Applying Filters to Advertised Routes

Procedure

• Configuring RIP to filter advertised routes
  1. Run system-view

     The system view is displayed.

  2. Run rip [ process-id ]

     The RIP view is displayed.

  3. Run filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name } export [ protocol [ process-id ] | interface-type interface-number ]

     Imported routes are filtered before being advertised.

     Routing information advertised by RIP may contain the routing information imported from other protocols. You can use the protocol parameter to filter the routing information imported from a specified routing protocol. If the protocol parameter is not used, all the routes advertised by RIP are filtered, including imported routes and local routes (direct routes).

     

     RIP-2 defines a 16-bit tag, while other routing protocols define 32-bit tags. If the routes of other routing protocols are imported into RIP and the tag is used in the routing policy, the tag value cannot exceed 65535. If the tag value exceeds 65535, the routing policy becomes invalid or the matching result is incorrect.

• Configuring OSPF to filter advertised routes
  1. Run system-view

     The system view is displayed.

  2. Run ospf [ process-id ]

     The OSPF process view is displayed.

  3. Run filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } export [ protocol [ process-id ] ]

     OSPF is configured to filter the routes imported using the import-route command. Only the routes that pass the filtering criteria are advertised.

     • The acl-number parameter specifies the number of a basic ACL.
     • The acl-name acl-name parameter specifies the name of an ACL.
     • The ip-prefix ip-prefix-name parameter specifies the name of an IP prefix list.
     • The route-policy route-policy-name parameter specifies the name of a route policy.

     To filter the routes of a specific routing protocol or OSPF process, specify the protocol [ process-id ] parameter. If this parameter is not specified, OSPF filters all the imported routes.

     

     • The import-route command cannot import external default routes.
     • OSPF filters imported routes and generates Type 5 LSAs to advertise only external routes that pass the filtering criteria.

• Configuring IS-IS to filter advertised routes
  1. Run system-view

     The system view is displayed.

  2. Run isis [ process-id ]

     The IS-IS view is displayed.

  3. Run filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } export [ protocol [ process-id ] ]

     IS-IS is configured to advertise the external routes that meet specified conditions to the IS-IS routing domain.

• Configure the BGP device to filter the routes advertised by all its peers or peer groups.

  You can configure a BGP device to filter routes to be advertised.

  1. Run system-view

     The system view is displayed.

  2. Run bgp { as-number-plain | as-number-dot }

     The BGP view is displayed.

  3. Enter the corresponding address family view based on network type to configure BGP devices on networks.

     • Run ipv4-family { unicast | multicast }

       The IPv4 address family view is displayed.

     • Run ipv6-family [ unicast ]

       The IPv6 address family view is displayed.

  4. Perform either of the following operations to configure the BGP device to advertise routes to all peers or peer groups:
     • To filter routes based on an ACL, run the filter-policy { acl-number | acl-name acl-name } export [ protocol [ process-id ] ] or the filter-policy { acl6-number | acl6-name acl6-name } export [ protocol [ process-id ] ] command.
     • To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-name export [ protocol [ process-id ] ] or the filter-policy ipv6-prefix ipv6-prefix-name export [ protocol [ process-id ] ] command.
     

     If an ACL has been referenced in the filter-policy command but no VPN instance is specified in the ACL rule, BGP will filter routes including public and private network routes in all address families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN instance will be filtered, and no route of this VPN instance will be filtered.

• Configure BGP to filter the routes advertised by a specified peer or peer group.
  1. Run system-view

     The system view is displayed.

  2. Run bgp { as-number-plain | as-number-dot }

     The BGP view is displayed.

  3. Enter the corresponding address family view based on network type to configure BGP devices on networks.

     • Run ipv4-family { unicast | multicast }

       The IPv4 address family view is displayed.

     • Run ipv6-family [ unicast ]

       The IPv6 address family view is displayed.

  4. Perform any of the following operations to configure the BGP device to advertise routes to a specific peer or peer group:

     • To filter routes based on an ACL, run the peer { group-name | ipv4-address | ipv6-address } filter-policy { acl-number | acl-name acl-name | acl6-number | acl6-name acl6-name } export command.

     • To filter routes based on an IP prefix list, run the peer { ipv4-address | group-name } ip-prefix ip-prefix-name export or the peer { group-name | ipv4-address | ipv6-address } ipv6-prefix ipv6-prefix-name export command.

     • To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-name | ipv6-address } as-path-filter { as-path-filter-number | as-path-filter-name } export command.

     • To filter routes based on a route-policy, run the peer { ipv4-address | group-name | ipv6-address } route-policy route-policy-name export command.

     

     The routing policy applied in the peer route-policy export command does not support a specific interface as one matching rule. That is, the routing policy does not support the if-match interface command.