H3C Technologies H3C SecPath F1000-E User Manual

929

# Inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 on SecPath B.

[SecPathB-bgp] network 7.7.7.7 24

[SecPathB-bgp] network 8.8.8.8 24

[SecPathB-bgp] network 9.9.9.9 24

# Display the BGP routing table information of SecPath D.

[SecPathD-bgp] display bgp routing-table

Total Number of Routes: 6

BGP Local router ID is 4.4.4.4

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

*> 4.4.4.0/24 1.1.3.1 0 300 100i

*> 5.5.5.0/24 1.1.3.1 0 300 100i

*> 6.6.6.0/24 1.1.3.1 0 300 100i

*> 7.7.7.0/24 1.1.3.1 0 300 200i

*> 8.8.8.0/24 1.1.3.1 0 300 200i

*> 9.9.9.0/24 1.1.3.1 0 300 200i

The routing table information above shows that SecPath D has learned routes 4.4.4.0/24,
5.5.5.0/24, and 6.6.6.0/24 from AS 100 and 7.7.7.0/24, 8.8.8.0/24, and 9.9.9.0/24 from

AS 200.

3.

Configure SecPath D to reject the routes from AS 200:
# Configure AS-PATH list 1.

[SecPathD] ip as-path 1 permit .*200.*

# Create routing policy rt1 with node 1, and specify the match mode as deny to deny routes from

AS 200.

[SecPathD] route-policy rt1 deny node 1

[SecPathD-route-policy] if-match as-path 1

[SecPathD-route-policy] quit

# Create routing policy rt1 with node 10, and specify the match mode as permit to permit routes

from other ASs.

[SecPathD] route-policy rt1 permit node 10

[SecPathD-route-policy] quit

# On SecPath D, specify routing policy rt1 to filter routes received from peer 1.1.3.1.

[SecPathD] bgp 400

[SecPathD-bgp] peer 1.1.3.1 route-policy rt1 import

# Display the BGP routing table information of SecPath D.

[SecPathD-bgp] display bgp routing-table

Total Number of Routes: 3

BGP Local router ID is 4.4.4.4

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale