ip community-filter

Function

The ip community-filter command creates a community filter.

The undo ip community-filter command deletes a community filter.

By default, no community filter is configured.

Product	Support
S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S	Supported.
S2720-EI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S6720-LI, and S6720S-LI	Not supported.

Format

ip community-filter { basic comm-filter-name | basic-comm-filter-num } { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>

ip community-filter { advanced comm-filter-name | adv-comm-filter-num } { permit | deny } regular-expression

undo ip community-filter { basic comm-filter-name | basic-comm-filter-num } [ permit | deny ] [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>

undo ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ permit | deny ] [ regular-expression ]

Parameters

Parameter	Description	Value
basic comm-filter-name	Specifies the name of a basic community filter.	The value is a string of 1 to 51 case-sensitive characters. The string cannot be all digits. NOTE: When double quotation marks are used around the string, spaces are allowed in the string.
basic-comm-filter-num	Specifies the number of a basic community filter.	The value is an integer ranging from 1 to 99.
deny	Sets the matching mode of the community filter to deny.	-
permit	Sets the matching mode of the community filter to permit.	-
community-number	Specifies the community number.	The value is an integer ranging from 0 to 4294967295.
aa:nn	Specifies the community number. You can configure a maximum of 20 community numbers once. If you do not configure any one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 20 community-number and aa:nn together. If you configure one of internet, no-export-subconfed, no-advertise, and no-export, you can specify 19 community-number and aa:nn together. If you configure two of internet, no-export-subconfed, no-advertise, and no-export, you can specify 18 community-number and aa:nn together. If you configure three of internet, no-export-subconfed, no-advertise, and no-export, you can specify 17 community-number and aa:nn together. If you configure all of internet, no-export-subconfed, no-advertise, and no-export, you can specify 16 community-number and aa:nn together.	aa and nn are integers ranging from 0 to 65535.
internet	Indicates that the matching routes can be sent to any peer.	-
no-export-subconfed	Indicates that routes are not advertised outside an AS. If an AS confederation is used, routes are not advertised to any other sub-ASs in the AS confederation.	-
no-advertise	Indicates that routes are not advertised to other peers.	-
no-export	Indicates that routes are not advertised outside an AS. If an AS confederation is used, routes are not advertised outside the AS confederation, but to other sub-ASs.	-
advanced comm-filter-name	Specifies the name of an advanced community filter.	The value is a string of 1 to 51 case-sensitive characters. The string cannot be all digits. NOTE: When double quotation marks are used around the string, spaces are allowed in the string.
adv-comm-filter-num	Specifies the number of an advanced community filter.	The value is an integer ranging from 100 to 199.
regular-expression	Specifies the regular expression used to match the community information.	The value is a string of 1 to 255 case-sensitive characters, with spaces supported.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The community attribute is a private attribute of BGP, and can be used only to filter BGP routes. The community attribute can be used as a matching rule of a routing policy by using the ip community-filter and if-match community-filter commands together.

Precautions

Only the community number or known community attribute can be specified for a basic community filter. The regular expression can be used as a matching rule in an advanced community filter.

The ip community-filter basic comm-filter-name command or the ip community-filter basic-comm-filter-num command can be used to configure a basic community filter. basic comm-filter-name specifies the name of a basic community filter, and the name cannot be all digits. A maximum of 20 community numbers can be configured in one command. basic-comm-filter-num specifies only the basic community filter with the number ranging from 1 to 99. A maximum of 20 community numbers can be configured in one command.
The ip community-filter advanced comm-filter-name command or the ip community-filter adv-comm-filter-num command can be used to configure an advanced community filter. advanced comm-filter-name specifies the name of an advanced community filter, and the name cannot be all digits. adv-comm-filter-num specifies only the advanced community filter with the number ranging from 100 to 199.

The relationship between the rules of the community filter is "AND". This is different from the route distinguisher (RD) filter. This is because each route has only one RD but can have multiple communities.

For example, the community filters in the following formats have different matching results:

Format 1:

ip community-filter 1 permit 100:1 200:1 300:1

Format 2:

ip community-filter 1 permit 100:1

ip community-filter 1 permit 200:1 300:1

In the preceding configuration of the community filter, the community defined in each rule must be a sub-set of route communities so that the rule can be matched.

The RD filters in the following formats have the same matching results:

Format 1:

ip rd-filter 100 permit 100:1 200:1 2.2.2.2:1 3.3.3.3:1

Format 2:

ip rd-filter 100 permit 100:1 200:1

ip rd-filter 100 permit 2.2.2.2:1

ip rd-filter 100 permit 3.3.3.3:1

The apply comm-filter delete command run in the Route-Policy view deletes the specified community attribute from routes. An ip community-filter command can be used to specify community attributes but one such command specifies only one community attribute each time. To delete more than one community attribute, run the ip community-filter command multiple times. If multiple community attributes are specified in one filter, none of them can be deleted. For information about examples, see apply comm-filter delete.

By default, Community filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter.

Before you run the undo ip community-filter command to delete a community attribute filter that is referenced by another command, delete the reference configuration.

Follow-up Procedure

By default, the Route Management (RM) module will instruct all protocols to apply this community filter. To delay the effective time, run the route-policy-change notify-delay command.

Run the display ip community-filter command to view detailed configuration for the community filter.

Example

# Configure a basic community filter of which the sequence number is 1 to prevent matching routes from being advertised to any peer.

<HUAWEI> system-view

[HUAWEI] ip community-filter 1 deny internet

# Configure an advanced community filter of which the sequence number is 100 to permit all the routes that match the AS 65001.

<HUAWEI> system-view

[HUAWEI] ip community-filter advanced 100 permit 65001:[0-9]+