The ip extcommunity-filter advanced command adds an advanced VPN-Target extended community filter.
The undo ip extcommunity-filter advanced command deletes a specified advanced VPN-Target extended community filter.
By default, no advanced VPN-Target extended community filter is configured.
| Parameter | Description | Value |
|---|---|---|
| index index-number |
Specifies the sequence number of an advanced VPN-Target extended community filter. |
The value is an integer ranging from 1 to 4294967295. |
| matchMode |
Sets the matching mode of the advanced VPN-Target extended community filter. |
The value is an enumerated type:
|
| regular-expression |
Specifies the regular expression matched the VPN-Target extended community. |
The value is a string of 1 to 1024 characters, spaces supported. |
| advanced advanced-extcomm-filter-name |
Specifies the name of the advanced VPN-Target extended community filter. |
The name is a string of 1 to 51 case-sensitive characters, spaces not supported. The string cannot be all digits. The character string can contain spaces if it is enclosed with double quotation marks ("). |
Usage Scenario
A VPN-Target extended community filter can be used as a matching condition of a route-policy using a command, such as the if-match extcommunity-filter zz command.
The relationship between the rules of the VPN-Target extended community filter is "OR", which is different from that of an RD filter. This is because each route has only one RD but can have multiple communities. The undo ip extcommunity-filter command deletes a specified VPN-Target extended community filter. The display ip extcommunity-filter command displays detailed configurations of the VPN-Target extended community filter.Configuration Impact
The ip extcommunity-filter command filters routes based on the RT attributes of the routes. The routes that match the filtering are permitted to pass through, and the routes that fail to match the filtering are denied.
Precautions
The extended community attributes of a route include VPN-target and Source of Origin (SoO). The ip extcommunity-filter command adds a VPN-Target extended community filter.
By default, VPN-Target extended community filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter. For an advanced VPN-Target extended community filter, if the VPN-Target attribute is set to be in the format of 4-byte AS number:2-byte user-defined number, the filtering rule that uses the VPN-Target-based regular expression is affected by the as-notation plain command: