No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - IP Routing 01

This is ME60 V800R010C10SPC500 Configuration Guide - IP Routing
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Applying Filters to Received Routes

Applying Filters to Received Routes

By applying filters of routing policies to routing protocols, you can filter the received routes.

Usage Scenario

When exchanging routes on a network, devices need to accept only required routes. In this situation, you can define a filter (such as an IP prefix list, ACL, or a route-policy) for a routing policy, apply the filter to the routing protocol, and run the filter-policy command specified with the filter in the related protocol view to filter received routes. Then, devices accept only the routes that meet the matching rules.

The function of the filter-policy import command varies the protocol type. And the functions to a distance-vector protocol and a link-state protocol are as follows:

  • Distance-vector protocol

    A distance-vector protocol generates routes based on the routing table. Therefore, the command filters the routes received from neighbors and those to be advertised to neighbors.

  • Link-state protocol

    A link-state protocol generates routes based on the link state database (LSDB). The filter-policy command does not affect any Link State Advertisement (LSA) or LSDB.

    After routes are received, the filter-policy command determines which routes to be added from the protocol routing table to the local core routing table. Therefore, this command takes effect on the local core routing table rather than the protocol routing table.

NOTE:
  • BGP has the powerful filtering function. For the configuration of BGP routing policies, refer to "BGP Configuration."

  • For details of the filter-policy and import-route commands and their applications in RIP, OSPF, IS-IS, and BGP, refer to related configurations.

Pre-configuration Tasks

Before applying filters to received routes, complete the following tasks:

Configuration Procedures

Perform one or more of the following configurations as required.

Configuring RIP to Filter the Received Routes

You can configure an inbound or outbound filtering policy by specifying Access Control Lists (ACLs) and IP address prefix lists to filter routes to be received and advertised. You can also configure a device to receive only the RIP packets from a specified neighbor.

Context

Devices can filter the routing information. To filter the received and advertised routes, you can configure inbound and outbound filtering policies by specifying the ACL and IP prefix list.

You can also configure a device to receive RIP packets from only a specified neighbor.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run rip [ process-id ]

    The RIP process is created and the RIP view is displayed.

  3. Set the conditions to filter the received routes.

    Run any of the following commands as required:

    • Based on the basic ACL:
      1. Run filter-policy { acl-number | acl-name acl-name } import [ interface-type interface-number ]

      2. Run quit

        Return to the system view.

      3. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

        The basic ACL view is displayed.

      4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *

        The rule for the basic ACL is configured.

        When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

        When a filtering policy of a routing protocol is used to filter routes:
        • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

        • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

        • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

        • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

        • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

        • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

          Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

          Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

    • Based on the IP prefix:

      Run filter-policy ip-prefix ip-prefix-name import [ interface-type interface-number ]

  4. Run commit

    The configuration is submitted.

Configuring OSPF to Filter the Received Routes

After a filtering policy is configured for the OSPF routes that need to be delivered to the routing management module, only the routes that match the policy will be added to the routing table.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ospf [ process-id ]

    The OSPF process view is displayed.

  3. Set the conditions to filter the received routes.

    Run any of the following commands as required:

    • Based on the basic ACL:
      1. Run filter-policy { acl-number | acl-name acl-name } import

      2. Run quit

        Return to the system view.

      3. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

        The basic ACL view is displayed.

      4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *

        The rule for the basic ACL is configured.

        When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

        When a filtering policy of a routing protocol is used to filter routes:
        • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

        • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

        • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

        • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

        • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

        • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

          Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

          Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

    • Based on the IP prefix:

      Run filter-policy ip-prefix ip-prefix-name import

  4. Run commit

    The configuration is committed.

Configuring IS-IS to Filter the Received Routes

By configuring IS-IS to filter the received routes, you can control the number of IS-IS routes to be added to the IP routing table, and thus reduce the size of the IP routing table.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run isis [ process-id ]

    The IS-IS view is displayed.

  3. Set the conditions to filter the received routes.

    Run any of the following commands as required:

    • Based on the basic ACL:
      1. Run filter-policy { acl-number | acl-name acl-name } import

      2. Run quit

        Return to the system view.

      3. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

        The basic ACL view is displayed.

      4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *

        The rule for the basic ACL is configured.

        When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

        When a filtering policy of a routing protocol is used to filter routes:
        • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

        • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

        • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

        • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

        • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

        • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

          Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

          Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

    • Based on the IP prefix:

      Run filter-policy ip-prefix ip-prefix-name import

  4. Run commit

    The configuration is committed.

Verifying the Configuration of Applying Filters to Received Routes

After applying filters to the received routes, verify information about the routing table of each protocol.

Prerequisites

Filters have been applied to the received routes.

Procedure

  • Run the display rip process-id route command to check information about the RIP routing table.
  • Run the display ospf [ process-id ] routing command to check information about the OSPF routing table.
  • Run the display isis [ process-id ] route command to check information about the IS-IS routing table.
  • Run the display ip routing-table command to check information about the IP routing table.

    Run the display ip routing-table command on the local ME device to view that the routes that meet the matching rules set on the neighbor are filtered or the actions defined by apply clauses are performed on these routes.

Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059437

Views: 20706

Downloads: 15

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next