< Home

Applying Filters to Received Routes

Procedure

  • Configuring RIP to filter received routes
    1. Run system-view

      The system view is displayed.

    2. Run rip [ process-id ]

      The RIP view is displayed.

    3. Depending on type of desired filtering, run one of following commands to configure RIP to filter the received routes:

      • Run filter-policy { acl-number | acl-name acl-name } import [ interface-type interface-number ]

        Learned routing information is filtered based on an ACL.

      • Run filter-policy gateway ip-prefix-name import

        Routing information advertised by neighbors is filtered based on the IP prefix list.

      • Run filter-policy ip-prefix ip-prefix-name [ gateway ip-prefix-name ] import [ interface-type interface-number ]

        Routes learned by the specified interface are filtered based on the IP prefix list and neighbors.

  • Configuring OSPF to filter received routes
    1. Run system-view

      The system view is displayed.

    2. Run ospf [ process-id ]

      The OSPF process view is displayed.

    3. Run filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name [ secondary ] } import

      OSPF is configured to filter received routes.

      • The acl-number parameter specifies the number of a basic ACL.
      • The acl-name acl-name parameter specifies the name of an ACL.
      • The ip-prefix ip-prefix-name parameter specifies the name of an IP prefix list.

      The filter-policy import command filters the routes calculated by OSPF but cannot filter advertised or received LSAs. Only the routes that pass the filtering criteria are added to the OSPF routing table. However, routes that do not pass the filtering criteria are not added to the OSPF routing table but can still be advertised.

  • Configuring IS-IS to filter received routes
    1. Run system-view

      The system view is displayed.

    2. Run isis [ process-id ]

      The IS-IS view is displayed.

    3. Run filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } import

      IS-IS routes that match the filter-policy are delivered to the IP routing table.

  • Configure the BGP device to filter the routes received from all its peers or peer groups.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Enter the corresponding address family view based on network type to configure BGP devices on networks.

      • Run ipv4-family { unicast | multicast }

        The IPv4 address family view is displayed.

      • Run ipv6-family [ unicast ]

        The IPv6 address family view is displayed.

    4. Perform either of the following operations to configure the BGP device to filter the routes received from all its peers or peer groups:

      • To filter routes based on an ACL, run the filter-policy { acl-number | acl-name acl-name } import or the filter-policy { acl6-number | acl6-name acl6-name } import command.
      • To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-name import or the filter-policy ipv6-prefix ipv6-prefix-name import command.

      If an ACL has been referenced in the filter-policy command but no VPN instance is specified in the ACL rule, BGP will filter routes including public and private network routes in all address families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN instance will be filtered, and no route of this VPN instance will be filtered.

  • Configure BGP to filter the routes received from a specified peer or peer group.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Enter the corresponding address family view based on network type to configure BGP devices on networks.

      • Run ipv4-family { unicast | multicast }

        The IPv4 address family view is displayed.

      • Run ipv6-family [ unicast ]

        The IPv6 address family view is displayed.

    4. Perform any of the following operations to configure the BGP device to filter the routes received from a specific peer or peer group:

      • To filter routes based on an ACL, run the peer { group-name | ipv4-address | ipv6-address } filter-policy { acl-number | acl-name acl-name | acl6-number | acl6-name acl6-name } import command.

      • To filter routes based on an IP prefix list, run the peer { ipv4-address | group-name } ip-prefix ip-prefix-name import or the peer { group-name | ipv4-address | ipv6-address } ipv6-prefix ipv6-prefix-name import command.

      • To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-name | ipv6-address } as-path-filter { as-path-filter-number | as-path-filter-name } import command.

      • To filter routes based on a route-policy, run the peer { ipv4-address | group-name | ipv6-address } route-policy route-policy-name import command.

      The routing policy applied in the peer route-policy import command does not support a specific interface as one matching rule. That is, the routing policy does not support the if-match interface command.

      If the number of routes received by the local device exceeds the upper limit and the peer route-limit command is used for the first time, the local device and its peer reestablish the peer relationship, regardless of whether alert-only is set.

    5. (Optional) Run peer { group-name | ipv4-address | ipv6-address } route-limit limit [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

      The maximum number of routes that can be received from the peer or peer group is set.

Parent Topic: Configuring Filter-Policy
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >