Got it

Routing Policy Configuration - Routing Policy Implementation

Latest reply: Jul 31, 2021 04:04:11 242 21 19 0 2

FILTERS


A filter is the core of a routing policy and is used to define a set of matching rules. The switch provides the filters listed in Table 1.


FilterApplicable ScopeMatching Rules
Access control list (ACL)Dynamic routing protocolsInbound interface, source or destination IP address, protocol type, and source or destination port number
IP prefix listDynamic routing protocolsSource and destination IP addresses and next hop address
AS_Path filterBGPAS_Path attribute
Community filterBGPCommunity attribute
Extcommunity filterVPNExtended community attribute
Route distinguisher (RD) filterVPNRD attribute
Route-policyDynamic routing protocolsDestination IP address, next-hop address, cost, interface information, route type, ACL, IP prefix list, AS_Path filter, community filter, extcommunity filter, and RD filter

Table 1 - Comparisons between filters


The ACL, IP prefix list, AS_Path filter, community filter, extcommunity filter, and RD filter can be used only to filter routes but not modify attributes of filtered routes. A route-policy is a comprehensive filter, and it can use the matching rules of the ACL, IP prefix list, AS_Path filter, community filter, extcommunity filter, and RD filter to filter routes. In addition, attributes of filtered routes can be modified using the route-policy.


ACL


An ACL is a set of sequential filtering rules. Users can define rules based on packet information, such as inbound interfaces, source or destination IP addresses, protocol types, and source or destination port numbers, and specify an action to deny or permit packets. After an ACL is configured, the system classifies received packets based on the rules defined in the ACL and denies or permits the packets accordingly.


An ACL only classifies packets based on defined rules and can be used to filter packets only when it is applied to a routing policy.


ACLs can be configured for both IPv4 packets and IPv6 packets. Users can specify the IP address and subnet address range in an ACL to match the source IP address, destination network segment address, or next-hop address of a route.


IP PREFIX LIST


An IP prefix list contains a group of route filtering rules. Users can specify the prefix and mask length range to match the destination network segment address or next-hop address of a route. An IP prefix list is used to filter routes that are advertised and received by dynamic routing protocols.


An IP prefix list is easier to configure and more flexible than an ACL. However, if a large number of routes with different prefixes need to be filtered, it is complex to configure an IP prefix list to filter these routes.


IP prefix lists can be configured for both IPv4 routes and IPv6 routes, and these IP prefix lists share the same implementation process. An IP prefix list filters routes based on the mask length or mask length range.


  • Mask length: An IP prefix list filters routes based on IP address prefixes. An IP address prefix is defined by an IP address and a mask length. For example, for the route to 10.1.1.1/16, the mask length is 16 bits, and the valid prefix is 16 bits (10.1.0.0).


  • Mask length range: If routes have the same IP address prefix but different masks, the prefix mask length range can be specified for exact match or for matching routes within the specified mask length range.


download?uuid=dbdd04827788445d80aff557f82f3efb
0.0.0.0 is a wildcard address. If the IP prefix is 0.0.0.0, either a mask or a mask length range can be specified following the prefix:
  • If a mask is specified, all routes with this mask are permitted or denied.

  • If a mask length range is specified, all routes with the mask length in this range are permitted or denied.

AS_PATH FILTER

An AS_Path filter is used to filter BGP routes based on AS_Path attributes contained in BGP routes. The AS_Path attribute records numbers of all ASs that a BGP route passes through from the local end to the destination in the distance-vector (DV) order. Therefore, filtering rules defined based on AS_Path attributes can be used to filter BGP routes. The matching condition of an AS_Path filter is specified using a regular expression. For example, ^30 indicates that only the AS_Path attribute starting with 30 is matched.


COMMUNITY FILTER


A community filter is used to filter BGP routes based on the community attributes contained in BGP routes. The community attribute is a set of destination addresses with the same characteristics. Therefore, filtering rules defined based on community attributes can be used to filter BGP routes.


In addition to well-known community attributes, users can define community attributes using digits. The matching condition of a community filter can be specified using a community ID or regular expression.


EXTCOMMUNITY FILTER


An extcommunity filter is used to filter BGP routes based on extended community attributes. BGP extended community attributes are classified into two types:


  • VPN target: A VPN target controls route learning between VPN instances, isolating routes of VPN instances. A VPN target may be either an import or export VPN target. Before advertising a Virtual Private Network version 4 (VPNv4) or Virtual Private Network version 6 (VPNv6) route to a remote Multi-protocol Extensions for Border Gateway Protocol (MP-BGP) peer, a PE adds an export VPN target to the route. After receiving a VPNv4 or VPNv6 route, the remote MP-BGP peer compares the received export VPN target with the local import VPN target to determine which routes can be added to the routing table of the local VPN instance.


  • Site-of-Origin (SoO): If multiple CEs at a VPN site are connected to different PEs, the routes advertised from the CEs to the PEs may be re-advertised to this VPN site after the routes have traversed the backbone network. This may cause routing loops within the VPN site. To prevent routing loops, you can configure an SoO attribute to differentiate routes advertised from different VPN sites.


RD FILTER


An RD filter is used to filter BGP routes based on RDs in VPN routes. RDs are used to distinguish IPv4 and IPv6 prefixes in the same address segment in VPN instances. RD filters specify matching rules regarding RD attributes.


ROUTE-POLICY


A route-policy is a complex filter. It is used to match attributes of specified routes and change route attributes when specific conditions are met. A route-policy can use the preceding six filters to define its matching rules.


INVOKING BETWEEN TOOLS IN ROUTING POLICY


In applications, to control routes, tools used in routing policy must be used together. Figure 1 shows invoking between these tools.


01

Figure 1 - Invoking between tools in routing policy

 

In Figure 1, all the tools used in routing policy are classified into the following types:


  • Conditional tool: captures required routes.

  • Policy tool: performs an action on the captured routes, for example, permit, deny, and modify attributes.

  • Invoking tool: applies a routing policy to a specific routing protocol to make the routing policy to take effect.


download?uuid=dbdd04827788445d80aff557f82f3efb

Among the invoking tools, filter-policy and peer have the policy tool function, so they can directly invoke conditional tools. Other invoking tools must invoke conditional tools through route-policy.


The invoking tool, peer, can invoke all conditional tools except ACL.


Reference:


support.huawei.com





  • x
  • convention:

Kevin_Thomas
Moderator Created Jul 27, 2021 04:39:37

Great Share Anderson! Keep up the good work!
View more
  • x
  • convention:

andersoncf1
andersoncf1 Created Jul 27, 2021 18:27:32 (0) (0)
thanks my friend  
wissal
MVE Created Jul 27, 2021 09:36:17

Excellent sharing
View more
  • x
  • convention:

shakeela
shakeela Created Jul 27, 2021 16:17:44 (0) (0)
 
andersoncf1
andersoncf1 Created Jul 27, 2021 18:27:44 (0) (0)
thanks master  
IndianKid
Moderator Author Created Jul 27, 2021 09:44:24

Thanks ANderson. Very useful and informative.
View more
  • x
  • convention:

andersoncf1
andersoncf1 Created Jul 27, 2021 23:28:19 (0) (0)
welcome Bro  
shakeela
Created Jul 27, 2021 16:17:36

Thanks for sharing
View more
  • x
  • convention:

hemin88
Moderator Created Jul 27, 2021 16:32:02

Well explained, thank you friend
View more
  • x
  • convention:

BAZ
BAZ Created Jul 27, 2021 19:22:06 (0) (0)
indeed  
Vlada85
MVE Author Created Jul 27, 2021 17:29:41

Good!
View more
  • x
  • convention:

carlosalcosta
Created Jul 27, 2021 18:31:12

Awesome! Thanks for sharing
View more
  • x
  • convention:

BAZ
MVE Author Created Jul 27, 2021 19:21:52

looking for it..... thanks buddy
View more
  • x
  • convention:

victorrocha
Created Jul 27, 2021 19:54:15

Thanks for sharing
View more
  • x
  • convention:

Serges_armel
Serges_armel Created Jul 31, 2021 04:03:38 (0) (0)
 
12
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.