PLANET XGS3-24042 User Manual
Page 274
34-3
To achieve routing policy, first we have to define the characteristics of the routing messages to be applied with
routing policies, namely define a group matching rules. We can configure by different properties in the routing
messages such as destination address, the router address publishing the routing messages. The matching
rules can be previously configured to be applied in the routing publishing, receiving and distributing policies.
Five filters are provided in switch: route-map, acl, as-path, community-list and ip-prefix for use. We will
introduce each filter in following sections:
1. route-map
For matching certain properties of the specified routing information and setting some routing propertities
when the conditions are fulfilled.
Route-map is for controlling and changing the routing messages while also controlling the redistribution
among routes. A route-map consists of a series of match and set commands in which the match command
specifies the conditions required matching, and the set command specifies the actions to be taken when
matches. The route-map is also for controlling route publishing among different route process. It can also
used on policy routing which select different routes for the messages other than the shortest route.
A group matches and set clauses make up a node. A route-map may consist of several nodes each of
which is a unit for matching test. We match among nodes with by sequence-number. Match clauses define
matching rules. The matching objects are some properties of routing messages. Different match clause in
the same node is “and” relation logically, which means the matching test of a node, will not be passed until
conditions in its entire match clause are matched. Set clause specifies actions, namely configure some
properties of routing messages after the matching test is passed.
Different nodes in a route-map is an “or” relation logically. The system checks each node of the route-map
in turn and once certain node test is passed the route-map test will be passed without taking the next node
test.
2. access control list(acl)
ACL (Access Control Lists) is a data packet filter mechanism in the switch. The switch controls the network
access and secure the network service by permitting or denying certain data packet transmtting out from or
into the network. Users can establish a group of rules by certain messages in the packet, in which each rule
to be applied on certain amount of matching messages: permit or deny. The users can apply these rules to
the entrance or exit of specified switch, with which data stream in certain direction on certain port would
have to follow the specified ACL rules in-and-out the switch. Please refer to chapter “ACL Configuration”.
3. Ip-prefix list
The ip-prefix list acts similarly to acl while more flexible and more understandable. The match object of
ip-prefix is the destination address messages field of routing messages when applied in routing messages
filtering.
An ip-prefix is identified by prefix list name. Each prefix list may contain multiple items, each of which
specifies a matching range of a network prefix type and identifies with a sequence-number which specifies
the matching check order of ip-prefix.
In the process of matching, the switch check each items identified by sequence-number in ascending order
and the filter will be passed once certain items is matched( without checking rest items)
4. Autonomic system path information access-list as-path
The autonomic system path information access-list as-path is only used in BGP. In the BGP routing
messages packet there is an autonomic system path field (in which autonomic system path the routing
messages passes through is recorded). As-path is specially for specifying matching conditions for