No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Routing 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - IP Routing
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Applying Filters to Routes to Be Advertised

Applying Filters to Routes to Be Advertised

By applying filters of routing policies to routing protocols, you can filter routes to be advertised.

Usage Scenario

To enable a device to advertise required routes, define the filter (such as the IP prefix list, ACL, or route-policy) for a routing policy, apply the filter to routing protocols, and run the filter-policy command specified with the filter in the related protocol view to filter the routes to be advertised.

The function of the filter-policy export command varies the protocol type. And the functions to a distance-vector protocol and a link-state protocol are as follows:

  • Distance-vector protocol

    A distance-vector protocol generates routes based on the routing table. Therefore, the command filters the routes received from neighbors and the routes to be advertised to neighbors.

  • Link-state protocol

    A link-state protocol generates routes based on the LSDB. The filter-policy command does not affect any Link State Advertisement (LSA) or LSDB.

    When advertising routes, you can run the filter-policy export command to determine whether to advertise the imported routes (such as the imported RIP routes). Only the LSAs or Link State PDUs (LSPs) that are imported using the filter-policy import command are added to the LSDB. This does not affect the LSAs advertised to other routers.

NOTE:
  • BGP has the powerful filtering function. For the configuration of BGP routing policies, refer to "BGP Configuration."

  • For details of the filter-policy and import-route commands and their applications in RIP, OSPF, IS-IS, and BGP, refer to related configurations.

Pre-configuration Tasks

Before applying filters to routes to be advertised, complete the following tasks:

Configuration Procedures

Perform one or more of the following configurations as required.

Configuring RIP to Filter the Routes to Be Advertised

You can set conditions to filter the routes to be advertised. Only the routes that meet the conditions can be advertised.

Context

Devices can filter the routing information. To filter the routes to be advertised, you can configure an export filtering policy by specifying the ACL and IP prefix list.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run rip [ process-id ]

    A RIP process is created, and the RIP view is displayed.

  3. Set the conditions to filter the advertised routes.

    Run any of the following commands as required:

    • Based on the basic ACL:
      1. Run filter-policy { acl-number | acl-name acl-name } export [ protocol process-id | interface-type interface-number ]

      2. Run quit

        Return to the system view.

      3. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

        The basic ACL view is displayed.

      4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *

        The rule for the basic ACL is configured.

        When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

        When a filtering policy of a routing protocol is used to filter routes:
        • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

        • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

        • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

        • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

        • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

        • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

          Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

          Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

    • Based on the IP prefix:

      Run filter-policy ip-prefix ip-prefix-name export [ protocol process-id | interface-type interface-number ]

  4. Run commit

    The configuration is committed.

Configuring OSPF to Filter the Routes to Be Advertised

After a filtering policy is configured for OSPF routes to be imported, only the routes that match the policy will be advertised.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ospf [ process-id ]

    The OSPF process view is displayed.

  3. Set the conditions to filter the advertised routes.

    Run any of the following commands as required:

    • Based on the basic ACL:
      1. Run filter-policy { acl-number | acl-name acl-name } export [ direct | static | bgp | { rip | isis | ospf } [ process-id ] ]

      2. Run quit

        Return to the system view.

      3. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

        The basic ACL view is displayed.

      4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *

        The rule for the basic ACL is configured.

        When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

        When a filtering policy of a routing protocol is used to filter routes:
        • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

        • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

        • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

        • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

        • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

        • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

          Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

          Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

    • Based on the IP prefix:

      Run filter-policy ip-prefix ip-prefix-name export [ direct | static | bgp | { rip | isis | ospf } [ process-id ] ]

  4. Run commit

    The configuration is committed.

Configuring IS-IS to Filter the Routes to Be Advertised

By configuring IS-IS to filter the routes to be advertised, you can effectively control the number of IS-IS routes on the network.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run isis [ process-id ]

    The IS-IS view is displayed.

  3. Set the conditions to filter the advertised routes.

    Run any of the following commands as required:

    • Based on the basic ACL:
      1. Run filter-policy { acl-number | acl-name acl-name } export [ direct | static | rip process-id | bgp | ospf process-id | isis process-id | unr ]

      2. Run quit

        Return to the system view.

      3. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

        The basic ACL view is displayed.

      4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *

        The rule for the basic ACL is configured.

        When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

        When a filtering policy of a routing protocol is used to filter routes:
        • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

        • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

        • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

        • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

        • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

        • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

          Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

          Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

    • Based on the IP prefix:

      Run filter-policy ip-prefix ip-prefix-name export [ direct | static | rip process-id | bgp | ospf process-id | isis process-id | unr ]

  4. Run commit

    The configuration is committed.

Verifying the Configuration of Applying Filters to the Advertised Routes

After applying filters to the advertised routes, check information about the routing table of each protocol.

Prerequisites

Filters have been applied to the advertised routes.

Procedure

  • Run the display rip process-id route command to check information about the RIP routing table.
  • Run the display ospf [ process-id ] routing command to check information about the OSPF routing table.
  • Run the display isis [ process-id ] route command to check information about the IS-IS routing table.
  • Run the display ip routing-table command to check information about the IP routing table.

    Run the display ip routing-table command on the neighbor to view that the routes that meet the matching rules set on the neighbor are filtered or the actions defined by apply clauses are performed on these routes.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058916

Views: 35013

Downloads: 51

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next