Professional Documents
Culture Documents
www.huawei.com
Configuration sequence
− Matches the ACL rules according to their configuration
order
Automatic sequence
− Adopts the “depth-first” principle
− The “depth-first” principle matches the ACL statement
according to the longest match principle.
Route Route
1.1.1.1/32 1.1.1.1/32
acl number 2001
1.1.1.0/24 rule 0 permit source 1.1.0.0
0.0.255.255 1.1.1.0/24
1.1.0.0/16
1.1.0.0/16
1.0.0.0/8
Route Route
1.1.1.1/32
1.0.0.0/8
Route Route
1.1.1.1/32
1.1.1.1/32
1.1.2.1/32
acl number 2001
1.1.3.1/32 rule 0 permit source
1.1.1.0 0.0.254.255 1.1.3.1/32
1.1.4.1/32
1.1.5.1/32
1.1.5.1/32
1.1.6.1/32
Route Route
1.1.1.1/32
acl number 2001
1.1.1.1/32
rule 0 permit source 1.1.1.1 0
1.1.1.0/24 rule 1 deny source 1.1.1.0 0
rule 2 permit source 1.1.0.0 0.0.255.0
1.1.0.0/16 rule 3 deny
1.1.0.0/16
1.0.0.0/8
Route Route
1.1.1.1/32
1.0.0.0/8
Route Route
1.1.1.1/32
1.0.0.0/8
example
− To match all the AS-PATH attributes: ip as-path-filter 10
permit .*
− To match all the routes originated from AS100: ip as-path-
filter 10 permit _100$
− To match all the routes received from AS200: ip as-path-
filter 10 permit ^200_
The community list is used to represent and filter the BGP routers
according to the community attributes
There are basic and advanced community lists
When a route entry meets all the if-match clauses of a node, the
route is allowed to pass the filtering of the node and the apply
clause of the node is executed.
If it does not meet, the next node of the routing policy is tested
Deny mode
When a route entry does not meet all the if-match clauses of a
node, the route entry is not allowed to pass the filtering of the node,
and test is not performed at the next node