HP VPN Firewall Appliances Network Management Configuration Guide
938
[RouterC-bgp] peer 1.1.1.1 as-number 100
[RouterC-bgp] peer 1.1.2.1 as-number 200
[RouterC-bgp] peer 1.1.3.2 as-number 400
# Configure Firewall.
<Firewall> system-view
[Firewall] bgp 400
[Firewall-bgp] router-id 4.4.4.4
[Firewall-bgp] peer 1.1.3.1 as-number 300
[Firewall-bgp] quit
# Inject routes 4.4.4.4/24, 5.5.5.5/24, and 6.6.6.6/24 on Router A.
[RouterA-bgp] network 4.4.4.4 24
[RouterA-bgp] network 5.5.5.5 24
[RouterA-bgp] network 6.6.6.6 24
# Inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 on Router B.
[RouterB-bgp] network 7.7.7.7 24
[RouterB-bgp] network 8.8.8.8 24
[RouterB-bgp] network 9.9.9.9 24
# Display the BGP routing table on Firewall.
[Firewall-bgp] display bgp routing-table
Total Number of Routes: 6
BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 4.4.4.0/24 1.1.3.1 0 300 100i
*> 5.5.5.0/24 1.1.3.1 0 300 100i
*> 6.6.6.0/24 1.1.3.1 0 300 100i
*> 7.7.7.0/24 1.1.3.1 0 300 200i
*> 8.8.8.0/24 1.1.3.1 0 300 200i
*> 9.9.9.0/24 1.1.3.1 0 300 200i
The output shows that Firewall has learned routes 4.4.4.0/24, 5.5.5.0/24, and 6.6.6.0/24 from
AS 100 and 7.7.7.0/24, 8.8.8.0/24, and 9.9.9.0/24 from AS 200.
3. Configure Firewall to reject the routes from AS 200:
# Configure AS path list 1.
[Firewall] ip as-path 1 permit .*200.*
# Create routing policy rt1 with node 1, and specify the match mode as deny to deny routes from
AS 200.
[Firewall] route-policy rt1 deny node 1
[Firewall-route-policy] if-match as-path 1
[Firewall-route-policy] quit
# Create routing policy rt1 with node 10, and specify the match mode as permit to permit routes
from other ASs.
[Firewall] route-policy rt1 permit node 10