filter-policy export
Use filter-policy export to filter advertised BGP routes.
Use undo filter-policy export to remove the route filter.
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv4 multicast address family view:
filter-policy { ipv4-acl-number | prefix-list ipv4-prefix-list-name } export [ protocol process-id ]
undo filter-policy export [ protocol process-id ]
In BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view/BGP IPv6 multicast address family view:
filter-policy { ipv6-acl-number | prefix-list ipv6-prefix-list-name } export [ protocol process-id ]
undo filter-policy export [ protocol process-id ]
Default
Advertised BGP routes are not filtered.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
Predefined user roles
network-admin
Parameters
ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 3999, to match routes by destination.
ipv6-acl-number: Specifies an IPv6 ACL by its number in the range of 2000 to 3999, to match routes by destination.
prefix-list ipv4-prefix-list-name: Specifies an IPv4 prefix list by its name, a case-sensitive string of 1 to 63 characters, to match routes by destination.
prefix-list ipv6-prefix-list-name: Specifies an IPv6 prefix list by its name, a case-sensitive string of 1 to 63 characters, to match routes by destination.
protocol: Filters routes redistributed from the routing protocol.
process-id: Specifies a routing protocol by its ID in the range of 1 to 65535. For IPv4 routes, this argument is available only when the protocol is isis, ospf, or rip. For IPv6 routes, this argument is available only when the protocol is isisv6, ospfv3, or ripng.
Usage guidelines
If you specify a protocol (such as direct and isis), this command filters only routes redistributed from the specified protocol. If you do not specify a protocol, this command filters all advertised routes, including the following routes:
Redistributed from IGP.
Injected by the network command.
Learned from BGP peers.
If you use a basic ACL (with a number from 2000 to 2999) configured with the rule [ rule-id ] { deny | permit } source source-address source-wildcard command, the command matches routes whose destination network addresses match the source-address source-wildcard argument. However, it does not match the masks of the destination addresses.
To use an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL using one of the following steps:
To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard command.
To deny/permit a route with the specified destination and mask, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command.
The source keyword specifies the destination address of a route and the destination keyword specifies the subnet mask of the destination address. For the mask configuration to take effect, specify a contiguous subnet mask.
Examples
# In BGP IPv4 unicast address family view, use IPv4 basic ACL 2000 to filter advertised BGP IPv4 routes.
<Sysname> system-view [Sysname] bgp 100 [Sysname-bgp-default] address-family ipv4 unicast [Sysname-bgp-default-ipv4] filter-policy 2000 export
Related commands
filter-policy import
peer as-path-acl
peer filter-policy
peer prefix-list
peer route-policy