Routing Selection Tools

www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

 Before implementing policy defined
manually, we should first find out the
object, we can use route selection tools.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 2

 Upon completion of this course, you will be
able to:
 Understand various route selection
tools and their functions

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 3

 Route selection tools

 Access control list（ACL）

 Used to match the routing information or the address of the packets,
and filter illegible routing information or packets
 Prefix-list
 Used to match the destination addresses of the routing information or
directly network on the gateway
 AS-path-filter
 Used for the BGP only to match the autonomous system path of the
BGP routing information
 Community-filter
 Used for the BGP only to match the autonomous system community
of the BGP routing information
 Route-policy
 Used to set the matching conditions after attribute matching,
composed of the if-match and apply clauses

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 4

 Access control list

 An ACL includes a group of rules consisting of rule { deny |

permit } statements. The rules are described by a
combination of source address, destination address and
port number of data packets.
 Based on application purpose, ACL is categorized into three
types:
 Basic ACL, value ranges :2000 to 2999
 Advanced ACL, value ranges: 3000 to 3999
 Interface-based ACL, value ranges:1000 to 1999
 MAC Address ACL, value ranges: 4000 to 4999

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 5

 Match orders of ACL

 Two kinds of match orders ：

Configuration sequence
− Matches the ACL rules according to their configuration
order

Automatic sequence
− Adopts the “depth-first” principle
− The “depth-first” principle matches the ACL statement
according to the longest match principle.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 6

 ACL example (1)

Route Route

1.1.1.1/32 1.1.1.1/32
acl number 2001
1.1.1.0/24 rule 0 permit source 1.1.0.0
0.0.255.255 1.1.1.0/24
1.1.0.0/16

1.1.0.0/16
1.0.0.0/8

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 7

 ACL example (2)

Route Route

1.1.1.1/32

1.1.1.0/24 acl number 2001

rule 0 permit source 1.1.0.0 0 1.1.0.0/16
1.1.0.0/16

1.0.0.0/8

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 8

 ACL example (3)

Route Route

1.1.1.1/32
1.1.1.1/32
1.1.2.1/32
acl number 2001
1.1.3.1/32 rule 0 permit source
1.1.1.0 0.0.254.255 1.1.3.1/32
1.1.4.1/32

1.1.5.1/32
1.1.5.1/32
1.1.6.1/32

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 9

 ACL example (4)

Route Route

1.1.1.1/32
acl number 2001
1.1.1.1/32
rule 0 permit source 1.1.1.1 0
1.1.1.0/24 rule 1 deny source 1.1.1.0 0
rule 2 permit source 1.1.0.0 0.0.255.0
1.1.0.0/16 rule 3 deny
1.1.0.0/16
1.0.0.0/8

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 10

 ACL example (5)

Route Route

1.1.1.1/32

1.1.1.0/24 acl number 2001

1.1.1.0/25 rule 0 permit source 1.1.1.0 0 1.1.1.0/24
1.1.1.0/25
1.1.0.0/16

1.0.0.0/8

How to filter 1.1.1.0/25 ?

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 11

 Prefix-list

 Used to filter IP prefix according prefix number and prefix of length

 Prefix-list has better capability than ACL

 Prefix-list can not filter data packets

 Example: ip ip-prefix test index 10 permit 10.0.0.0 16 greater-

equal 24 less-equal 28
 Prefix number must be 10.0
 24<=prefix length <=28
 Such as:10.0.1.0/24, 10.0.2.0/25, 10.0.2.192/26

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 12

 Prefix-list example

Route Route

1.1.1.1/32

1.1.1.0/24 ip ip-prefix Pref1 index 10

permit 1.1.1.0 24
1.1.1.0/25 greater-equal 24 less-equal 24 1.1.1.0/24
1.1.0.0/16

1.0.0.0/8

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 13

 AS-Path-Filter

 AS-PATH list is used to filter the AS-PATH attribute of the

BGP
 AS-PATH attribute is defined with a regular expression

 example
− To match all the AS-PATH attributes: ip as-path-filter 10
permit .*
− To match all the routes originated from AS100: ip as-path-
filter 10 permit _100$
− To match all the routes received from AS200: ip as-path-
filter 10 permit ^200_

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 14

 AS-Path-Filter and regular expression
name symbol meaning

period . Match any single character

asterisk * Match 0 or more sequences in the mode
plus + Match 1 or more sequences in the mode
Question ? Match 0 or 1 mode appearance
mask
Padding ^ Match the start of the input character string
Dollar $ Match the end of the input character string
Underline _ Match the start and end of comma, parenthesis,
character string and space
Square [range] Indicate the range of single-character mode
Brackets
Hyphen - Separate end points of a range

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 15

 Community-filter

 The community list is used to represent and filter the BGP routers
according to the community attributes
 There are basic and advanced community lists

 The basic community lists: to match the actual community

attributes and constants
− ip community-filter 1 permit 100:1 100:2
− ip community-filter 1 permit 100:1
− ip community-filter 1 permit no-export
 The advanced community lists: can use regular expressions
− ip community-filter 100 permit ^10

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 16

 Route-policy

 One routing policy can have multiple nodes, different node

numbers are identified by seq-numbers. The various parts of
different seq-numbers are in OR relationship
 Each node can have multiple if-match and apply clauses, and
if-match clauses are in AND relationship
 The If-match clause can reference other filters

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 17

 Two modes of route-policy
 Permit mode

 When a route entry meets all the if-match clauses of a node, the
route is allowed to pass the filtering of the node and the apply
clause of the node is executed.
 If it does not meet, the next node of the routing policy is tested
 Deny mode

 When a route entry does not meet all the if-match clauses of a
node, the route entry is not allowed to pass the filtering of the node,
and test is not performed at the next node

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 18

 Route-policy

Network Cost NextHop acl number 2001

rule 0 permit source 1.1.3.0 0.0.0.255
1.1.2.0/24 4687 34.34.34.2
acl number 2002
4687 13.13.13.1
rule 0 permit source 13.13.13.1 0
1.1.3.0/24 4687 34.34.34.2
4687 13.13.13.1 route-policy RP deny node 10
1.1.3.0/25 1 34.34.34.2 if-match ip-prefix Pref1
1 13.13.13.1 route-policy RP permit node 20
5.5.5.5/32 4687 34.34.34.2 if-match ip-prefix Pref2
4687 13.13.13.1 route-policy RP permit node 30
6.6.6.6/32 4687 34.34.34.2 if-match acl 2001
4687 13.13.13.1 if-match ip next-hop acl 2002
apply cost 21
route-policy RP permit node 40
if-match ip-prefix Pref3
apply cost 11
Network Cost NextHop
route-policy RP permit node 50
1.1.3.0/24 4687 34.34.34.2 #
21 13.13.13.1 ip ip-prefix Pref1 index 10 permit 5.5.5.5 32
1.1.3.0/25 11 34.34.34.2 ip ip-prefix Pref1 index 20 permit 1.1.2.0 24
21 13.13.13.1 ip ip-prefix Pref2 index 10 deny 6.6.6.6 32
ip ip-prefix Pref3 index 10 permit 1.1.3.0 24
greater-equal 25 less-equal 25

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 19

 Summary

 This course mainly introduces the

route selection tools

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 20

Thank you
www.huawei.com