Got it

FAQ - community-filter common matching rule summary

Latest reply: May 20, 2018 14:50:54 1494 2 1 0 0

 Question1: In route-policy configuration “if-match community-filter <filter>”, but <filter> not define, how to match in route-policy?
 Question2: In basic types of community-filter, how to match if multiple Community Attribute configured?
 Question3: In advanced types of community-filter, how to match?
 Question4: In route-policy, one node configured with multiple “if-match community-filter”, how to match?
 Question5: In route-policy “if-match community-filter whole-match” configured, how to match?
 Question6: In command “if-match community-filter” configured with multiple <filter>, how to match for “whole-match”?
 Question7: why under the same name “ip community-filter” can it be configured more than one rule? How to match?

 Note: Here only describe the matching rule, about command line parameters “[ internet | no-export-subconfed | no-advertise | no-export ]” and command line configuration method, refer the commands manual.

 

Answer1: “<filter>” undefined, equivalent to “if-match community-filter <filter>” do not filter, all permit. For example:
 route-policy test permit node 10

if-match ip-prefix 1

if-match community-filter 1

apply ... ...

route-policy test permit node 20

if-match community-filter 1

apply ... ...
 If only “ip-prefix 1” have definition, “community-filter 1” undefined, is equivalent to “if-match community-filter 1 results” is constant true, only “if-match ip-prefix 1” are judged.
 In the same node under the Route-policy, for different attribute “if-match” is with "and" relationship. Therefore, if the route meets “ip-prefix 1”, the 2 “if-match” is both the truth, then “and” result is true. The route can be matched to node 10. If route does not meet ip-prefix 1, then the “and” result is false, the route-policy node 10 unsatisfied and enter the node 20. Because “if-match community-filter 1” is true, so node 20 will permit all route.


Answer2: In basic type community-filter, when multiple Community Attribute configured, it needs the route carries at least these community attributes configured, and doesn’t care whether other more community attribute configured or not. For example:
ip community-filter 1 permit 1:1 1:3
 Route community attribute is " < 1:1 > < 1:3 >” then it can match

Route community attribute is "< 1:1 > < 1:2 > < 1:3 > < 1:4 >” then it can match as well.

But only " < 1:1 > " or only " < 1:3 > ", then the route does not match.


Answer3: In advanced type, the community-filter is using regular expression method to match community attributes, which need at least one of the “community attribute” for the route meet the regular expression, no need all Community Attribute satisfactory. For example:
ip community-filter 111 permit [12]:[23]
 If route community attribute is " < 1:1 > < 1:3 >", which < 1:3 > can match, then route meets the requirement.

If route community attribute is " < 1:1 > < 1:4 >”, both < 1:1 > and < 1:4 > are not able to match, the route does not meet the filter.
 Note: regular expression only use string matching, so the community contains the strings which satisfy regular expression and then it’s ok. For [ 12 ]: [ 23 ], such as <11:2>、<111:31>、<65002:3001>, can all be matched.
 Note2: The community has two formats, can be written as x:y, and can also be written as a long integer z, corresponding relationship is z=x*65535+y. The community-filter can filtered on two formats. For example:
ip community-filter 111 permit 6553
 If the Route Community Attribute is " <0: 65530> ", " < 65531:10 >", "< 1:1>" (on integer 65537), " < 2: 34460>" (on integer 165532.), etc., which are also matched.


Answer4: In route-policy under one node, for different attributes of “if-match” is "and" relationship, for the same attribute of “if-match” is "or" relationship. Therefore, route-policy under one node configured with multiple “if-match community-filter” is “or” relationship, as long as one be matched then it’s ok.

 

Answer5: The “whole-match” means community attribute of the route must be same with “community-filter”. For example:
ip community-filter 1 permit 1:1 1:3
 The Route Community Attribute is " < 1:1 > < 1:3 >", then it can match.

If the community attributes are "<1:1> <1:2> <1:3> <1:4>" or "<1:1>", they are not matched.

Note: “whole-match” only be effect for basic type of community-filter. Advanced type will not be effect even “whole-match” configured.


Answer6: Expand the command to detailed row, then it is easy to understand. “if-match community-filter { <filter1> [ whole-match ] } [ <filter2> [ whole-match ] ] [ <filter3> [ whole-match ] ]...” shows “whole-match” is option parameter for each preceding “<filter>”, which means “whole-match” only be effect on the front “<filter>”.  When specify multiple “<filter>” in the “if-match community-filter”, and require each “<filter>” must be completely matched, then it needs to add “whole-match” after each “<filter>”. For example:
ip community-filter 1 permit 1:1 1:2

ip community-filter 2 permit 2:1 2:2

ip community-filter 3 permit 3:1 3:2

ip community-filter 4 permit 4:1 4:2

ip community-filter 5 permit 5:1 5:2

route-policy test permit node 10

if-match community-filter 1 2 whole-match 3 4 whole-match 5
 Only after 2 and 4, it’s added “whole-match”, so “<filter>” 2 and 4 based on “whole-match” matching. So the if-match filtering rule is met for containing "<1:1> < 1:2 >", or equal to "<2:1> <2:2>", or containing "< 3:1 > < 3:2 > ", or equal to " < 4:1 > < 4:2 > ", or containing" < 5:1 > < 5:2 >.


Answer7: Due to length of the command, one “ip community-filter” command can not be configured with too many Community Attributes, and if you need to configure more Community Attributes, you need to configure multiple “ip community-filter” command. The matching sequence is defined in the configuration order, as long as one of these “ip community-filter” met will be ok. For example:
ip community-filter 1 permit 1:1

ip community-filter 1 permit 1:1 1:2 1:3 1:4 1:5 1:6

ip community-filter 1 permit 1:1 1:3

ip community-filter 1 permit 1:2 1:3 1:4
 / * The following called Article 1, Article 2. * /
 route-policy test permit node 10

if-match community-filter 1 whole-match

apply cost 10

route-policy test permit node 20

if-match community-filter 1

apply cost 20

route-policy test permit node 100
 If route r1 in Community Attribute is “<1:1> <1:3>", first it will check route-policy node 10, as “whole-match”, community-filter 1 Article 1, Article 2 does not match, Article 3 can match, so perform the “apply cost 10” operation.
 If route r2 in Community Attribute is “< 1:1 > < 1:2 > < 1:3 >", first it will check route-policy node 10, as “whole-match”, so the 4 Articles does not match. Then it will check the route-policy node 20, Article 1 can match, so perform “apply cost 20” operation.
 If route r3 in Community Attribute for "< 1:2 >", first it will check route-policy node 10, as “whole-match”, so the 4 Articles does not match. Then it will check node 20, also the whole 4 Articles do not match. At last it will check the route-policy node 100, as node 100 does not use “if-match” to restrict, so route accepted but don't operation. If “route-policy test deny node 100” configured, the route will be denied.


Note: about regular expression matching policy please refer to " regular expression " document, this case do  not contain detailed explanation.

From group: Router
  • x
  • convention:

Mysterious.color
Created May 20, 2018 10:13:11

:)
View more
  • x
  • convention:

w1
Created May 20, 2018 14:50:54

:)
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.