route-policy address-family mismatch-deny

Function

The route-policy address-family mismatch-deny command configures a device to deny routes if the address family that the routes belong to does not match that specified in an if-match clause of a route-policy.

The undo route-policy address-family mismatch-deny command restores the default configuration.

By default, if the address family that a route belongs to does not match that specified in an if-match clause of a route-policy, the route matches the route-policy.

Format

route-policy route-policy-name address-family mismatch-deny

undo route-policy route-policy-name address-family mismatch-deny

Parameters

Parameter Description Value
route-policy-name

Specifies the name of a route-policy.

The name is a string of 1 to 200 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
route-base write

Usage Guidelines

Usage Scenario

By default, if the address family that a route belongs to does not match that specified in an if-match clause of a route-policy, the route matches the route-policy. Take a route-policy node in permit mode (permit node for short) as an example. If no if-match clause is configured for the permit node, all IPv4 and IPv6 routes are considered to match this node. If the permit node is configured with if-match clauses for filtering IPv4 routes only, IPv4 routes that match the if-match clauses and all IPv6 routes are considered to match this node. If the permit node is configured with if-match clauses for filtering IPv6 routes only, IPv6 routes that match the if-match clauses and all IPv4 routes are considered to match this node. This implementation also applies to a deny node. When the default configuration is used, you are not advised to use the same route-policy to filter both IPv4 and IPv6 routes. Otherwise, services may be interrupted.

If you want to use the same route-policy to filter both IPv4 and IPv6 routes, you can run the route-policy address-family mismatch-deny command to change the default behavior of the route-policy in order to prevent a potential service interruption. After this configuration completes, if the address family that a route belongs to does not match that specified in an if-match clause of the route-policy, the route fails to match the route-policy. Take a permit node as an example. If no if-match clause is configured for the permit node, all IPv4 and IPv6 routes are considered to match this node. If the permit node is configured with if-match clauses for filtering IPv4 routes only, only IPv4 routes that match the if-match clauses are considered to match this node, and no IPv6 routes match this node. If the permit node is configured with if-match clauses for filtering IPv6 routes only, only IPv6 routes that match the if-match clauses are considered to match this node, and no IPv4 routes match this node. This implementation also applies to a deny node.

Prerequisites

A route-policy has been configured.

Precautions

If an if-match clause of a node uses information such as the next hop address or direct route source as a matching condition, the node compares the address family to which the next hop address or direct route source belongs with that specified in the if-match clause.

Example

# Configure a device to deny routes if the address family that the routes belong to does not match that specified in an if-match clause of a route-policy.
<HUAWEI> system-view
[~HUAWEI] ip ip-prefix aaa permit 10.1.1.1 32
[*HUAWEI] route-policy rp1 permit node 10
[*HUAWEI-route-policy] if-match ip-prefix aaa
[*HUAWEI-route-policy] quit
[*HUAWEI] route-policy rp1 address-family mismatch-deny
Parent Topic: IP Routing Policy Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >