No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Routing 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Routing
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using a Routing Policy to Filter the BGP Routes to Be Received

Using a Routing Policy to Filter the BGP Routes to Be Received

BGP is used to transmit routing information. BGP accepts only the wanted routes which can be filtered or applied routing policy flexibly, and modifies route attributes to direct network traffic properly.

Usage Scenario

BGP is used to transmit routing information between ASs. Route reception directly affects traffic forwarding.

The BGP device may receive routes to the same destination from different BGP peers. To control traffic forwarding paths, the router needs to filter the received BGP routes.

The router may be attacked and receive a large number of routes from its BGP peers, consuming lots of resources of the router. Therefore, the administrator must limit the resources to be consumed based on networking planning and router capacities, no matter whether too many BGP routes caused by malicious attacks or incorrect configurations.

Filters can be used to filter routes to be received by BGP. BGP can filter the routes received from all peers or peer groups or only the routes received from a specific peer or peer group. If multiple filter policies are configured, BGP accepts only routes that match all the filter policies.

Pre-configuration Tasks

Before controlling BGP to receive routes, complete the following task:

Configuration Procedures

Figure 10-4 Networking diagram of Configuring to Control BGP to receive routes

Configuring BGP Filters

By using BGP filters, you can flexibly filter routes to be received.

Context

Procedure

  • Configure an ACL.

    An ACL is a series of sequential rules composed of permit and deny clauses. These rules are described based on source addresses, destination addresses, and port numbers of packets. ACL rules are used to classify packets. After ACL rules are applied to a router, the router permits or denies packets based on the ACL rules.

    For details on ACL configurations, see the HUAWEI NetEngine40E Universal Service Router Configuration Guide-IP Services.

    An ACL can be used as a filtering condition of a route-policy or used in the filter-policy { acl-number | acl-name acl-name } import or peer { group-name | ipv4-address } filter-policy { acl-number | acl-name acl-name } import command.

  • Configure an IP prefix list.

    An IP prefix list is a type of filter used to filter routes based on destination addresses. An IP prefix list is identified by its name. An IP prefix list can be used flexibly to implement accurate filtering. For example, it can be used to filter a route or routes to a network segment. If a large number of routes that do not have the same prefix need to be filtered, configuring an IP prefix list to filter the routes is very complex.

    An IP prefix list can be used as a filtering condition of a route-policy or used in the filter-policy ip-prefix ip-prefix-name import or peer { group-name | ipv4-address } ip-prefix ip-prefix-name import command.

    1. Run system-view

      The system view is displayed.

    2. Run ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address mask-length [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

      An IPv4 prefix list is configured.

      The mask length range can be specified as mask-length <= greater-equal-value <= less-equal-value <= 32. If only greater-equal is specified, the prefix range is [greater-equal-value, 32]. If only less-equal is specified, the prefix range is [mask-length, less-equal-value].

      An IPv4 prefix list is identified by its name, and each IP prefix list can contain multiple entries. Each entry is identified by an index number, and can specify a matching range in the form of a network prefix uniquely. An IPv4 prefix list named abcd is used as an example.

      #
      ip ip-prefix abcd index 10 permit 1.0.0.0 8
      ip ip-prefix abcd index 20 permit 10.0.0.0 8

      During route matching, the system checks the entries by index number in ascending order. If a route matches an entry, the route will not be matched with the next entry.

      The NE40E denies all unmatched routes by default. If all entries in an IPv4 prefix list are in deny mode, all routes will be denied by the IPv4 prefix list. In this case, define an entry permit 0.0.0.0 0 less-equal 32 after the entries in deny mode to allow all the other IPv4 routes to be permitted by the IPv4 prefix list.

      NOTE:

      If more than one IP prefix entry is defined, at least one entry should be set in permit mode.

    3. Run commit

      The configuration is committed.

  • Configure an AS_Path filter.

    An AS_Path filter is used to filter BGP routes based on the AS_Path attributes contained in the BGP routes. If you do not want traffic to pass through an AS, configure an AS_Path filter to filter out the traffic carrying the AS number. If the BGP routing table of each device on a network is large, configuring an ACL or an IP prefix list to filter BGP routes may be complicated and make it difficult to maintain new routes.

    NOTE:

    If the AS_Path information of a summarized route is lost, the AS_Path filter cannot be used to filter the summarized route, but can still be used to filter the specific routes from which the summarized route is derived.

    An AS_Path filter can be used as a filtering condition of a route-policy or be used in the peer as-path-filter command.

    1. Run system-view

      The system view is displayed.

    2. Run ip as-path-filter { as-path-filter-number | as-path-filter-name } [ index index-number ] { permit | deny } regular-expression

      An AS_Path filter is configured.

      An AS_Path filter defines matching rules with a regular expression. The regular expression is composed of the following parts:

      • Metacharacter: defines matching rules.

      • General character: defines matching objects.

      Table 10-2 Description of metacharacters

      Special Character

      Function

      \

      Defines an escape character, which is used to mark the next character (common or special) as a common character.

      ^

      Matches the start position of the string.

      $

      Matches the end position of the string.

      *

      Matches the preceding element zero or more times.

      +

      Matches the preceding element once or more times

      ?

      Matches the preceding element zero times or once.

      .

      Matches any single character.

      ()

      Defines a subexpression, which can be empty. Both the expression and the subexpression must match.

      _

      Matches regular expressions with a sign, such as a comma (,), left brace ({), right brace (}), left parenthesis ((), right parenthesis ()), or space. The underscore (_) can be used at the beginning of a regular expression with the same function as the caret (^) or at the end of a regular expression with the same function as the dollar sign ($).

      x|y

      Matches x or y.

      [xyz]

      Matches any character in the regular expression.

      [^xyz]

      Matches any character that is not contained within the brackets.

      [a-z]

      Matches any character within the specified range.

      [^a-z]

      Matches any character beyond the specified range.

      For example, ^10 matches only the AS_Path attribute beginning with 10. ^ indicates the beginning of a string character.

      You can define multiple rules (permit or deny) for the same filter. During the matching, the relationship between these rules is OR. If a route meets one of the matching rules, it matches this AS_Path filter.

      NOTE:

      For details on a regular expression, see the HUAWEI NetEngine40E Universal Service Router Configuration Guide - Basic Configurations.

    3. Run commit

      The configuration is committed.

  • Configure a community filter.

    A BGP community attribute is used to identify a group of routes with the same properties. Routes can be classified through the community attribute, which facilitates route management.

    Some AS internal routes may not need to be advertised to any other AS, while AS external routes need to be advertised to other ASs. These AS external routes have different prefixes (as a result, an IP prefix list is inapplicable) and may come from different ASs (as a result, an AS_Path filter is inapplicable). You can set a community attribute value for these AS internal routes and another community attribute value for these AS external routes on an ASBR to control and filter these routes.

    1. Run system-view

      The system view is displayed.

    2. Run ip community-filter

      A community filter is configured.

      • To configure the standard community filter, run the ip community-filter basic comm-filter-name [ index index-number ] { permit | deny } [ community-number | aa:nn | internet [ strict-match ] | no-export-subconfed | no-advertise | no-export ] &<1-20> command, or the ip community-filter basic-comm-filter-num [ index index-number ] { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20> command.

      • To configure the advanced community filter, run the ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ index index-number ] { permit | deny } regular-expression command.

    3. Run commit

      The configuration is committed.

  • Configure an extended community filter.

    Similar to a BGP community filter, a BGP extcommunity filter is used to filter private network routes.

    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations as required to configure an extcommunity filter.

      To configure a VPN-Target extcommunity filter:

      • To configure a basic VPN-Target extcommunity filter, run the ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name }[ index index-number ] { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16> command.

      • To configure an advanced VPN-Target extcommunity filter, run the ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name }[ index index-number ] { deny | permit } regular-expression command.

      To configure an SoO extcommunity filter:

      • To configure a basic SoO extcommunity filter, run the ip extcommunity-list soo basic basic-extcomm-filter-name [ index index-number ] { permit | deny } { site-of-origin } &<1-16> command.

      • To configure an advanced SoO extcommunity filter, run the ip extcommunity-list soo advanced advanced-extcomm-filter-name [ index index-number ] { permit | deny } regular-expression command.

      Multiple entries can be defined in an extcommunity filter. The relationship between the entries is "OR". This means that if a route matches one of the rules, the route matches the filter.

    3. Run commit

      The configuration is committed.

  • Configure a route-policy.

    A route-policy is used to match routes or route attributes, and to change route attributes when specific conditions are met. As the preceding filters can be used as matching conditions of a route-policy, the route-policy is powerful in functions and can be used flexibly.

    1. Run system-view

      The system view is displayed.

    2. Run route-policy route-policy-name { permit | deny } node node

      A node is configured for a route-policy, and the view of the route-policy is displayed.

      A route-policy consists of multiple nodes. For example, the route-policy route-policy-example permit node 10 command specifies node 10 and the route-policy route-policy-example deny node 20 command specifies node 20. The two nodes belong to the route-policy specified by route-policy-example. The relationship between the nodes of a route-policy is "OR". The details are as follows:

      • If a route matches one node, the route matches the route-policy and will not be matched against the next node. For example, there are two nodes defined using the route-policy route-policy-example permit node 10 and route-policy route-policy-example deny node 20 commands. If a route matches the node defined using the route-policy route-policy-example permit node 10 command, the route will not be matched against the node defined using the route-policy route-policy-example deny node 20 command.
      • If a route does not match any node, the route fails to match the route-policy.

      When a route-policy is used to filter a route, the route is first matched against the node with the smallest node value. For example, if two nodes are configured using the route-policy route-policy-example permit node 10 and route-policy route-policy-example deny node 20 commands, a route is first matched against the node configured using the route-policy route-policy-example permit node 10 command.

      NOTE:

      The NE40E considers that each unmatched route fails to match the route-policy by default. If more than one node is defined in a route-policy, at least one of them must be in permit mode.

    3. (Optional) Perform the following operations as needed to configure if-match clauses for current nodes of the route-policy.

      if-match clauses are used to filter routes. If no if-match clause is specified, all routes will match the node in the route-policy.

      • To configure an ACL as the if-match clause, run the if-match acl { acl-number | acl-name } command.

      • To configure an IP prefix list as the if-match clause, run the if-match ip-prefix ip-prefix-name command.

        NOTE:

        The if-match acl and if-match ip-prefix commands cannot be used together in the same node of a route-policy, because the latest configuration will override the previous one.

      • To match the AS-Path attribute of BGP routes, run the if-match as-path-filter as-path-filter-number &<1-16> command.

      • To match the community attribute of BGP routes, run either of the following commands:

        • if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-comm-filter-num } * &<1-16>

        • if-match community-filter comm-filter-name [ whole-match ]

        • if-match community-filter { adv-comm-filter-num sort-match } * &<1-16>

        • if-match community-filter comm-filter-name sort-match

      • To match the VPN-Target extended community attribute of BGP routes, run the if-match extcommunity-filter { { basic-extcomm-filter-num | adv-extcomm-filter-num } &<1-16> | basic-extcomm-filter-name | advanced-extcomm-filter-name } command.

      • To match the SoO extended community attribute of BGP routes, run the if-match extcommunity-list soo extcomm-filter-name command.

      The operations in Step 3 can be performed in any order. A node may have multiple if-match clauses or no if-match clause.

      NOTE:

      The relationship between the if-match clauses in a node of a route-policy is "AND". A route must match all the rules before the action defined by the apply clause is taken. For example, if two if-match clauses (if-match acl 2003 and if-match as-path-filter 100) are defined in the route-policy route-policy-example permit node 10 command, a route is considered to match node 10 only when it matches the two if-match clauses.

    4. (Optional) Perform the following operations as needed to configure apply clauses for current nodes of the route-policy.

      apply clauses can be used to set attributes for routes matching if-match clauses. If this step is not performed, the attributes of routes matching if-match clauses keep unchanged.

      • To replace or add a specified AS number in the AS_Path attribute of a BGP route, run the apply as-path as-number command.

      • To delete a specified BGP community attribute from a route, run the apply comm-filter { comm-filter-number | comm-filter-name } delete command.

        NOTE:

        The apply comm-filter delete command deletes a specified community attribute from a route. An instance of the ip community-filter command can specify only one community attribute each time. To delete more than one community attribute, run the ip community-filter command multiple times. If multiple community attributes are specified in one community filter, none of them can be deleted. For more information, see the HUAWEI NetEngine40E Universal Service Router Command Reference.

      • To delete all community attributes from a BGP route, run the apply community none command.
      • To set community attributes for a BGP route, run the apply community { { community-number | aa:nn } &<1-32> | internet | no-advertise | no-export | no-export-subconfed } * [ additive ], or apply community community-list community-list-name command.
        NOTE:

        A BGP community list must be configured using the ip community-list command and community attributes must be configured for the list using the community command before you run the apply community community-list community-list-name command.

      • To set a VPN-Target extended community attribute for a route, run the apply extcommunity { rt { as-number:nn | ipv4-address:nn } } &<1-16> [ additive ] command.
      • To set an SoO extended community attribute for a route, run the apply extcommunity soo { site-of-origin } &<1-16> additive command.
      • To set the local preference for a BGP route, run the apply local-preference [ + | - ] preference command.
      • To set the Origin attribute for a BGP route, run the apply origin { egp { as-number-plain | as-number-dot } | igp | incomplete } command.
      • To set a preferred value for a BGP route, run the apply preferred-value preferred-value command.
      • To set dampening parameters for an EBGP route, run the apply dampening half-life-reach reuse suppress ceiling command.

      The operations in Step 4 can be performed in any order. A node may have multiple apply clauses or no apply clause.

    5. Run commit

      The configuration is committed.

Controlling the Acceptance of BGP Routing Information

After an import policy is configured, only the routes that match the import policy can be accepted.

Procedure

  • Configure BGP to receive routes from all its peers or peer groups.

    You can configure a BGP device to filter routes to be received.

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family unicast

      The IPv4 unicast address family view is displayed.

    4. Perform either of the following operations to configure the BGP device to filter the routes received from all its peers or peer groups:

      • To filter routes based on a basic ACL, perform the following steps:
        1. Run filter-policy { acl-number | acl-name acl-name } import, the received routes is filtered based on an ACL.
        2. Run quit, return to the BGP view.
        3. Run quit, return to the system view.
        4. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ], the basic ACL view is displayed.
        5. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *, a rule is configured for the basic ACL.

          When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

          When a filtering policy of a routing protocol is used to filter routes:
          • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

          • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

          • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

          • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

          • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

          • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

            Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

            Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

      • To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-name import command.

      NOTE:

      If an ACL has been referenced in the filter-policy command but no VPN instance is specified in the ACL rule, BGP will filter routes including public and private network routes in all address families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN instance will be filtered, and no route of this VPN instance will be filtered.

    5. Run commit

      The configuration is committed.

  • Configure a BGP device to receive routes from a specific peer or peer group.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family unicast

      The IPv4 unicast address family view is displayed.

    4. Perform any of the following configurations to configure the BGP device to filter the routes received from a specific peer or peer group:

      • To filter routes based on a basic ACL, perform the following steps:
        1. Run peer { ipv4-address | group-name } filter-policy { acl-number | acl-name acl-name } import, the advertised routes is filtered based on an ACL.
        2. Run quit, return to the BGP view.
        3. Run quit, return to the system view.
        4. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ], the basic ACL view is displayed.
        5. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *, a rule is configured for the basic ACL.

          When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

          When a filtering policy of a routing protocol is used to filter routes:
          • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

          • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

          • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

          • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

          • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

          • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

            Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

            Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

      • To filter routes based on the IP prefix list, run the peer { ipv4-address | group-name } ip-prefix ip-prefix-name import command.

      • To filter routes based on the AS_Path filter, run the peer { ipv4-address | group-name } as-path-filter { as-path-filter-number | as-path-filter-name } import command.

      • To filter routes based on the route-policy filter, run the peer { ipv4-address | group-name } route-policy route-policy-name import command.

        NOTE:

        The routing policy set in the peer route-policy import command does not support a certain interface as one of the matching rules. That is, the routing policy does not support the if-match interface command.

      A peer group and its members can use different import policies when receiving routes. This means that each member in a peer group can select its own policy to filter received routes.

    5. Run commit

      The configuration is committed.

  • Limit the number of the routes received from a peer.

    When the router running BGP is attacked or network configuration errors occur, the router receives a large number of routes from its neighbor. As a result, a large number of resources of the router are consumed. Therefore, the administrator must limit the resources used by the router based on network planning and the capacity of the router. BGP provides peer-based route control to limit the number of routes to be sent by a neighbor. Thus, the preceding problem is addressed.

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family unicast

      The IPv4 unicast address family view is displayed.

    4. Run peer { group-name | ipv4-address } route-limit limit [ percentage ] [ alert-only | idle-forever | idle-timeout minutes ]

      The number of routes that can be received from a peer or peer group is set.

      The command provides the limit on the number of received routes based on peers. You can configure specific parameters as required to control BGP after the number of the routes received from a peer exceeds the threshold.

      • alert-only: The peer relationship is kept. No route is received after the number of received routes exceeds the threshold, and an alarm is generated and recorded in the log.

      • idle-forever: The peer relationship is interrupted. The router does not retry setting up a connection. An alarm is generated and recorded in the log. In this case, run the display bgp peer [ verbose ] command, and you can find that the status of the peer is Idle. To restore the BGP connection, run the reset bgp command.

      • idle-timeout: The peer relationship is interrupted. The router retries setting up a connection after the timer expires. An alarm is generated and recorded in the log. In this case, run the display bgp peer [ verbose ] command, and you can find that the status of the peer is Idle. To restore the BGP connection before the timer expires, run the reset bgp command.

      • If none of the preceding parameters is set, the peer relationship is disconnected. The router retries setting up a connection after 30 seconds. An alarm is generated and recorded in the log.

      NOTE:

      If the number of routes received by the local router exceeds the upper limit and the peer route-limit command is used for the first time, the local router and its peer reestablish the peer relationship, regardless of whether alert-only is set.

    5. Run commit

      The configuration is committed.

(Optional) Configuring BGP Soft Reset

The inbound BGP soft reset allows the system to apply the new import policies immediately and refresh BGP routing table dynamically without tearing down any BGP connection.

Context

After changing a BGP import policy, you can reset BGP connections for the new import policy to take effect, interrupting these BGP connections temporarily. BGP route-refresh allows the system to refresh a BGP routing table dynamically without tearing down any BGP connection if routing policies are changed.

  • If a device's peer supports route-refresh, the refresh bgp command can be used on the device to softly reset the BGP connection with the peer and update the BGP routing table.

  • If a device's peer does not support route-refresh, the peer keep-all-routes command can be used on the device to remain all routing updates received from the peer so that the device can refresh its routing table without closing the connection with the peer.

Procedure

  • If the device's peers support route-refresh, perform the following operations:
    1. (Optional) Enable route-refresh.

      1. Run system-view

        The system view is displayed.

      2. Run bgp as-number

        The BGP view is displayed.

      3. Run peer { ipv4-address | group-name } capability-advertise route-refresh

        Route-refresh is enabled.

      4. Run commit

        The configuration is committed.

      If route-refresh is enabled on all BGP peers and the import policy of the local router is changed, the local router sends a route-refresh message to peers or peer groups. After receiving the message, the peers or peer groups resend routing information to the local BGP device. This enables the local router to dynamically refresh its BGP routing table and apply the new routing policy without terminating any BGP connections.

    2. Configure BGP soft reset.

      1. Run the refresh bgp [ vpn-instance vpn-instance-name ipv4-family | vpnv4 ] { all | ipv4-address | group group-name | external | internal } import command in the user view to trigger inbound BGP soft resetting.

      external softly resets an EBGP connection, and internal softly resets an IBGP connection.

  • If the device's peers do not support route-refresh, perform the following operations:
    • Configure the device to store all the routing updates received from its peers or peer groups.

      1. Run system-view

        The system view is displayed.

      2. Run bgp as-number

        The BGP view is displayed.

      3. Run ipv4-family unicast

        The IPv4 unicast address family view is displayed.

      4. Run peer { ipv4-address | group-name } keep-all-routes

        The device is configured to store all the routing updates received from its peers or peer groups.

        After this command is used, all routing updates sent by a specified peer or peer group are stored, regardless of whether an import policy is used. When the local routing policy changes, the information can be used to regenerate BGP routes again.

        NOTE:

        This command must be run on the local device and its peers. If the peer keep-all-routes command is run on the device for the first time, the sessions between the device and its peers are reestablished.

        The peer keep-all-routes command does not need to be run on the router that supports route-refresh. If the peer keep-all-routes command is run on the router, the sessions between the router and its peers will not be reestablished but the refresh bgp command does not take effect on the router.

      5. Run commit

        The configuration is committed.

Verifying the Configuration of Using a Routing Policy to Filter the BGP Routes to Be Received

After controlling BGP to receive routes, check imported routes matching a specified filter.

Prerequisites

Configurations have been performed to control BGP to receive routes.

Procedure

  • Run the display ip as-path-filter [ as-path-filter-number | as-path-filter-name ] command to check information about a configured AS_Path filter.
  • Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num | comm-filter-name ] command to check information about a configured community filter.
  • Run the display ip extcommunity-filter [ basic-extcomm-filter-num | advanced-extcomm-filter-num | extcomm-filter-name ] command to check information about a configured VPN-Target extcommunity filter.
  • Run the display ip extcommunity-list soo [ extcomm-filter-name ] command to check information about a configured SoO extcommunity filter.
  • Run the display bgp routing-table as-path-filter as-path-filter-number command to check information about routes matching a specified AS_Path filter.
  • Run the display bgp routing-table community-filter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advanced-community-filter-number } command to check information about routes matching a specified BGP community filter.
  • Run the display bgp routing-table peer ipv4-address received-routes [ statistics ] command to check information about routes received by a BGP device from its peers.
  • Run the display bgp routing-table peer ipv4-address received-routes network { mask | mask-length } original-attributes command to check information about the original attributes of specified routes.

Example

After a community filter is configured, run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num | comm-filter-name ]command in the system view to view information about the configured community filter. Run the display bgp routing-table peer ipv4-address received-routes command to view information about the routes that are received by a BGP device from a specified peer

# View information about a configured community filter.
<HUAWEI> display ip community-filter
 Community filter Number 10
         index: 10     deny  no-export
 Community filter Number 110
         index: 10     permit 110:110
 Named Community basic filter: aa (ListID = 200)
         index: 10     permit  1 internet
 Named Community advanced filter: bb (ListID = 700)
         index: 10     permit  20

# View the routes that are received by a BGP device from its peer at 2.2.2.2.

<HUAWEI> display bgp routing-table peer 2.2.2.2 received-routes
 BGP Local router ID is 1.1.1.1
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete
 RPKI validation codes: V - valid, I - invalid, N - not-found


 Total Number of Routes: 2 
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>   1.1.1.1/32         2.2.2.2         0                     0      200?
 *>   4.4.4.4/32         2.2.2.2         1                     0      200i
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055018

Views: 49927

Downloads: 201

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next