HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

501

502

503

504

505

506

507

508

509

510

486

{ Use routing policy, ACL, AS path list, or IP prefix list to filter routing information received by the

specified peer or peer group.

If several filtering policies are configured, they are applied in the following sequence:

a. filter-policy import

b. peer filter-policy import

c. peer as-path-acl import

d. peer ip-prefix import

e. peer route-policy import

Only routes passing all the configured policies can be received.

To configure BGP route reception filtering policies:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter BGP view or

BGP-VPN instance

view.

• Enter BGP view:

bgp as-number

• Enter BGP-VPN instance view:

a. bgp as-number

b. ipv4-family vpn-instance vpn-instance-name

Use either method.

3. Configure BGP

route reception

filtering policies.

• Reference an ACL or IP prefix list to filter incoming

routes from all peers :

filter-policy { acl-number | ip-prefix

ip-prefix-name } import

• Reference a routing policy to filter routing

information from a peer or peer group:

peer { group-name | ip-address } route-policy

route-policy-name import

• Reference an ACL to filter routing information from

a peer or peer group:

peer { group-name | ip-address } filter-policy

acl-number import

• Reference an AS path list to filter routing

information from a peer or peer group:

peer { group-name | ip-address } as-path-acl

as-path-acl-number import

• Reference an IP prefix list to filter routing

information from a peer or peer group:

peer { group-name | ip-address } ip-prefix

ip-prefix-name import

Use at least one

method.

By default, no route

reception filtering is

configured.

Enabling BGP and IGP route synchronization

Enable BGP and IGP route synchronization in an AS to avoid giving wrong directions to routers.

By default, upon receiving an IBGP route, a BGP router checks the route's next hop. If the next hop is

reachable, the BGP router advertises the route to EBGP peers. If a non-BGP router works in an AS, it can

discard a packet due to an unreachable destination. As shown in Figure 293,

Router E has learned a

route of

8.0.0.0/8 from Router D through BGP. Router E then sends a packet to 8.0.0.0/8 through Router

D, which finds from its routing table that Router B is the next hop (configured using the peer

next-hop-local command). Because Router D has learned the route to Router B through IGP, Router D