Configuring to Control the Advertisement of BGP Routing Information
After a route advertisement policy is configured on a device, the device advertises only routes matching the policy to its BGP peers.
Procedure
- Configure a BGP device to advertise routes to all peers or peer groups.
You can configure a device to filter routes to be advertised. Perform the following steps on a BGP router:
- Perform the following operations to configure the BGP device to filter the routes to be advertised to all peers or peer groups:
- To filter routes based on a basic ACL, perform the following steps:
- Run filter-policy { acl-number | acl-name acl-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ]
The routes to be advertised are filtered based on an ACL.
- Run quit
Return to the BGP view.
- Run quit
Return to the system view.
- Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]
The basic ACL view is displayed.
Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *
A rule is configured for the basic ACL.
When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.
When a filtering policy of a routing protocol is used to filter routes:If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.
If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.
If a route has not matched any ACL rules, the route will not be received or advertised by the system.
If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.
In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.
- Run filter-policy { acl-number | acl-name acl-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ]
To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-name export [ direct | isis process-id | ospf process-id | rip process-id | static ] command.
If a protocol is specified, only routes of this protocol are filtered. If no protocol is specified, all the routes to be advertised are filtered, including routes imported using the import-route (BGP) command and local routes imported using the network (BGP) command.
If an ACL has been referenced in the filter-policy command but no VPN instance is specified in the ACL rule, BGP will filter routes including public and private network routes in all address families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN instance will be filtered, and no route of this VPN instance will be filtered.
- Perform the following operations to configure the BGP device to filter the routes to be advertised to all peers or peer groups:
- Configure a BGP device to advertise routes to a specific peer or peer group.
- Run the following commands to configure the device to filter routes according to different filters for specified peers.
- To filter routes based on a basic ACL, perform the following steps:
- Run peer { ipv4-address | group-name } filter-policy { acl-number | acl-name acl-name } export
The device is configured to filter the routes to be advertised to the specified peer or peer group.
- Run quit
Return to the BGP view.
- Run quit
Return to the system view.
- Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]
The ACL view is displayed.
Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *
A rule is configured for the ACL.
When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.
When a filtering policy of a routing protocol is used to filter routes:If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.
If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.
If a route has not matched any ACL rules, the route will not be received or advertised by the system.
If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.
In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.
- Run peer { ipv4-address | group-name } filter-policy { acl-number | acl-name acl-name } export
To filter routes based on the IP prefix list, run the peer { ipv4-address | group-name } ip-prefix ip-prefix-name export command.
To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-name } as-path-filter { number | name } export command.
To filter routes based on a route-policy, run the peer { ipv4-address | group-name } route-policy route-policy-name export command.
A route-policy specified in the peer route-policy export command does not support the use of an interface as a matching condition, meaning that the if-match interface command cannot be run for the route-policy.
- To filter routes based on an IP address list, run the peer { peerIpv4Addr | peerIpv6Addr } advertise dependent-filter dependent-filter-list outDependType [ condition-filter condition-filter-list ] command.
A peer group member can use an export routing policy different from that used by the peer group. Specifically, each member in the peer group can use a different policy when advertising routes.
- Run the following commands to configure the device to filter routes according to different filters for specified peers.