filter-policy export

Use filter-policy export to filter advertised BGP routes.

Use undo filter-policy export to remove the route filter.

Syntax

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv4 multicast address family view:

filter-policy { ipv4-acl-number | prefix-list ipv4-prefix-list-name } export [ protocol process-id ]

undo filter-policy export [ protocol process-id ]

In BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view/BGP IPv6 multicast address family view:

filter-policy { ipv6-acl-number | prefix-list ipv6-prefix-list-name } export [ protocol process-id ]

undo filter-policy export [ protocol process-id ]

Default

Advertised BGP routes are not filtered.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP IPv4 multicast address family view

BGP IPv6 multicast address family view

Predefined user roles

network-admin

Parameters

ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 3999, to match routes by destination.

ipv6-acl-number: Specifies an IPv6 ACL by its number in the range of 2000 to 3999, to match routes by destination.

prefix-list ipv4-prefix-list-name: Specifies an IPv4 prefix list by its name, a case-sensitive string of 1 to 63 characters, to match routes by destination.

prefix-list ipv6-prefix-list-name: Specifies an IPv6 prefix list by its name, a case-sensitive string of 1 to 63 characters, to match routes by destination.

protocol: Filters routes redistributed from the routing protocol.

process-id: Specifies a routing protocol by its ID in the range of 1 to 65535. For IPv4 routes, this argument is available only when the protocol is isis, ospf, or rip. For IPv6 routes, this argument is available only when the protocol is isisv6, ospfv3, or ripng.

Usage guidelines

If you specify a protocol (such as direct and isis), this command filters only routes redistributed from the specified protocol. If you do not specify a protocol, this command filters all advertised routes, including the following routes:

If you use a basic ACL (with a number from 2000 to 2999) configured with the rule [ rule-id ] { deny | permit } source source-address source-wildcard command, the command matches routes whose destination network addresses match the source-address source-wildcard argument. However, it does not match the masks of the destination addresses.

To use an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL using one of the following steps:

The source keyword specifies the destination address of a route and the destination keyword specifies the subnet mask of the destination address. For the mask configuration to take effect, specify a contiguous subnet mask.

Examples

# In BGP IPv4 unicast address family view, use IPv4 basic ACL 2000 to filter advertised BGP IPv4 routes.

<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] filter-policy 2000 export

Related commands

filter-policy import

peer as-path-acl

peer filter-policy

peer prefix-list

peer route-policy