Configuring Related BGP4+ Access Lists

Procedure

• Configure the AS_Path filter.
  1. Run system-view

     The system view is displayed.

  2. Run ip as-path-filter { as-path-filter-number | as-path-filter-name } [ index index-number ] { permit | deny } regular-expression

     An AS_Path filter is configured.

     After the peer as-path-filter command is used to apply a routing policy to BGP4+ routes, the AS_Path filter filters out unqualified routes.

     The AS_Path filter uses the regular expression to define matching rules. A regular expression consists of the following parts:

     • Metacharacter: defines matching rules.

     • Value: defines matching objects.

     Table 1 Description of metacharacters

     Special Character	Function	Example
     .	Matches any single character.	.* matches any string in an AS_Path and is used to match any route.
     ^	Indicates the beginning of a matched string.	^65 matches strings beginning with 65: Examples of matched strings: 65, 651, 6501, and 65001 Examples of unmatched strings: 165, 1650, 6650, and 60065
     $	Indicates the end of a matched string.	65$ matches strings ending with 65: Examples of matched strings: 65, 165, 1065, 10065, and 60065 Examples of unmatched strings: 651, 1650, 6650, 60650, and 65001 ^65$ matches AS_Path 65 only. NOTE: ^$ matches an empty string (empty AS_Path) and is usually used to match routes in the local AS.
     _	Matches a sign, such as a comma (,), left brace ({), right brace (}), left parenthesis ((), right parenthesis ()), and space. In addition, it can be used at the beginning of a regular expression with the same function as the caret sign (^) or at the end of a regular expression with the same function as the dollar sign ($).	^65001_ matches the AS_Paths that begin with 65001 followed by a symbol. Specifically, ^65001_ matches AS_Paths with 65001 as the leftmost AS number (the number of the last AS through which a route passes) and the routes sent by peers in AS 65001. _65001_ matches the strings (AS_Paths) that contain 65001, which is used to match the routes that pass through AS 65001. _65001$ matches the AS_Paths that end with a sign followed by 65001. Specifically, _65001$ matches AS_Paths with 65001 as the rightmost AS number (the number of the first AS through which a route passes), which is used to match the routes that originate in AS 65001.
     \	Defines an escape character, which is used to mark the next character (common or special) as a common character.	An AS_Confed_Sequence contains parentheses (()). The parentheses (()) in regular expressions provide special functions. To match such special characters by removing their special meanings, you can use the backslash (\). For example: \(65002_ matches the AS_Confed_Sequences that begin with (65002 followed by a sign. Specifically, \(65002_ matches AS_Confed_Sequences with 65002 as the leftmost AS number (the number of the last AS through which a route passes) and the routes sent by peers in AS 65002. \(.*_65003_.*\) matches the AS_Confed_Sequence that contains AS number 65003 and the routes that pass through AS 65003 in a confederation. _65004\) matches a string that ends with 65004 and with a sign before 65004. That is, the most significant AS number (start AS) of AS_Confed_Sequence is 65004. This string can also be used to match the routes originating in AS 65004 in a confederation and the routes directly advertised by AS 65004 in the confederation. _65004\) provides the same function as 65004\). Similarly, backslashes (\) can be used to remove the special meanings of the left bracket ([) and right bracket (]) used in an AS_Confed_Set and the left brace ({) and right brace (}) used in an AS_Set.
     *	Matches the strings in which the preceding character occurs zero or more times.	65* matches the AS_Paths that begin with 6 and contain zero or multiple 5s. Examples of matched strings: 6, 65, 655, 6559, 65259, and 65529 Examples of unmatched strings: 5, 56, 556, 5669, 55269, and 56259
     +	Matches the strings in which the preceding character occurs one or more times.	65+ matches the AS_Paths that begin with 6 and contain one or multiple 5s. Examples of matched strings: 65, 655, 6559, 65259, and 65529 Examples of unmatched strings: 56, 556, 5669, 55269, and 56259
     ?	Matches the strings in which the preceding character occurs zero or one time.	65? matches the AS_Paths that begin with 6 and contain zero or one 5. Examples of matched strings: 6 and 65 Examples of unmatched strings: 655, 6559, and 65529
     ()	Defines a subexpression, which can be empty. The parentheses can be empty in between.	100(200)+ matches 100200, 100200200, and so on.
     x|y	Matches x or y.	100|65002|65003 matches 100, 65002, or 65003.
     [xyz]	Matches any character in the regular expression.	[896] matches 8, 9, or 6.
     [^xyz]	Matches any character that is not contained in the regular expression.	[^896] matches any character, except 8, 9, and 6.
     [a-z]	Matches any character within the specified range.	[2-4] matches any of 2, 3, and 4; [0-9] matches any digits from 0 to 9. NOTE: The value in the square brackets ([]) must be a digit from 0 to 9. For example, to match a number ranging from 735 to 907, use the regular expression of (73[5-9]|7[4-9][0-9]|8[0-9][0-9]|90[0-7]).
     [^a-z]	Matches any character beyond the specified range.	[^2-4] matches AS_Paths without 2, 3, and 4, and [^0-9] matches AS_Paths without digits from 0 to 9.

     For example, ^10 indicates that only the AS_Path attribute starting with 10 is matched. A circumflex (^) indicates that the beginning of a character string is matched.

     Multiple rules, permit or deny, can be specified in a filter. The relationship between these rules is "OR". This means that if a route meets one of the matching rules, it will pass the AS_Path-based filtering.

     

     For details on the regular expression, see the HUAWEI NetEngine 8000 F SeriesRouter Configuration Guide - Basic Configurations.

  3. Run commit

     The configuration is committed.

• Configure the community filter.

  Community filters are classified into two types: standard community filters and advanced community filters. Advanced community filters support regular expressions and are more flexible than standard community filters.

  1. Run system-view

     The system view is displayed.

  2. Run the ip community-filter command to configure a community filter.

     • To configure a standard community filter, run the ip community-filter basic comm-filter-name [ index index-number ] { permit | deny } [ community-number | aa:nn ] ^* &<1-9> | basic-comm-filter-num [ index index-number ] { permit | deny } [ community-number | aa:nn ] ^* &<1-16> } [ internet | no-export-subconfed | no-advertise | no-export ] ^* command.

     • To configure an advanced community filter, run the ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ index index-number ] { permit | deny } regular-expression command.

  3. Run commit

     The configuration is committed.

• Configure a Large-community filter.

  There are two types of Large-community filters: basic Large-community filters and advanced Large-community filters. Advanced Large-community filters support regular expressions and are more flexible than basic Large-community filters.

  1. Run system-view

     The system view is displayed.

  2. Run the ip large-community-filter command to configure a Large-community filter.

     • To configure a basic Large-community filter, run the ip large-community-filter basic large-comm-filter-name [ index index-number ] { permit | deny } { aa:bb:cc } &<1-16> command.

     • To configure an advanced Large-community filter, run the ip large-community-filter advanced large-comm-filter-name [ index index-number ] { permit | deny } regular-expression command.

  3. Run commit

     The configuration is committed.

• Configure an extended community filter.
  1. Run system-view

     The system view is displayed.

  2. Perform either of the following operations as required to configure an extended community filter.

     To configure a VPN-Target extended community filter:

     • To configure a basic VPN-Target extended community filter, run the ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name }[ index index-number ] { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16> command.

     • To configure an advanced VPN-Target extended community filter, run the ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } [ index index-number ] { deny | permit } regular-expression command.

     To configure an SoO extended community filter:

     • To configure a basic SoO extended community filter, run the ip extcommunity-list soo basic basic-extcomm-filter-name [ index index-number ] { permit | deny } { site-of-origin } &<1-16> command.

     • To configure an advanced SoO extended community filter, run the ip extcommunity-list soo advanced advanced-extcomm-filter-name [ index index-number ] { permit | deny } regular-expression command.

     Multiple entries can be defined in an extended community filter. The relationship between the entries is "OR". This means that if a route matches one of the rules, the route matches the filter.

  3. Run commit

     The configuration is committed.

• Configure an IPv6 address list.

  Before configuring a conditional BGP4+ route advertisement policy, you need to create an IPv6 address list.

  1. Run system-view

     The system view is displayed.

  2. Run filter-list ipv6-prefix name

     An IPv6 address list is created, and the IPv6 address list view is displayed.

  3. Run prefix address maskLen

     An IPv6 address and mask are configured for the IPv6 address list.

  4. Run commit

     The configuration is committed.