【Huawei S Series Switches Routing Policy】5 BGP Routing Policy (1) Highlighted

Latest reply: Apr 7, 2018 23:10:51 4258 2 1 1

1      BGP Routing Policy (1)

In the previous sections, a specific IGP is often used as an example to describe routing policy. Actually, routing policy is mainly used to control BGP routes. BGP routes are flexible and controllable because BGP provides many tools for working with routing policy. Routing policy can be used to precisely control BGP routes. The following describes BGP routing policy.

1.1  IP Prefix List

In BGP, an IP prefix list can work with a filter policy or route-policy and be directly invoked by the peer command. This is the difference between BGP and other routing protocols. If an IP prefix list is invoked by the peer command, it takes effect only on this peer. Therefore, BGP can precisely control routes. Figure 5-1 shows an example for using an IP prefix list in BGP.

Using an IP prefix list in BGP

图1 ip-prefix在BGP中的应用.png

 

Requirement Description

In Figure 5-1, LSW1, LSW2, and LSW3 belong to three different ASs and establish an EBGP peer relationship with each other. LSW1 advertises two routes 10.1.1.0/24 and 10.1.2.0/24 through BGP. It is required that the route 10.1.2.0/24 be denied and other routes be permitted on LSW3.

Configuration

To meet the preceding requirement, run the peer command in the BGP process of LSW3 to invoke an IP prefix list.

The key configuration of LSW3 is as follows:

#

ip ip-prefix huawei index 10 deny 10.1.2.0 24      //Define an IP prefix list to deny the target route.

ip ip-prefix huawei index 20 permit 0.0.0.0 0 less-equal 32   //Permit other routes.

#

bgp 300

 router-id 3.3.3.3

 peer 192.168.23.1 as-number 200

 #

 ipv4-family unicast

  undo synchronization

  peer 192.168.23.1 enable

  peer 192.168.23.1 ip-prefix huawei import   //Apply the IP prefix list in the import direction.

#

You can also apply the IP prefix list in the export direction of LSW2 to filter routes.

Verification

After the preceding configurations are complete, check the BGP routing table of LSW3. The following command output shows that the BGP routing table contains only the route 10.1.1.0/24 and the route 10.1.2.0/24 has been filtered out.

[LSW3] display bgp routing-table 

 

 BGP Local router ID is 3.3.3.3

 Status codes: * - valid, > - best, d - damped,

               h - history,  i - internal, s - suppressed, S - Stale

               Origin : i - IGP, e - EGP, ? - incomplete

 

 

 Total Number of Routes: 1

      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 

 *>   10.1.1.0/24        192.168.23.1                          0      200 100i

1.2  Filter-Policy

Filter-policy has been described in the previous sections. As we all know, filtering rules of a filter-policy are different when it is used in distance-vector routing protocols and link-state routing protocols. BGP is a distance-vector routing protocol. For details of filtering rules in BGP, see Chapter 4 "Filter-Policy."

A filter-policy can be used in BGP using either of the following methods:

l   Configure it in the BGP view to apply it globally and make it take effect for all peers.

l   Configure it in the peer command to make it take effect only for this specified peer.

Different from other routing protocols, BGP can independently apply a filter-policy to a specified peer. This ensures that BGP controls routes more flexibly and precisely. The following provides an example for using a filter-policy in BGP.

Using a filter-policy in BGP

图1 ip-prefix在BGP中的应用.png

 

Requirement Description

In Figure 5-2, LSW1, LSW2, and LSW3 belong to three different ASs and establish an EBGP peer relationship with each other. LSW1 advertises two routes 10.1.1.0/24 and 10.1.2.0/24 through BGP. It is required that the route 10.1.2.0/24 be denied and other routes be permitted on LSW3.

Configuration

l   Method 1: Configure a filter-policy in the BGP view to apply it globally and make it take effect for all peers.

The key configuration of LSW3 is as follows:

#

acl number 2001              //Define an ACL to match the target route.

 rule 5 deny source 10.1.2.0 0      //Deny the route 10.1.2.0.

 rule 10 permit source  any          //Permit all routes.

#

bgp 300

 router-id 3.3.3.3

 peer 192.168.23.1 as-number 200

 #

 ipv4-family unicast

  undo synchronization

filter-policy 2001 import  //Apply a filter-policy on all peers to filter routes.

  peer 192.168.23.1 enable

#

l   Method 2: Configure a filter-policy in the peer command to make it take effect only for this specified peer.

The key configuration of LSW3 is as follows:

#

acl number 2001              //Define an ACL to match the target route.

 rule 5 deny source 10.1.2.0 0      //Deny the route 10.1.2.0.

 rule 10 permit source  any          //Permit all routes.

#

bgp 300

 router-id 3.3.3.3

 peer 192.168.23.1 as-number 200

 #

 ipv4-family unicast

  undo synchronization

  peer 192.168.23.1 enable

  peer 192.168.23.1 filter-policy 2001 import  //Apply a filter-policy on a single peer.

#

1.3  Route-Policy

Route-policy has also been described in the previous sections. In BGP, a route-policy can be used to set route attributes to filter routes.

The following provides an example for using a route-policy in BGP.

Using a route-policy in BGP

图3 route-policy在BGP中的应用.png

 

Requirement Description

In Figure 5-3, LSW1 and LSW2 belong to different ASs and establish an EBGP peer relationship with each other. LSW1 advertises two routes 10.1.1.0/24 and 10.1.2.0/24 through BGP. It is required that different Community attribute values be set for the two routes advertised by LSW1. That is, set Community attributes 100:1 and 100:2 for the routes 10.1.1.0/24 and 10.1.2.0/24 respectively.

Configuration

l   Method 1: Invoke a route-policy using the network command.

This method is to directly invoke a route-policy when routes are advertised using the network command. These routes are advertised to peers after community attributes have been set for them.

The key configuration of LSW1 is as follows:

#

ip ip-prefix 1 index 10 permit 10.1.1.0 24   //Define an IP prefix list to match the target route.

ip ip-prefix 2 index 10 permit 10.1.2.0 24

#

route-policy huawei permit node 10   //Set different Community attribute values for different routes.

 if-match ip-prefix 1

 apply community 100:1

#

route-policy huawei permit node 20

 if-match ip-prefix 2

 apply community 100:2

#

route-policy huawei permit node 30    //Permit all remaining routes.

#

bgp 100

 router-id 1.1.1.1

 peer 192.168.12.2 as-number 200

 #

 ipv4-family unicast

  undo synchronization

  network 10.1.1.0 255.255.255.0 route-policy huawei

  network 10.1.2.0 255.255.255.0 route-policy huawei

  peer 192.168.12.2 enable

  peer 192.168.12.2 advertise-community 

#

l   Method 2: Invoke a route-policy using the peer command.

When routes are advertised using the network command, no route-policy is used. When routes are advertised to a specified peer using the peer command, a route-policy is used. Before routes are advertised to the peer, they must be filtered against a route-policy. After the Community attribute is set for these routes, they are advertised to the peer.

The key configuration of LSW1 is as follows:

#

ip ip-prefix 1 index 10 permit 10.1.1.0 24   //Define an IP prefix list to match the target route.

ip ip-prefix 2 index 10 permit 10.1.2.0 24

#

route-policy huawei permit node 10   //Set different Community attribute values for different routes.

 if-match ip-prefix 1

 apply community 100:1

#

route-policy huawei permit node 20

 if-match ip-prefix 2

 apply community 100:2

#

route-policy huawei permit node 30    //Permit all remaining routes.

#

bgp 100

 router-id 1.1.1.1

 peer 192.168.12.2 as-number 200

 #

 ipv4-family unicast

  undo synchronization

  network 10.1.1.0 255.255.255.0

  network 10.1.2.0 255.255.255.0

  peer 192.168.12.2 enable

  peer 192.168.12.2 route-policy huawei export

  peer 192.168.12.2 advertise-community

#

Verification

Although the preceding two configuration methods are different, both of them can set Community attributes 100:1 and 100:2 for the routes 10.1.1.0/24 and 10.1.2.0/24 respectively. After the preceding configurations are complete, check the BGP routing table of LSW2. The following command output shows that the preceding requirement has been met.

[LSW2] display bgp routing-table community  

 

 BGP Local router ID is 2.2.2.2

 Status codes: * - valid, > - best, d - damped,

               h - history,  i - internal, s - suppressed, S - Stale

               Origin : i - IGP, e - EGP, ? - incomplete

 

 

 Total Number of Routes: 2

      Network            NextHop        MED        LocPrf    PrefVal Community

 

 *>   10.1.1.0/24        192.168.12.1    0                     0      <100:1>

 *>   10.1.2.0/24        192.168.12.1    0                     0      <100:2>

Compared with other routing protocols, BGP has more commands in which a route-policy can be used. The following commands are commonly used to invoke a route-policy:

l   network

l   peer

l   import-route

l   dampening

The preceding examples describe only the methods to invoke a route-policy using the network and peer commands.

BGP route attributes can be used to control BGP routes. BGP provides various route attributes, including AS_Path filter and Community filter.

For more details, click the following hyperlink:

1 Routing Policy

Describes various tools used in routing policy and invoking between these tools.

2 Route-Policy

Describes the components, matching rules, and applications of route-policy.

3 IP Prefix List

Describes how to use an IP prefix list and differences between it and ACL.

4 Filter-Policy

Describes filter-policy principles and applications.

5 BGP Routing Policy (1)

Describes applications of IP prefix list, filter-policy, and route-policy in BGP.

6 BGP Routing Policy (2)

Describes applications of AS_Path filter and Community attribute in BGP.

Collection of Chapters 1 Through 6 (Click Here to Download the PDF Document)

Provides the collection of the preceding chapters.

 

 

This post was last edited by 交换机在江湖 at 2017-03-22 11:40.
  • x
  • convention:

Created Mar 22, 2017 13:40:00 Helpful(0) Helpful(0)

thank you
  • x
  • convention:

MVE Created Apr 7, 2018 23:10:51 Helpful(0) Helpful(0)

useful document, thanks
  • x
  • convention:

Telecommunications%20Engineer%2C%20currently%20senior%20project%20manager%20of%20the%20radio%20access%20network%20and%20partner%20of%20Huawei%20de%20Tunisia.

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top