Configuring an Extcommunity Filter

Context

An extended community (extcommunity) filter is used to filter BGP routes based on extcommunity attributes. BGP extcommunity attributes are classified as follows:

  • VPN target: A VPN target controls route learning between VPN instances, isolating routes of VPN instances from each other. VPN targets include export and import ones. Before advertising Virtual Private Network version 4 (VPNv4) or Virtual Private Network version 6 (VPNv6) routes to a remote Multiprotocol Extensions for Border Gateway Protocol (MP-BGP) peer, a PE adds export VPN targets to the routes. After receiving the VPNv4 or VPNv6 routes, the remote MP-BGP peer determines which routes can be added to its local VPN instance routing table based on whether the export VPN targets carried in the routes match the import VPN target of the local VPN instance.

  • Source of Origin (SoO): Several CEs at a VPN site may be connected to different PEs. Routes advertised from the CEs to the PEs may be advertised back to the VPN site after the routes traverse the VPN backbone network. This may cause routing loops at the VPN site. To prevent routing loops, SoO attributes can be configured for routes from different VPN sites for differentiation.

  • Encapsulation: The encapsulation extcommunity attribute is classified as the VXLAN encapsulation extcommunity attribute or MPLS encapsulation extcommunity attribute. In EVPN VXLAN scenarios, EVPN routes carry the VXLAN encapsulation extcommunity attribute, and the value of this attribute can be set to 0:8 to filter EVPN routes. In EVPN MPLS scenarios, received EVPN routes do not carry the MPLS encapsulation extcommunity attribute in most cases. If a device receives EVPN routes carrying the MPLS encapsulation extcommunity attribute, the value of this attribute can be set to 0:10 to filter these routes.
  • Segmented-nh: The segmented-nh extcommunity attribute can be added to intra-AS I-PMSI A-D routes in an NG MVPN scenario where segmented tunnels are used.

The matching condition of an extcommunity filter can be specified using an extcommunity ID or a regular expression.

An extcommunity filter is used to filter only BGP routes because the extcommunity attribute is also a private attribute of BGP.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure the following extcommunity filters as needed.

    Configure a VPN-Target extcommunity filter:

    • To configure a basic VPN-Target extcommunity filter, run the ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } [ index index-number ] { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16> command.

    • To configure an advanced VPN-Target extcommunity filter, run the ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name }[ index index-number ] { deny | permit } regular-expression command.

    Configure an SoO extcommunity filter:

    • To configure a basic SoO extcommunity filter, run the ip extcommunity-list soo basic basic-extcomm-filter-name [ index index-number ] { permit | deny } { site-of-origin } &<1-16> command.

    • To configure an advanced SoO extcommunity filter, run the ip extcommunity-list soo advanced advanced-extcomm-filter-name [ index index-number ] { permit | deny } regular-expression command.

    Configure an encapsulation extcommunity filter:

    Configure a segmented-nh extcommunity filter:

    Multiple entries (or rules) can be defined in an extcommunity filter, and the relationship between them is OR, which means that the route matches the extcommunity filter if it matches one of the rules.

  3. Run commit

    The configuration is committed.

Verifying the Configuration

Run the display ip extcommunity-filter command to check information about the configured extcommunity filters.

Parent Topic: Routing Policy Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >