The ip extcommunity-filter command adds an advanced VPN-Target extended community filter.
The undo ip extcommunity-filter command deletes a specified advanced VPN-Target extended community filter.
By default, no advanced VPN-Target extended community filter is configured.
| Parameter | Description | Value |
|---|---|---|
| advanced-extcomm-filter-num |
Specifies the sequence number of a VPN-Target extended community filter. |
The value is an integer ranging from 200 to 399. |
| index index-number |
Specifies the sequence number of a VPN-Target extended community filter. |
The value is an integer ranging from 1 to 4294967295. |
| matchMode |
Sets the matching mode of the VPN-Target extended community filter. |
The value is an enumerated type:
|
| regular-expression |
Specifies the regular expression matched the VPN-Target extended community. |
The value is a string of 1 to 1024 characters, spaces supported. |
Usage Scenario
A VPN-Target extended community filter can be used as a matching condition of a route-policy using a command, such as the if-match extcommunity-filter zz command.
The relationship between the rules of the VPN-Target extended community filter is "OR", which is different from that of an RD filter. This is because each route has only one RD but can have multiple communities. For example, a VPN-Target extended community filter can be set in either of the following formats, with the same filtering result: Format 1: ip extcommunity-filter 1 permit rt 100:1 rt 200:1 rt 300:1 The filter has one rule, which consists of three VPN-Targets: 100:1, 200:1, and 300:1. The relationship between them is "OR." Format 2: ip extcommunity-filter 1 permit rt 100:1 ip extcommunity-filter 1 permit rt 200:1 rt 300:1 The filter has two rules. Rule 1 consists of VPN-Target 100:1, and rule 2 consists of VPN-Targets 200:1 and 300:1. The relationship between the two rules is "OR." In format 2, the VPN-Target extended community defined in each rule must be a sub-set of route VPN-Target extended communities so that the rule can be matched. The undo ip extcommunity-filter command deletes a specified VPN-Target extended community filter. The display ip extcommunity-filter command displays detailed configurations of the VPN-Target extended community filter.Configuration Impact
The ip extcommunity-filter command filters routes based on the RT attributes of the routes. The routes that match the filtering are permitted to pass through, and the routes that fail to match the filtering are denied.
Precautions
The extended community attributes of a route include VPN-target and Source of Origin (SoO). The ip extcommunity-filter command adds a VPN-Target extended community filter.
By default, VPN-Target extended community filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter. For an advanced VPN-Target extended community filter, if the VPN-Target attribute is set to be in the format of 4-byte AS number:2-byte user-defined number, the filtering rule that uses the VPN-Target-based regular expression is affected by the as-notation plain command: