H3C Technologies H3C SecPath F1000-E User Manual
Page 954
929
# Inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 on SecPath B.
[SecPathB-bgp] network 7.7.7.7 24
[SecPathB-bgp] network 8.8.8.8 24
[SecPathB-bgp] network 9.9.9.9 24
# Display the BGP routing table information of SecPath D.
[SecPathD-bgp] display bgp routing-table
Total Number of Routes: 6
BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 4.4.4.0/24 1.1.3.1 0 300 100i
*> 5.5.5.0/24 1.1.3.1 0 300 100i
*> 6.6.6.0/24 1.1.3.1 0 300 100i
*> 7.7.7.0/24 1.1.3.1 0 300 200i
*> 8.8.8.0/24 1.1.3.1 0 300 200i
*> 9.9.9.0/24 1.1.3.1 0 300 200i
The routing table information above shows that SecPath D has learned routes 4.4.4.0/24,
5.5.5.0/24, and 6.6.6.0/24 from AS 100 and 7.7.7.0/24, 8.8.8.0/24, and 9.9.9.0/24 from
AS 200.
3.
Configure SecPath D to reject the routes from AS 200:
# Configure AS-PATH list 1.
[SecPathD] ip as-path 1 permit .*200.*
# Create routing policy rt1 with node 1, and specify the match mode as deny to deny routes from
AS 200.
[SecPathD] route-policy rt1 deny node 1
[SecPathD-route-policy] if-match as-path 1
[SecPathD-route-policy] quit
# Create routing policy rt1 with node 10, and specify the match mode as permit to permit routes
from other ASs.
[SecPathD] route-policy rt1 permit node 10
[SecPathD-route-policy] quit
# On SecPath D, specify routing policy rt1 to filter routes received from peer 1.1.3.1.
[SecPathD] bgp 400
[SecPathD-bgp] peer 1.1.3.1 route-policy rt1 import
# Display the BGP routing table information of SecPath D.
[SecPathD-bgp] display bgp routing-table
Total Number of Routes: 3
BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale