No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

S9300, S9300E, and S9300X V200R011C10

This document describes IP Unicast Routing configurations supported by the switch, including the principle and configuration procedures of IP Routing Overview, Static Route, RIP, RIPng, OSPF, OSPFv3, IS-IS(IPv4), IS-IS(IPv6), BGP, Routing Policy ,and PBR, and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Filter-Policy Implementation and Applications

Filter-Policy Implementation and Applications

Overview

A filter-policy is a commonly used routing information filtering tool. In Figure 10-7, SwitchA, SwitchB, and SwitchC run a routing protocol, and routes are transmitted among these devices. A filter-policy can be used to filter specific routing information as required.

Figure 10-7   Filter-policy application

NOTE:

Filter-policies can only filter routing information and cannot filter LSAs or change route attributes.

Filtering Rules

Distance-vector routing protocols (such as RIP) and link-state routing protocols (such as OSPF) vary in principles. Therefore, filter-policy filtering rules vary between the two types of routing protocols. The following table lists differences in routing information transmission between distance-vector routing protocols and link-state routing protocols.

Table 10-5  Differences in routing information transmission between distance-vector routing protocols and link-state routing protocols

Routing Protocol Type

Route Transmission

Distance-vector routing protocols

Routing devices transmit routing information. This routing information is like roadmap for packets. The devices guide packet forwarding based on the roadmap.

Link-state routing protocols

Routing devices transmit link state advertisements (LSAs). A link state database (LSDB) is a set of LSAs and describes the entire network topology, which is like a map. The devices find the optimal forwarding path for packets based on the map and shortest path algorithm.

Filter-policy in distance-vector routing protocols

Figure 10-8   Filter-policy in distance-vector routing protocols

In Figure 10-8, when using distance-vector routing protocols, devices transmit routing information. To filter the routing information, use a filter-policy. Figure 10-8 shows where a filter-policy takes effect in the inbound and outbound directions. To filter the routing information transmitted from an upstream device to a downstream device, you only need to configure filter-policy export on the upstream device or configure filter-policy import on the downstream device.

Filter-policy in link-state routing protocols

Figure 10-9   Filter-policy in link-state routing protocols

In Figure 10-9, when using link-state routing protocols, routing devices transmit LSAs and then calculate their routing tables based on the LSDB. The following uses OSPF as an example to describe filter-policy filtering rules:

  • The filter-policy import command filters the routes calculated by OSPF but not the LSAs advertised and received.
  • The filter-policy export command filters the imported routes to be advertised so that only eligible external routes are translated into Type 5 LSAs (AS-external-LSAs) and advertised. In this manner, imported external routes can be filtered as required to prevent routing loops.

Using a Filter-Policy to Filter the Routes Advertised by RIP

Requirement Description

In Figure 10-10, three switches exchange routes through RIP. Three static routes (used as test routes) are imported into the RIP process of SwitchA. It is required that the filter-policy export command be configured on SwitchB to filter the routes advertised to SwitchC, that is, deny the route 192.168.3.0/24 and permit other routes.

Figure 10-10   Using a filter-policy to filter the routes advertised by RIP

Configuration

  1. Define an IP prefix list on SwitchB to filter routes as required.

    [SwitchB] ip ip-prefix huawei index 10 deny 192.168.3.0 24       //Deny this route.
    [SwitchB] ip ip-prefix huawei index 20 permit 0.0.0.0 0 less-equal 32    //Permit all routes.
  2. Configure the filter-policy export command in the RIP view of SwitchB.

    [SwitchB] rip
    [SwitchB-rip-1] filter-policy ip-prefix huawei export Vlanif20

Verification

After the preceding configurations are complete, check the IP routing tables of SwitchB and SwitchC.

[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 9        Routes : 9        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    192.168.1.0/24  RIP     100  1           D   192.168.10.1    Vlanif10
    192.168.2.0/24  RIP     100  1           D   192.168.10.1    Vlanif10
    192.168.3.0/24  RIP     100  1           D   192.168.10.1    Vlanif10
   192.168.10.0/24  Direct  0    0           D   192.168.10.2    Vlanif10
   192.168.10.2/32  Direct  0    0           D   127.0.0.1       Vlanif10
   192.168.20.0/24  Direct  0    0           D   192.168.20.1    Vlanif20
   192.168.20.1/32  Direct  0    0           D   127.0.0.1       Vlanif20
[SwitchC] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 7        Routes : 7        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    192.168.1.0/24  RIP     100  2           D   192.168.20.1    Vlanif20
    192.168.2.0/24  RIP     100  2           D   192.168.20.1    Vlanif20
   192.168.10.0/24  RIP     100  1           D   192.168.20.1    Vlanif20
   192.168.20.0/24  Direct  0    0           D   192.168.20.2    Vlanif20
   192.168.20.2/32  Direct  0    0           D   127.0.0.1       Vlanif20

The preceding command output shows that after the filter-policy export command is configured on SwitchB, SwitchB still has a complete IP routing table; however, SwitchC cannot learn the route 192.168.3.0/24 through RIP because this route has been filtered out before being advertised by SwitchB.

Using a Filter-Policy to Filter the Routes Received by RIP

Requirement Description

In Figure 10-11, three switches exchange routes through RIP. Three static routes (used as test routes) are imported into the RIP process of SwitchA. It is required that the filter-policy import command be configured on SwitchB to deny the route 192.168.3.0/24 and permit other routes.

Figure 10-11   Using a filter-policy to filter the routes received by RIP

Configuration

  1. Define an IP prefix list on SwitchB to filter routes as required.

    [SwitchB] ip ip-prefix huawei index 10 deny 192.168.3.0 24      //Deny this route.
    [SwitchB] ip ip-prefix huawei index 20 permit 0.0.0.0 0 less-equal 32   //Permit all routes.
  2. Configure the filter-policy import command in the RIP view of SwitchB.

    [SwitchB] rip
    [SwitchB-rip-1] filter-policy ip-prefix huawei import Vlanif10

Verification

After the preceding configurations are complete, check the IP routing tables of SwitchB and SwitchC.

[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 8        Routes : 8        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    192.168.1.0/24  RIP     100  1           D   192.168.10.1    Vlanif10
    192.168.2.0/24  RIP     100  1           D   192.168.10.1    Vlanif10
   192.168.10.0/24  Direct  0    0           D   192.168.10.2    Vlanif10
   192.168.10.2/32  Direct  0    0           D   127.0.0.1       Vlanif10
   192.168.20.0/24  Direct  0    0           D   192.168.20.1    Vlanif20
   192.168.20.1/32  Direct  0    0           D   127.0.0.1       Vlanif20
[SwitchC] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 7        Routes : 7        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    192.168.1.0/24  RIP     100  2           D   192.168.20.1    Vlanif20
    192.168.2.0/24  RIP     100  2           D   192.168.20.1    Vlanif20
   192.168.10.0/24  RIP     100  1           D   192.168.20.1    Vlanif20
   192.168.20.0/24  Direct  0    0           D   192.168.20.2    Vlanif20
   192.168.20.2/32  Direct  0    0           D   127.0.0.1       Vlanif20

The preceding command output shows that after the filter-policy import command is configured on SwitchB, the IP routing tables of SwitchB and SwitchC do not contain the route 192.168.3.0/24.

RIP is a distance-vector routing protocol and a RIP device advertises its routing table to its neighbors. When the route 192.168.3.0/24 is filtered out from the IP routing table of SwitchB, SwitchC can no longer learn this route through RIP. That is, if routes in an IP routing table of a RIP device are filtered, the IP routing tables of upstream devices of this RIP device are also affected.

NOTE:

Both the filter-policy export and filter-policy import commands are configured in the RIP process view. If routes are filtered based on interfaces or protocols, only one filter-policy can be configured for one interface or protocol. If no interface or protocol is specified, a global filter-policy is configured and similarly, only one filter-policy can be configured. If multiple filter-policies are configured, only the latest filter-policy takes effect.

Using a Filter-Policy to Filter the Intra-Area Routes Received by OSPF

Requirement Description

In Figure 10-12, three switches belong to OSPF Area 0. SwitchA advertises the test network segment 10.1.1.0/24. It is required that the filter-policy import command be configured on SwitchB so that the IP routing table of SwitchB does not contain the route 10.1.1.0/24.

Figure 10-12  Using a filter-policy to filter the intra-area routes received by OSPF

Configuration

  1. Define an IP prefix list on SwitchB to filter routes as required.

    [SwitchB] ip ip-prefix huawei index 10 deny 10.1.1.0 24           //Deny this route.
    [SwitchB] ip ip-prefix huawei index 20 permit 0.0.0.0 0 less-equal 32     //Permit all routes.
  2. Configure the filter-policy import command in the OSPF view of SwitchB.

    [SwitchB] ospf
    [SwitchB-ospf-1] filter-policy ip-prefix huawei import

Verification

After the preceding configurations are complete, check the IP routing tables of SwitchB and SwitchC.

[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 6        Routes : 6        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.12.0/24  Direct  0    0           D   192.168.12.2    Vlanif12
   192.168.12.2/32  Direct  0    0           D   127.0.0.1       Vlanif12
   192.168.23.0/24  Direct  0    0           D   192.168.23.1    Vlanif23
   192.168.23.1/32  Direct  0    0           D   127.0.0.1       Vlanif23
[SwitchC] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 6        Routes : 6        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  OSPF    10   3           D   192.168.23.1    Vlanif23
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.12.0/24  OSPF    10   2           D   192.168.23.1    Vlanif23
   192.168.23.0/24  Direct  0    0           D   192.168.23.2    Vlanif23
   192.168.23.2/32  Direct  0    0           D   127.0.0.1       Vlanif23

The preceding command output shows that, although the route 10.1.1.0/24 has been filtered out on SwitchB, its LSA is still transmitted to SwitchC, so the IP routing table of SwitchC still contains this route. This result also confirms that in link-state routing protocols, a filter-policy filters only routing information but not LSAs.

The LSDBs of SwitchB and SwitchC still contain the LSA describing the route 10.1.1.0/24. To verify this, check LSA information on SwitchB and SwitchC.

[SwitchB] display ospf lsdb router

   OSPF Process 1 with Router ID 10.10.10.2
              Area: 0.0.0.0
      Link State Database 
………

  Type      : Router
  Ls id     : 10.10.10.1
  Adv rtr   : 10.10.10.1  
  Ls age    : 139 
  Len       : 48 
  Options   :  E  
  seq#      : 80000005 
  chksum    : 0x41c4
  Link count: 2
   * Link ID: 10.1.1.0     
     Data   : 255.255.255.0 
     Link Type: StubNet      
     Metric : 1 
     Priority : Low
   * Link ID: 192.168.12.2 
     Data   : 192.168.12.1 
     Link Type: TransNet     
     Metric : 1
[SwitchC] display  ospf lsdb  router

   OSPF Process 1 with Router ID 10.10.10.3
             Area: 0.0.0.0
     Link State Database 
…………

  Type      : Router
  Ls id     : 10.10.10.1
  Adv rtr   : 10.10.10.1  
  Ls age    : 81 
  Len       : 48 
  Options   :  E  
  seq#      : 80000005 
  chksum    : 0x41c4
  Link count: 2
   * Link ID: 10.1.1.0     
     Data   : 255.255.255.0 
     Link Type: StubNet      
     Metric : 1 
     Priority : Low
   * Link ID: 192.168.12.2 
     Data   : 192.168.12.1 
     Link Type: TransNet     
     Metric : 1

The preceding command output shows that the LSDBs of SwitchB and SwitchC still contain the LSA describing the route 10.1.1.0/24.

Using a Filter-Policy to Filter the Inter-Area Routes Received by OSPF

In Figure 10-13 there are two OSPF areas, Area 0 and Area 1. SwitchB and SwitchC transmit Type 3 LSAs, which are generated by SwitchB to describe inter-area routes. The configuration is similar to the configuration in the previous scenario. The following describes the filtering result.

Figure 10-13  Using a filter-policy to filter the inter-area routes received by OSPF

Before configuring a filter-policy, check the IP routing tables of SwitchB and SwitchC.

[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 7        Routes : 7        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  OSPF    10   2           D   192.168.12.1    Vlanif12
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.12.0/24  Direct  0    0           D   192.168.12.2    Vlanif12
   192.168.12.2/32  Direct  0    0           D   127.0.0.1       Vlanif12
   192.168.23.0/24  Direct  0    0           D   192.168.23.1    Vlanif23
   192.168.23.1/32  Direct  0    0           D   127.0.0.1       Vlanif23
[SwitchC] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 6        Routes : 6        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  OSPF    10   3           D   192.168.23.1    Vlanif23
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.12.0/24  OSPF    10   2           D   192.168.23.1    Vlanif23
   192.168.23.0/24  Direct  0    0           D   192.168.23.2    Vlanif23
   192.168.23.2/32  Direct  0    0           D   127.0.0.1       Vlanif23

The preceding command output shows that before a filter-policy is configured, the IP routing tables of SwitchB and SwitchC contain the route 10.1.1.0/24.

Verification

After the filter-policy import command is configured on SwitchB, check the IP routing tables of SwitchB and SwitchC.

[SwitchB] display  ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 6        Routes : 6        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.12.0/24  Direct  0    0           D   192.168.12.2    Vlanif12
   192.168.12.2/32  Direct  0    0           D   127.0.0.1       Vlanif12
   192.168.23.0/24  Direct  0    0           D   192.168.23.1    Vlanif23
   192.168.23.1/32  Direct  0    0           D   127.0.0.1       Vlanif23
[SwitchC] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 5        Routes : 5        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.12.0/24  OSPF    10   2           D   192.168.23.1    Vlanif23
   192.168.23.0/24  Direct  0    0           D   192.168.23.2    Vlanif23
   192.168.23.2/32  Direct  0    0           D   127.0.0.1       Vlanif23

There are two OSPF areas. The route 10.1.1.0/24 on SwitchC is described by the Type 3 LSA generated by SwitchB, but this route has been filtered out by SwitchB. Therefore, the Type 3 LSA describing an inter-area route cannot be generated, and SwitchC cannot learn the route 10.1.1.0/24 again.

Translation
Download
Updated: 2019-10-22

Document ID: EDOC1000178418

Views: 197967

Downloads: 37

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next