix length is within the range from 5 to 30 are permitted.

    The post-processing ipv6-address and prefix-length are :: and X (non-0 value), respectively.

    Matches all the IPv6 routes whose prefix length is within the range from greater-equal to less-equal.

    Pre-processing:

    ip ipv6-prefix aa index 10 permit ::1:1 96 greater-equal 120 less-equal 124

    Post-processing:

    ip ipv6-prefix aa index 10 permit :: 96 greater-equal 120 less-equal 124

    Matching result: The IPv6 routes whose prefix length is within the range from 120 to 124 are permitted.

Follow-up Procedure

In a scenario in which a used routing policy is being modified, after you configure the IPv6 prefix list, RM immediately notifies the protocols of re-applying the routing policy. However, you must run several commands to modify the routing policy. To prevent the protocols from repeatedly re-applying the routing policy which is being modified, you can run the route-policy-change notify-delay command to configure delay time for re-applying the routing policy, after you configure the IPv6 prefix list.

Example

# Permit the routes with the mask length ranging from 32 to 64 bits.

<HUAWEI> system-view
[HUAWEI] ip ipv6-prefix abc permit :: 0 greater-equal 32 less-equal 64

# Deny the routes with the IP prefix FC00:0:0:D00::/32 and with the prefix longer than 32 bits, and permit the other IPv6 routes.

<HUAWEI> system-view
[HUAWEI] ip ipv6-prefix abc deny fc00:0:0:d00:: 32 less-equal 128
[HUAWEI] ip ipv6-prefix abc permit :: 0 less-equal 128
# Configure the IPv6 prefix list named p3 to deny the routes to the IPv6 address ranging from ::1 to ::FFFF:FFFF.
<HUAWEI> system-view
[HUAWEI] ip ipv6-prefix p3 index 10 deny :: 96 match-network
[HUAWEI] ip ipv6-prefix p3 index 20 permit :: 0 less-equal 128

ip rd-filter

Function

The ip rd-filter command creates an RD filter.

The undo ip rd-filter command deletes an RD filter.

By default, no RD filter is configured.

Format

ip rd-filter rd-filter-number { deny | permit } route-distinguisher &<1-10>

undo ip rd-filter rd-filter-number [ { deny | permit } route-distinguisher &<1-10> ]

Parameters

Parameter Description Value
rd-filter-number Specifies the number of an RD filter. The value is an integer ranging from 1 to 255.
permit Permits a route to match the rules if its RD matches the rules. -
deny Denied a route if its RD matches the rules. -
route-distinguisher Specifies the RD to aa:nn or ipv4-address:nn. You can set a maximum of 10 RDs.

The switch support RDs in the following formats:

  • ipv4-address:nn, such as 10.1.1.1:200

  • aa:nn, such as 100:1

  • aa.aa:nn, such as 100.100:1

  • ipv4-address:* in the wildcard format, such as 10.1.1.1:*, indicating that the RD begins with 10.1.1.1

  • aa:* in the wildcard format, such as 100:*, indicating that the RD begins with 100

  • aa.aa:* in the wildcard format, such as 100.100:*, indicating that the RD begins with 100.100

  • The IPv4 address is in dotted decimal notation.
  • The nn in ipv4-address:nn is an integer ranging from 0 to 65535.
  • In aa:nn, the aa is an integer ranging from 0 to 65535, and nn is an integer ranging from 0 to 4294967295.
  • The aa and nn in aa:*, aa.aa:*, and aa.aa:nn are both integers ranging from 0 to 65535.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The ip rd-filter command is used together with the if-match rd-filter command. First use the ip rd-filter command to configure an RD filter, and use the if-match rd-filter command to configure a matching rule based on the RD filter in a routing policy. The routing policy is used to filter routes that are received and advertised.

The RD filter has the following rules:

  • If the RD filter is not configured but is used to filter routes, the matching result is permit.

    For example, the RD filter 100 is not configured but is used by the routing policy:

    route-policy test permit node 10
    if-match rd-filter 100

    When the routing policy is used to filter routes, the routes match this if-match clause, and the routes match the node 10 in the routing policy named test.

  • If the RD filter is configured but the RD of routes does not match any RD defined in the RD filter, the default matching result is deny.

    For example, the RD of routes is 100:1, and the configuration of the RD filter is as follows:

    ip rd-filter 100 permit 10.1.1.1:100

    When the RD filter is used to filter routes, the matching result is deny.

  • The relationship between the rules of the RD filter is "OR". This is different from the community filter. This is because each route has only one RD but can have multiple communities.

    For example, the RD filters in the following formats have the same matching results:

    Format 1:

    ip rd-filter 100 permit 100:1 200:1 10.2.2.2:1 10.3.3.3:1

    Format 2:

    ip rd-filter 100 permit 100:1 200:1
    ip rd-filter 100 permit 10.2.2.2:1
    ip rd-filter 100 permit 10.3.3.3:1

    The community filters in the following formats have different matching results:

    Format 1:

    ip community-filter 1 permit 100:1 200:1 300:1

    Format 2:

    ip community-filter 1 permit 100:1
    ip community-filter 1 permit 200:1 300:1

    In the preceding configuration of the community filter, the community defined in each rule must be a sub-set of route communities so that the rule can be matched.

  • Routes are filtered according to the configuration order of multiple rules. For example:

    ip rd-filter 100 deny 200:1 10.5.5.5:1
    ip rd-filter 100 permit 200:* 10.5.5.5:*

    In this situation, the route with the RD 200:1 or 5.5.5.5:1 is denied. If the configuration order of multiple rules is reversed as follows:

    ip rd-filter 100 permit 200:* 10.5.5.5:*
    ip rd-filter 100 deny 200:1 10.5.5.5:1

    In this situation, the route with the RD 200:1 or 10.5.5.5:1 is permitted.

  • Each RD filter can be configured with a maximum of 255 rules.

Example

# Configure an RD filter.

<HUAWEI> system-view
[HUAWEI] ip rd-filter 1 permit 100:1

reset ip ip-prefix

Function

The reset ip ip-prefix command resets the statistics of the specified IPv4 prefix list.

Format

reset ip ip-prefix [ ip-prefix-name ]

Parameters

Parameter Description Value
ip-prefix-name Specifies the name of an IPv4 prefix list.

If ip-prefix-name is not specified, you can reset the statistics of all the IPv4 prefix lists.

The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The IPv4 prefix list can be used to filter IPv4 addresses. When filtering IPv4 addresses, the system records the numbers of prefixes that are permitted and denied by the IPv4 prefix list. You can run the display ip ip-prefix command to view the numbers.

To view the number of IPv4 prefixes that are permitted and denied by the IPv4 prefix list, run the reset ip ip-prefix command to clear statistics about permitted and denied routes in the IPv4 prefix list, and then run the display ip ip-prefix command to display the number of IPv4 prefixes since the previous operation.

Configuration Impact

The reset ip ip-prefix command clears statistics about the IPv4 prefix list. After that, the previous statistics cannot be shown.

Precautions

The reset ip ip-prefix command:
  • Clears statistics in a specified IPv4 prefix list, if the name of the IPv4 prefix list is specified using ip-prefix-name.

  • Clears statistics in all IPv4 prefix lists, if the name of the IPv4 prefix list is not specified using ip-prefix-name.

Example

# Reset the statistics of the specified IPv4 prefix list.

<HUAWEI> reset ip ip-prefix abc

reset ip ipv6-prefix

Function

The reset ip ipv6-prefix command resets the timer of a specified IPv6 prefix list.

Format

reset ip ipv6-prefix [ ipv6-prefix-name ]

Parameters

Parameter Description Value
ipv6-prefix-name Specifies the name of an IP prefix list. The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The IPv6 prefix list can be used to filter IPv6 addresses. When filtering IPv6 addresses, the system records the numbers of prefixes that are permitted and denied by the IPv6 prefix list. You can run the display ip ipv6-prefix command to view the numbers.

To view the number of IPv6 prefixes that are permitted and denied by the IPv6 prefix list, run the reset ip ipv6-prefix command to clear statistics about permitted and denied routes in the IPv6 prefix list, and then run the display ip ipv6-prefix command to display the number of IPv6 prefixes since the previous operation.

Configuration Impact

The reset ip ipv6-prefix command clears statistics about the IPv6 prefix list. After that, the previous statistics cannot be shown.

Precautions

The reset ip ipv6-prefix command:
  • Clears statistics in a specified IPv6 prefix list, if the name of the IPv6 prefix list is specified using ipv6-prefix-name.

  • Clears statistics in all IPv6 prefix lists, if the name of the IPv6 prefix list is not specified using ipv6-prefix-name.

Example

# Resets the timer of the IPv6 prefix list named abc.

<HUAWEI> reset ip ipv6-prefix abc

reset route-policy counters

Function

The reset route-policy command resets route-policy counters.

Format

reset route-policy route-policy-name counters

Parameters

Parameter Description Value
route-policy-name Specifies the name of a route-policy. The name is a string of 1 to 40 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The route-policy is used to filter routes and set the attributes of a route that matches a route-policy. When a route-policy filters routes, the system records the number of routes that match the route-policy nodes. You can run the display route-policy to view the numbers.

The reset route-policy counters command clears the number of routes which match or do not match the route-policy. You can run both the reset route-policy counters command and the display route-policy command to instruct whether to record the number of routes matching a specified route-policy.

Configuration Impact

The reset route-policy counters command clears the number of routes which match or do not match the route-policy. After that, the number cannot be restored.

Example

# Reset the counters of a route-policy named policy1.

<HUAWEI> reset route-policy policy1 counters
Related Topics

route-policy

Function

The route-policy command creates a routing policy and displays the Route-Policy view.

The undo route-policy command deletes a specified routing policy.

By default, no routing policy is configured.

Format

route-policy route-policy-name { permit | deny } node node

undo route-policy route-policy-name [ node node ]

Parameters

Parameter Description Value
route-policy-name Specifies the name of a routing policy. If the routing policy does no exist, create a routing policy and enter its Route-Policy view. If the routing policy exists, enter its Route-Policy view. The name is a string of 1 to 40 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
permit Specifies the matching mode of the routing policy as permit. In permit mode, a route matches all the if-match clauses, the route matches the routing policy and the actions defined by the apply clause are performed on the route. Otherwise, the route continues to match the next entry. -
deny Specifies the matching mode of the routing policy as deny. In deny mode, if a route matches all the if-match clauses, the route fails to match the routing policy and cannot match the next node. -
node node Specifies the index of the node in the routing policy. When the routing policy is used to filter routes, the node with the smaller value of node is matched first. The value is an integer ranging from 0 to 65535.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A routing policy is used to filter routes and set route attributes for the routes that match the routing policy. A routing policy consists of multiple nodes. One node can be configured with multiple if-match and apply clauses.

The if-match clauses define matching rules for this node, and the apply clauses define behaviors for the routes that match the rules. The relationship between if-match clauses is "AND". That is, a route must match all the if-match clauses. The relationship between the nodes of a routing policy is "OR". That is, if a route matches one node, the route matches the routing policy. If the route does not match any node, the route fails to match the routing policy.

Procedure

After a routing policy is created, the system prompts "Info: New Sequence of this List !" and displays the Route-Policy view. The system displays no prompt when a routing policy is deleted.

Precautions

After a route-policy is configured, by default, the RM immediately notifies each protocol to apply the route-policy to filter routes. To delay applying a route-policy, you need to run the route-policy-change notify-delay command to set the delay for applying the route-policy.

You can run the display route-policy command to view the number of routes that match and do not match the route-policy.

An route-policy-name must have been configured using the route-policy command before the route-policy-name is referenced by another command.

Before you run the undo route-policy command to delete a route-policy that is referenced by another command, delete the reference configuration.

If an if-match clause of a route-policy defines an ip-prefix-based filtering rule, the filtering rule applies to IPv4 prefixes, not to IPv6 prefixes, and IPv6 prefixes match the filtering rule by default. If IPv6 prefixes also need to be filtered, add an ipv6-prefix-based if-match clause. Similarly, if an if-match clause of a route-policy defines an ipv6-prefix-based filtering rule, the filtering rule applies to IPv6 prefixes, not to IPv4 prefixes, and IPv4 prefixes match the filtering rule by default. If IPv4 prefixes also need to be filtered, add an ip-prefix-based if-match clause.

Example

# Configure the routing policy named policy1 whose node number is 10 and the matching mode is permit.

<HUAWEI> system-view
[HUAWEI] route-policy policy1 permit node 10
[HUAWEI-route-policy]
Related Topics

route-policy-change notify-delay

Function

The route-policy-change notify-delay command sets the delay before the RM to notify each protocol of applying a new policy after the original route-policy changes.

The undo route-policy-change notify-delay command restores the default setting.

By default, this command is not configured, and the delay time is 0s.

Format

route-policy-change notify-delay delay-time

undo route-policy-change notify-delay

Parameters

Parameter Description Value
delay-time Specifies the delay for applying a new policy after the original route-policy changes. The value is an integer ranging from 1 to 180, in seconds.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The switch process the changes of a route-policy according to the following rules.

After the configuration of a route-policy changes, by default, the RM immediately notifies the protocol of performing related operations. To delay processing the changes of the route-policy, you can run the route-policy-change notify-delay command to set the delay for change processing. The new policy is applied after the timer expires:

  • If the configuration of the route-policy changes again within the delay, the RM resets the timer.

  • If the new policy is configured for BGP, the refresh bgp all command can be used within the delay set by the route-policy-change notify-delay command to trigger BGP to immediately use the new policy.

The following commands are related to the timer:
  • route-policy
  • ip ip-prefix
  • ip ipv6-prefix
  • ip as-path-filter
  • ip community-filter
  • ip extcommunity-filter
  • ip rd-filter
  • acl

Example

# Set the delay before the RM to notify each protocol of applying a new policy after the original route-policy changes.

<HUAWEI> system-view
[HUAWEI] route-policy-change notify-delay 20 

route-policy nonexistent-config-check

Function

The route-policy nonexistent-config-check command controls whether the system allows a nonexistent route-policy to be specified in a command.

The undo route-policy nonexistent-config-check disable command forbids a nonexistent route-policy to be specified in a command.

By default, the system does not allow a nonexistent route-policy to be specified in a command.

Format

route-policy nonexistent-config-check { disable | enable }

undo route-policy nonexistent-config-check disable

Parameters

Parameter Description Value
disable Indicates that the system allows a nonexistent route-policy to be specified in a command. -
enable Indicates that the system does not allow a nonexistent route-policy to be specified in a command. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, if you specify a nonexistent route-policy in a command, the command does not take effect. To enable the system to allow a nonexistent route-policy to be specified in a command, run the route-policy nonexistent-config-check disable command.

Example

# Enable the system to allow a nonexistent route-policy to be specified in a command.

<HUAWEI> system-view
[HUAWEI] route-policy nonexistent-config-check disable
Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178288

Views: 25605

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next