480CHAPTER 31: CONFIGURING IP ROUTING POLICY

Routing Policy A routing policy matches attributes of the given routing information and sets some attributes of the routing information when the conditions are matched. A routing policy contains several "if-match" clauses and "apply" clauses. The "if-match" clauses specify the matching conditions. The "apply" clauses specify the configuration commands that are executed when the filtering conditions specified by if-match clauses are satisfied.

Access List An access list can be divided into a standard access list and an extended access list. The standard access list is usually used for filtering routing information. When you define an access list, you need to specify the network segment range of an IP address, to match the destination network segment address or next hop address of the routing information and to filter the routing information not satisfying the conditions. If an extended access list is used, only the source address matching field is used to match the destination network segment of the routing information, while the IP address range used to match packet destination address specified in the extended access list should be ignored.

Prefix-listPrefix-list functions are similar to the functions of an access list, which may not be easily understood when used for routing information filtering, because it is in the format of packet filtering. ip ip-prefixis more flexible and comprehensible.

When applied to routing information filtering, its matching object is the destination address information of the routing information. It can also be directly used to the router object (gateway), so that the local routing protocol can only receive the routing information distributed by specific routers. The addresses of these filters must be filtered by prefix-list. In this case, the matching object of ip ip-prefixis the source address of the IP header of the route packet.

A prefix-list is identified with the list name and consists of several parts, with sequence-numberspecifying the matching order of these parts. In each part, you can specify a matching range in the form of the network prefix. Different parts of different sequence-numbersare matched using Boolean “OR” operations. When the routing information matches a specific part of prefix-list, it is considered successfully filtered through the prefix-list.

Aspath-listAspath-list is only used for the BGP protocol. There is an aspath field in the routing information packet of the BGP protocol. When the BGP protocol operates with the switching routing information, the path of the routing information crossing the AS is recorded in this field. Aspath-list is identified with aspath-list-number.When defining aspath-list, you can specify an aspath regular expression to match the aspath field in the routing information. You can use aspath-list to match the aspath field in the BGP routing information, and filter information that does not satisfy the conditions. Each list number can be defined with multiple aspath-lists, because one list number represents a group of aspath-lists. The matching process for acl-numbers uses Boolean “OR” operations, so a match with any one of the list is considered successful filtering of the routing information through the aspath list identified with this list number.

The definition of access-path-listis implemented in the BGP configuration. See the description of the ip as-path acl command in “Define an AS Path-list entry”.

Community-listCommunity-list is only used for the BGP protocol. In the routing information packet of the BGP protocol, there is a community attribute field, used to identify a

Page 484
Image 484
3Com 10014299 manual Configuring IP Routing Policy