No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

S7700 and S9700 V200R013C00

This document describes the configurations of IP Unicast Routing, including IP Routing, Static Route, RIP, RIPng, OSPF, OSPFv3, IPv4 IS-IS, IPv6 IS-IS, BGP, Routing Policy, IP Routing Table Management, and PBR.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Controlling the Receiving of BGP Routes

Controlling the Receiving of BGP Routes

Context

When a BGP device is attacked or network configuration errors occur, the BGP device will receive a large number of routes from its peer. As a result, many device resources are consumed. Therefore, the administrator must limit the resources used by the device based on network planning and device capacity. BGP provides peer-based route control to limit the number of routes to be sent by a peer. This addresses the preceding problem.

Procedure

  • Configure the BGP device to filter the routes received from all its peers or peer groups.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Enter the corresponding address family view based on network type to configure BGP devices on networks.

      • Run ipv4-family { unicast | multicast }

        The IPv4 address family view is displayed.

      • Run ipv6-family [ unicast ]

        The IPv6 address family view is displayed.

    4. Perform either of the following operations to configure the BGP device to filter the routes received from all its peers or peer groups:

      • To filter routes based on an ACL, run the filter-policy { acl-number | acl-name acl-name } import or the filter-policy { acl6-number | acl6-name acl6-name } import command.
      • To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-name import or the filter-policy ipv6-prefix ipv6-prefix-name import command.

      NOTE:

      If an ACL has been referenced in the filter-policy command but no VPN instance is specified in the ACL rule, BGP will filter routes including public and private network routes in all address families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN instance will be filtered, and no route of this VPN instance will be filtered.

  • Configure BGP to filter the routes received from a specified peer or peer group.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Enter the corresponding address family view based on network type to configure BGP devices on networks.

      • Run ipv4-family { unicast | multicast }

        The IPv4 address family view is displayed.

      • Run ipv6-family [ unicast ]

        The IPv6 address family view is displayed.

    4. Perform any of the following operations to configure the BGP device to filter the routes received from a specific peer or peer group:

      • To filter routes based on an ACL, run the peer { group-name | ipv4-address | ipv6-address } filter-policy { acl-number | acl-name acl-name | acl6-number | acl6-name acl6-name } import command.

      • To filter routes based on an IP prefix list, run the peer { ipv4-address | group-name } ip-prefix ip-prefix-name import or the peer { group-name | ipv4-address | ipv6-address } ipv6-prefix ipv6-prefix-name import command.

      • To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-name | ipv6-address } as-path-filter { as-path-filter-number | as-path-filter-name } import command.

      • To filter routes based on a route-policy, run the peer { ipv4-address | group-name | ipv6-address } route-policy route-policy-name import command.

      NOTE:

      The routing policy applied in the peer route-policy import command does not support a specific interface as one matching rule. That is, the routing policy does not support the if-match interface command.

      If the number of routes received by the local device exceeds the upper limit and the peer route-limit command is used for the first time, the local device and its peer reestablish the peer relationship, regardless of whether alert-only is set.

    5. (Optional) Run peer { group-name | ipv4-address | ipv6-address } route-limit limit [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

      The maximum number of routes that can be received from the peer or peer group is set.

Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065744

Views: 57293

Downloads: 46

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next