The if-match source command configures a filtering rule based on the source address.
The undo if-match source command deletes the filtering rule based on the source address.
By default, no filtering rule based on the source address is configured.
| Parameter | Description | Value |
|---|---|---|
| ipv4Address |
Specifies the destination address of the traffic. |
This value is in dotted decimal notation. |
| maskLenEx |
Specifies the IPv4 mask length. |
The value is an integer ranging from 0 to 32. |
| mask |
Specifies the source IP address mask of the traffic. |
This value is in dotted decimal notation. |
Usage Scenario
To filter out the attack traffic to a specified destination, you can run the if-match source command to configure a filtering rule based on the source address for the BGP Flow Specification route or BGP VPN Flow Specification route. Traffic matching the filtering rule will be controlled with the action specified by the apply clause.
Prerequisites
A static BGP Flow Specification route has been created using the flow-route command in the system view.
A static BGP VPN Flow Specification route has been configured using the flow-route vpn-instance command in the system view.Configuration Impact
If you run the if-match source command for the same BGP Flow Specification route or BGP VPN Flow Specification route several times, the last configuration takes effect.
<HUAWEI> system-view [~HUAWEI] ip vpn-instance vpna [~HUAWEI-vpn-instance-vpna] quit [~HUAWEI] flow-route Rule1 vpn-instance vpna [*HUAWEI-flow-route-vpna] if-match source 10.1.1.1 24