R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

341

342

343

344

345

346

347

348

349

350

336

To do… Use the command…

Remarks

Filter incoming routes with an ACL

or IP prefix list

filter-policy { acl-number |

ip-prefix ip-prefix-name } import

Required

Configure at least one command.

Not configured by default.

You can configure a filtering policy

as needed.

If several filtering policies are

configured, they are applied in the

following sequence:

• filter-policy import

• peer filter-policy import

• peer as-path-acl import

• peer ip-prefix import

• peer route-policy import

Only routes passing the first policy,

can they go to the next, and only

routes passing all the configured

policies, can they be received.

Reference a routing policy to filter

routes from a peer/peer group

peer { group-name | ip-address }

route-policy route-policy-name

import

Reference an ACL to filter routing

information from a peer/peer

group

peer { group-name | ip-address }

filter-policy acl-number import

Reference an AS path ACL to filter

routing information from a

peer/peer group

peer { group-name | ip-address }

as-path-acl as-path-acl-number

import

Reference an IP prefix list to filter

routing information from a

peer/peer group

peer { group-name | ip-address }

ip-prefix ip-prefix-name import

Enabling BGP and IGP route synchronization

By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next

hop before advertisement. With BGP and IGP synchronization enabled, the BGP router cannot advertise

the iBGP route to eBGP peers unless the route is also available in the IGP routing table.

Follow these steps to enable BGP and IGP synchronization:

To do… Use the command…

Remarks

Enter system view system-view

—

Enter BGP view bgp as-number

—

Enable synchronization between

BGP and IGP

synchronization

Required

Not enabled by default

Limiting prefixes received from a peer/peer group

Follow these steps to configure the maximum number of prefixes allowed to be received from a

peer/peer group:

To do… Use the command… Remarks

Enter system view system-view

—

Enter BGP view bgp as-number

—

Specify the maximum number of prefixes that can be

received from a peer/peer group.

If the number is reached, the router breaks down the BGP

connection to the peer.

peer { group-name |

ip-address } route-limit

prefix-number

[ percentage-value ]

Required

Use one of the

commands.

No limit is

configured by

default.

Specify the maximum number of prefixes that can be

received from a peer/peer group.

If the number is reached, the router outputs alert information

but does not break down the BGP connection to the peer.

peer { group-name |

ip-address } route-limit

prefix-number alert-only

[ percentage-value ]