peer filter-policy

Use peer filter-policy to filter routes advertised to or received from a peer or peer group by using an ACL.

Use undo peer filter-policy to remove the ACL specified to filter routes advertised to or received from a peer or peer group.

Syntax

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv4 multicast address family view:

peer { group-name | ipv4-address [ mask-length ] } filter-policy [ ipv4-acl-number ] { export | import }

undo peer { group-name | ipv4-address [ mask-length ] } filter-policy [ ipv4-acl-number ] { export | import }

In BGP IPv6 unicast address family view:

peer { group-name | ipv6-address [ prefix-length ] } filter-policy [ ipv6-acl-number ] { export | import }

undo peer { group-name | ipv6-address [ prefix-length ] } filter-policy [ ipv6-acl-number ] { export | import }

In BGP-VPN IPv6 unicast address family view/BGP IPv6 multicast address family view:

peer { group-name | ipv6-address [ prefix-length ] } filter-policy [ ipv6-acl-number ] { export | import }

undo peer { group-name | ipv6-address [ prefix-length ] } filter-policy [ ipv6-acl-number ] { export | import }

Default

No ACL-based filtering is configured.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP IPv4 multicast address family view

BGP IPv6 multicast address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command filters routes advertised to or received from all dynamic peers in the subnet by using an ACL.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command filters routes advertised to or received from all dynamic peers in the subnet by using an ACL.

ipv4-acl-number: Specifies an ACL by its number in the range of 2000 to 3999.

ipv6-acl-number: Specifies an IPv6 ACL by its number in the range of 2000 to 3999.

export: Filters routes advertised to the peer/peer group.

import: Filters routes received from the peer/peer group.

Usage guidelines

The specified ACL used by the peer filter-policy command must have been created with the acl command in system view. Otherwise, all routes can pass the ACL.

If you use a basic ACL (with a number from 2000 to 2999) configured with the rule [ rule-id ] { deny | permit } source source-address source-wildcard command, the command matches routes whose destination network addresses match the source-address source-wildcard argument without matching the masks of the destination addresses.

To use an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL using one of the following steps:

The source keyword specifies the destination address of a route and the destination keyword specifies the subnet mask of the destination address. For the mask configuration to take effect, specify a contiguous subnet mask.

Examples

# In BGP IPv4 unicast address family view, apply ACL 2000 to filter routes advertised to peer group test.

<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] peer test filter-policy 2000 export

Related commands

acl (ACL and QoS Command Reference)

filter-policy export

filter-policy import

peer as-path-acl

peer prefix-list

peer route-policy